WO2001040984A9 - Method and apparatus for risk management - Google Patents

Method and apparatus for risk management

Info

Publication number
WO2001040984A9
WO2001040984A9 PCT/US2000/032822 US0032822W WO0140984A9 WO 2001040984 A9 WO2001040984 A9 WO 2001040984A9 US 0032822 W US0032822 W US 0032822W WO 0140984 A9 WO0140984 A9 WO 0140984A9
Authority
WO
WIPO (PCT)
Prior art keywords
fee
risk
vat
user
database
Prior art date
Application number
PCT/US2000/032822
Other languages
French (fr)
Other versions
WO2001040984A1 (en
Inventor
Anthony Beverina
Bryan Ware
Original Assignee
Digital Sandbox Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Digital Sandbox Inc filed Critical Digital Sandbox Inc
Priority to AU19414/01A priority Critical patent/AU1941401A/en
Publication of WO2001040984A1 publication Critical patent/WO2001040984A1/en
Publication of WO2001040984A9 publication Critical patent/WO2001040984A9/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/08Insurance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • G06Q20/203Inventory monitoring
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Systems or methods specially adapted for specific business sectors, e.g. utilities or tourism
    • G06Q50/10Services
    • G06Q50/26Government or public services

Definitions

  • the invention is related to the management of risk in general and more particularly to an apparatus and method of managing risks associated with terrorism.
  • Risk can be defined as probability * vulnerability. Probability is the probability that an undesirable event will occur. Vulnerability is susceptibility to the event multiplied by the consequences associated with that event.
  • Managing risk involves the process of determining the risk and taking steps to decrease the risk by decreasing the probability or vulnerability, or both. Managing risk is an important task faced by people in many different situations. Insurance companies and financial planners manage risk to capital when deciding when to insure and what stocks on bonds to include in a portfolio. Homeowners manage risk when deciding whether to purchase a burglar alarm system. One particularly important form of risk management is terrorism prevention.
  • Terrorism is a world-wide problem.
  • many in the United States associate terrorism with certain Arabian and/or Islamic nations and view the threat, of terrorism from this limited framework.
  • terrorism is not limited to any particular nation, religion, political system, or ideology.
  • One problem faced by those with responsibility for assessing the threat of terrorism and its prevention is the lack of suitable tools to help them perform their tasks.
  • Known tools generally fall into one of two categories: a) terrorist attack damage assessors; and b) terrorist attack likelihood predictors (i.e., probability calculators).
  • the first type of tool, terrorist attack damage assessors i.e., consequence calculators
  • terrorist attack damage assessors are generally computer based.
  • programs such as these provide no guidance as to the likelihood that the attack will succeed (the accessability), the likely location of an attack (e.g., the front or rear of the building, which building, etc., the type of weapon (explosive, chemical, biological or radiological) likely to be used, and how to prevent or at least minimize the occurrence of the attack in the first place.
  • the second type of tool terrorist attack likelihood predictors
  • the form of the tool is generally a series of questions such as "Do you have any nuclear material at your facility?", "Are you located in an urban, suburban or rural area? And “Are you a military or civilian installation?” These questionnaires award a certain number of points based on each answer and base the likelihood of terrorist attack on the total number of points.
  • These tools also suffer from several serious drawbacks. While they may tell you that an attack is likely, they provide no guidance as to the nature of the attack and how to prevent it, provide no indication as to whether the attack will be successful, and provide no indication of the consequence of a successful attack.
  • Plan changes to the plan may also become necessary because the site has expanded, or because of changes to the physical surroundings (e.g., new developments have been built in close proximity to a site previously surrounded by woods). Plan changes are also necessitated by the frequent changes to AT/FP doctrine, enunciated in sources such as DoD 2000.16, the Joint Service Integrated Vulnerability Assessment (JSIVA) Team standard operating procedures, and the J34 Installation AT/FP Planning Template, due to the evolving nature of the threat and lessons learned from previous attacks.
  • JIVA Joint Service Integrated Vulnerability Assessment
  • the integrated risk management tool uses a persistent object database to store information about actors (individuals and/or groups), physical surroundings, historical events and other information.
  • the risk management tool also includes a decision support system that uses data objects from the database and advanced decision theory techniques, such as Bayesian Networks, to infer the relative risk of an undesirable event.
  • advanced decision theory techniques such as Bayesian Networks
  • the tool uses a simulation and gaming environment in which artificially intelligent actors interact with the environment to determine susceptibility to the undesired event.
  • the tool includes an open "plug-in" architecture that allows the tool to interface with existing consequence calculators.
  • the tool also provides facilities for presenting data in a user-friendly manner as well as report generation facilities.
  • the invention takes the form of a software program that may be run on a personal computer or workstation that allows users to evaluate the risk of a terrorist attack at their site, determine their vulnerability to a terrorist attack, assess the damage caused by a successful terrorist attack, and select countermeasures to prevent terrorist attacks.
  • the program provides the user with importing, drawing and modeling tools to allow the user to quickly and easily build a model of the site of interest in both 2 and 3 dimensions.
  • simulation is performed to generate information about threat scenarios.
  • the simulation can be viewed by the user from whatever eye-point the user chooses. In the simulation, the user selects a weapons system and location for a terrorist attack, such as a car bomb at the rear of the building.
  • the simulation constructs and analyzes possible routes that the terrorist may take to reach the location, taking into consideration the site model and all site-specific information such as the existence of roads, car barriers, guard stations, hills, etc.
  • the simulation selects the most probable route and calculates the likelihood of success, or accessability.
  • the program will allow the user to modify the site model to add physical countermeasures (including hardening the target, denying access to the target, etc.) and re-run the simulation to determine the effectiveness of the countermeasures.
  • the system also provides an artificial intelligence risk assessment tool to help users manage risk.
  • the risk assessment tool determines relative risk based on the probability of an attack and the vulnerability of a site to an attack. Vulnerability is partially based on susceptibility, which in turn is partially based on the accessability as determined by the simulation described above; and partially based on a consequence calculation.
  • the use in highly preferred embodiments of physical modeling and physics - based accessability calculations from the 3D simulation/gaming environment in the calculation of relative risk is seen as a particularly advantageous embodiment of the invention.
  • the risk assessment tool is implemented using a Bayesian influence network. The network is based upon input from experts in the anti- terrorism field.
  • the program can also provide damage assessments to the user under the user's control - in other words, the consequence calculation portion of the problem can be used independently of the risk management process as a whole.
  • two built-in analysis tools 1) a first order blast-assessment tool; and 2) a first order downwind CBR hazard prediction tool.
  • the program is built on a plug-in model. That is, the program is designed to interface with industry standard programs so that the standard programs will accept input from the invention and return the desired information (e.g., blast effects). In this manner, the program incorporates improvements to these programs as they occur without the need to update the program code.
  • the user is allowed to specify a weapon system and delivery point, in response to which the system performs the damage calculations.
  • Preferred embodiments of the invention allow users to produce, view and print industry-standard reports as well as custom reports.
  • Planners can develop AT/FP site plans in a standard J34 Installation AT/FP Planning Template format.
  • Assessors can log observations and produce out-briefs and reports in JSIVA formats.
  • Highly, preferred embodiments of the invention produce custom reports in JSIVA formats. More highly, preferred embodiments of the invention produce custom reports with detailed data on risk and other items.
  • Preferred embodiments of the invention provide a theater-level information management system (TIMS 130) that allows senior commanders to view information pertaining to multiple sites under their command. Access to the data is provided through a web-accessible browser interface. Preferred embodiments of the present invention also include an editing tool that allows modification of the database, the GUI 202, and the output of the system.
  • TMS 130 theater-level information management system
  • Figure 1 is a schematic diagram of an automated vulnerability assessment tool comprising the VAT, the VAT Editor, and the TIMS, according to one embodiment of the present invention.
  • FIG. 2 is a block diagram of the architecture of the VAT of Figure 1.
  • Figure 3 is a view of a screen from a graphical user interface of the VAT according to a preferred embodiment of the invention.
  • FIG. 4 is a symbolic diagram showing contents of the VAT database.
  • Figure 5 is a diagram of a risk influence network according to a preferred embodiment of the invention.
  • Figure 6 is a symbolic diagram showing inputs to the VAT database.
  • Figure 7 is an exemplary illustration of a 3D builder screen.
  • Figure 8 is a view of screens generated by the GUI.
  • Figure 9 is a symbolic view of the plug-in architecture.
  • Figure 10 is a symbolic view of the report generation process.
  • FIG 11 is a schematic view of the interaction of the VAT Editor with other system components.
  • Figure 12 is a block diagram showing connection of the TIMS to remote i computers/terminals.
  • Figure 13 is a user/AVAT interconnection diagram.
  • Figure 14 is a review of a Planner Interface screen format.
  • Figure 15 is a review of the Risk Assessment Screen.
  • Figure 16 is a review of the Risk Summary Table Screen.
  • Figure 17 is a review of the "Probability of Attack” Screen.
  • Figure 18 is a review of the Risk Detail Screen.
  • Figure 19 is a view of the 3D Viewer Screen.
  • Figures 20 a-d are screen views illustrating the construction of a 3D object.
  • Figure 21 is a block diagram of the Approach Vector Process.
  • Figure 22 is a flow diagram of the Risk Management Process.
  • Figure 23 is a data flow diagram of Blast and Fragment plug-in data flows.
  • Figure 24 is a data flow diagram of Chemical/Biological/Radiological plug-in data flows.
  • Figure 25 is a schematic diagram of a user created report format.
  • FIG. 26 is a block diagram of the VAT Data Model.
  • Figure 27 is a block diagram of the Meta Data Model.
  • Figure 28 is a symbolic diagram of Meta Data Model.
  • Figure 29 is a block diagram of the VAT showing dependency relationships.
  • Figure 30 is an object association diagram of the database.
  • Figure 31 is a table of exemplary screen definitions.
  • Figure 32 is a process diagram of the navigational override process.
  • Figure 33 is a block diagram of the risk management process.
  • Figure 34 is a block diagram showing risk steps and influence network interaction.
  • Figures 35a and 35b are susceptibility determination and risk mitigation process diagrams, respectively.
  • Figure 36 is a diagram showing the relationship between the Influence Network, the graphical user interface, and calculations made against the model.
  • Figure 37 is a flowchart showing calculation of approach vectors.
  • Figure 38 is a block diagram of the Dynamics Module.
  • Figure 39 is an object model to relational model conversion map.
  • Figure 40 is a class diagram of the Relational Data Model.
  • Figure 41 is a flowchart of the 3D Builder Process.
  • Figure 42 is a flowchart of the 3D Viewer Process.
  • Figure 43 is a block diagram of the 3D Run-time Environment.
  • FIG 44 is a block diagram of the VAT Report Generator Subsystem.
  • Figure 45 is a schematic diagram of the VAT Plug-in Interface Class Structure.
  • Figure 46 is a VAT plug-in state diagram.
  • Figure 47 is a review of the TIMS Browser screen.
  • Figure 48 is a TIMS Client-Server network diagram.
  • Figure 49 is a view of the VAT Editor Modes screens.
  • Figure 50 is a view of a user interface screen.
  • Figure 51 is a node - GUI relational diagram.
  • Figure 52 is a package diagram of the VAT Editor.
  • Figure 53 is a block diagram of the VAT Editor.
  • an automated vulnerability assessment tool (AVAT) 100 includes a vulnerability assessment tool (VAT) 200, a theater information management system (TIMS) 130, and a NAT Editor 150.
  • VAT vulnerability assessment tool
  • TIS theater information management system
  • NAT Editor 150 NAT Editor
  • the tool may be run on a personal computer or workstation.
  • the VAT 200 presents a single interface to the user that accesses a powerful underlying architecture.
  • This architecture shown in Figure 2, is a complex integration of modules that are collectively employed to meet the needs of the VAT 200 users.
  • Figure 2 shows the modules that comprise the VAT 200, the VAT's 200 external interfaces, and the relationships among the components. This complex architecture is better understood by a description of how the system is used.
  • the GUI 202 provides a web-like interface to the system with easy navigation references, screens that are simple and logically organized, and based on a dialog with the user rather than a form-based input.
  • the VAT 200 User Interface exemplary screen 300 depicted in Figure 3 illustrates what the user interface looks like as the user enters information. This screen 300 allows direct access at all times to the tools associated with the VAT 200 and provides a structured or non-linear progression through the data entry interview, depending on user choice.
  • the GUI Engine 210 shown in Figure 2, (the term engine in a software context relates to a program that provides a specific capability, but is easily modifiable to support various implementations.
  • a "GUI Engine” is simply a program to interact with the user graphically, without requiring scripted user interface screens.
  • a Web browser is a good example of a GUI Engine 210 - the browser displays any Hypertext Markup Language (HTML) document and its links without them being programmed in the browser) allows user interface content to be different for each user while the structure of the interface 202 remains the same. This allows the VAT 200 to communicate differently with Planners and Professional Assessors, or even among the Services.
  • HTML Hypertext Markup Language
  • the Planner interface 204 contains instruction, examples, and a more verbose dialog to elicit the same information that the Professional Assessor may be able to enter through a simple form provided by the Professional Assessor interface 206. This allows the user interface 202 to be individualized, ensuring that the data is entered and displayed correctly for all users, but efficiently and quickly for expert users.
  • the GUI Engine 210 receives all of the screens, questions, and display data through the Database module 220.
  • the Database module 220 is a relational database that contains all of the data used by the VAT 200, whether entered by the user, or calculated by the VAT 200, as shown in Figure 4.
  • Driving the GUI 202 from the Database module 220 allows the user interface 202 to be dynamic, customizable, and readily updateable without reprogramming the user interface 202.
  • the Computational Engine 230 combines user-entered data, along with data stored in the Database module 220, to calculate risk and all of its underlying components.
  • the Computational Engine 230 uses elaborate artificial intelligence and simulation algorithms to analyze and assess the specific targets, threats, vulnerabilities, and ultimately, the risks at a user's site.
  • the foundation for the Computational Engine 230 is the Influence Network 500 shown in Figure 5. This network 500 shows all of the nodes 510, 510a that ultimately affect the risk of a given threat against a given target.
  • the values for each of the nodes 510, 510a are combined using probability and statistics equations that account for the weighting of the various nodes and the uncertainty in their values.
  • the network 500 also provides results without requiring all of the data to be known. Thus, if the user does not have information for the detailed leaf nodes 510a the network 500 can adapt and solve the network 500 based on higher level data.
  • the VAT 200 architecture allows nodes 510, 510a and sub-nodes (not shown in Figure 5) of the network 500 to be 'turned-on' as new information is available. With additional information, the confidence in the results should increase. For example, the likelihood of an attack may not change as the user adds additional information at the leaf nodes 510a, but we can be more confident in the threat likelihood if it is backed up by supporting information. This flexibility allows users to gain quick insights into their risks and improve on their risk assessment as additional information is available.
  • This network 500 also provides a rigorous, quantitative calculation of risks.
  • the network 500 provides an intuitive representation of the factors that the calculation considers. It can be read as, 'Leaf node X influences branch node Y, which, in turn, influences node Z'.
  • the network 500 is capable of handling influences that cannot be quantitatively described. Thus, if one cannot be sure how much the anniversary of the Branch Davidian incident will affect the Probabihty of Attack (via the "Triggers" Leaf Node 510a), one can still include it in the network 500 calculation by simply stating that it may increase the probability.
  • the implementation of the network 500 in the Computational Engine 230 also allows for the network 500 to be changed or modified without re-programming. Thus, if experts or events indicate that a new factor should be considered, it can be added to the risk network 500 by creating a new node object in the Database 220.
  • the network 500 provides an integrated representation of the factors that impact the specific risks at a site in a manner that can be understood by subject matter experts (to validate the model) and inteipreted by the VAT 200 so that results can be displayed in a meaningful manner to VAT 200 users.
  • the data used by the network 500, as well as the network 500 itself, can be modified and upgraded by modifying the database 220 without deriving a new equation or reprogramming the VAT 200 artificial intelligence (Al) algorithms.
  • the Computational Engine 230 manages all of these calculations. When the calculation involves the physics- based interaction of objects (i.e., like driving a truck), the Dynamics module 240 (shown in Figure 2) is used to calculate the forces, speed, acceleration, and other relevant physical parameters. When the calculation requires detailed modeling of weapons effects the Computational Engine 230 accesses external models through the Plug-in Interface 250 and uses the results of the model in the consequence nodes of the network 500. Each network node is stored in the Database module 220.
  • the Computational Engine 230 relies on a 3D representation of the user's site. This site is developed using the 3D Builder module 260. Like the GUI Engine 210, the 3D Builder module 260 is driven by the Database module 220 and all of the information entered into the 3D Builder 260 is stored in the Database module 220. Thus, all of the interfaces in the software are tightly integrated with a single database, as shown in Figure 6.
  • the 3D Builder 260 provides an interface for the user to build a 3D representation of his site.
  • the 3D Builder 260 imports files from computer aided design (CAD) programs or images and uses them as the outline for the site layout.
  • CAD computer aided design
  • the user can then 'build' virtual representations of the buildings, roads, and perimeters of the site and identify population centers, VTPs, and countermeasures.
  • This virtual representation of the site is stored in the Database module 220 and is used by the Computational Engine 230 to compute threat vectors and the accessibility of assets and by the Analytic Models to calculate weapon effects against targets.
  • the GUI 202 must also display complex risk, spatial, temporal, cost, and probabilistic data to the user in a useful and effective manner. Because the terrorist threat is often so vague and multi-dimensional, the information display must present simplified representations of the information and allow the user to interact with the information to see how the data is inter-related — what kinds of assets are most susceptible to a certain threat, which threats bear the highest consequences, and so on. Information from the risk influence network 500 and information in the Database module 220 can be interpreted and displayed in many combinations and representations.
  • the GUI 202 provides sortable tables, text interpretations of data, 3D animations of scenarios, and graphs like the screens 801, 802, 803 shown in Figure 8.
  • the GUI 202 provides web-like capability to drill-down into any high level information presented by the GUI 202.
  • the user will be able to click on 'high' and drill- down to the nodes that caused the value to be high (e.g., Organization X is active in your area, they have Y weapon capabilities, and Z holy day is a trigger for this threat).
  • the nodes that caused the value to be high e.g., Organization X is active in your area, they have Y weapon capabilities, and Z holy day is a trigger for this threat.
  • the Computational Engine 230 interprets threat data and recommends counte ⁇ neasures to the user that should be used to reduce the threat or the consequences of an attack.
  • These countermeasures are not limited to hardening of assets (blast walls, FRF, etc.) but include countermeasures to:
  • the Database module 220 retains the relationships among these counte ⁇ neasures and procedures and the threats that they counter to allow the user to develop a defensive posture.
  • the 3D Builder 260 allows the user to specifically place countermeasures and optimize their placement to be most effective against the threat.
  • the VAT 200 allows the user to consider costs when employing counte ⁇ neasures to manage risk.
  • the VAT 200 does not provide a detailed cost modeling or cost benefit analysis capability; however, for classes of countermeasures the user may select, the VAT Database 220 is populated with 'initial cost 1 and 'recurring cost' parameters. The values for these parameters are defined as none, low, moderate, or high.
  • the database also contains fields for the user to enter dollar costs for specific countermeasures, if desired. These costs can be printed in custom reports or viewed in risk summary tables to sort and rank risk mitigation strategies by cost.
  • the Computational Engine 230 Much of the risk data presented to the user is generated by the Computational Engine 230. However, when considering risk, one of the most important considerations is the consequence of a specific threat against a specific target. The results of a threat-target pair must be analyzed to determine the casualties and damage that would result from the event so that this data can be used in the risk network 500. Rather than developing a simple routine or a new weapons model, the VAT 200 uses existing blast and nuclear, chemical, biological, and radiological (NCBR) models to calculate the consequences used by the Computational
  • Blast Card (Look-up table) from TSWG HP AC from Defense Threat Reduction Agency (DTRA)
  • CBR Card (Look-up table) from Titan Corporation
  • the plug-in interface 250 provides a mechanism 900 (shown symbolically in Figure 9) to send the model data from the VAT 200 that is needed to properly execute the model. The results of the model calculations are then sent back to the VAT 200 where they are interpreted and used by the risk network 500 and presented to the user. All of this happens without the user having to launch another program, learn how to use each of the external models, or enter the same information over again in another application.
  • the VAT 200 architecture allows other developers to interface to the VAT 200 and provide new models and capabilities that were not initially built in to the VAT 200.
  • This flexible architecture ensures that the VAT 200 is not limited to yesterday's state-of-the-art, but rather, that it can be upgraded through plug-ins to take advantage of evolving models and data.
  • the data used by the decision network 500, the GUI 202 screens, and the database 220 itself can be modified by the VAT 200 support organization.
  • the VAT 200 can be readily modified to use this new information.
  • the VAT Database 220 can be exported from the system. This will not only allow for back-ups of the data, but also allows the Database 220 to be exchanged among users. This will allow Professional Assessors to import an installation's existing VAT Database 220 and use that as the starting point for their assessment - thereby eliminating the need to re-enter data.
  • the VAT 200 will provide, at a minimum, the report formats from the JSIVA Report and the AT/FP Installation Planning Template. Information from the VAT 200 will be used to populate these reports and the user will be able to finish the reports by writing the remaining required text. This document will then be saved to the database and will be available in Microsoft WordTM format for reproduction. The VAT 200 will also provide the flexibility for users to create custom reports or to save out and print VAT 200 risk assessment reports.
  • the AVAT 100 Suite design provides a flexible architecture of component modules and a suite of tools (referred to herein as the VAT Editor 150) that can be used to modify the system. These tools allow the VAT 200 support organization to modify the VAT 200 without having to rely on the system developer or wade through millions of lines of code. Since all of the components of the system are tightly integrated with the Database module 220, the VAT Editor 150 essentially provides a way to modify the existing database 220 to change the GUT 202, Computational Engine 230, report output, etc., a shown in Figure 11. Theater Information Management System (TIMS ' )
  • TMS Theater Information Management System
  • the VAT 200 information is also available to Senior Commanders via the TIMS 130 to compare among the sites within their area of responsibility (AOR).
  • the TIMS 130 is a web-based application that allows Senior Commanders to view top-level threat, vulnerability, and risk data from multiple VAT databases 220. These databases are stored in the TIMS 130 database that can be located on any web network 1200. The Senior Commander will access this database through a web browser client on any connected computer 1210 as shown in Figure 12. Data from the TIMS 130 can be compared, sorted, searched, and graphed.
  • the TIMS 130 will be built using industry standard web technologies so that it can be integrated with other web applications.
  • the VAT 200 can also exchange data with other applications. This will allow the VAT 200 to import and export data to the JSIVA Information System (JIS) and other similar applications. This will ensure that users who have an investment in other applications will be able to effectively migrate to the VAT 200 and that users of all of the applications will be able to exchange data. While it may not be possible or desirable to provide an exchange mechanism for all of the data among the VAT 200 and other systems, the Plug-in Interface 250 will minimize the amount of re-entry of existing data.
  • JIS JSIVA Information System
  • the VAT 200, TIMS 130, and the VAT Editor 150 may be deployed for, by way of non-limiting example, the identified users as shown in Figure 13.
  • Figure 13 shows the typical configurations for each user and the interfaces among the users.
  • FIG. 3 A prefened embodiment of a VAT 200 interface design is illustrated in Figure 3.
  • This design provides a web-like interface.
  • the main content 310 window displays the interview, calculated results, and the 3D scene to the user.
  • the panel 320 to the left of the main content window 310 provides an outline view for context and to allow the user to navigate the application as he/she desires.
  • the toolbox 330 on the far left of the screen 300 provides ready access to major components of the system including external analytic models, the simulation, and output reports.
  • Figure 14 and Figure 15 are examples of the types of screens that appear in the main content window.
  • the typical Planner Interface Screen 1400 as shown in Figure 14, has large fonts, natural English, and establishes context for questions and information before they are presented.
  • the Risk Assessment Screen 1500 is a notional representation of an intelligent natural language representation of risk data provided by the Computational Engine 230.
  • This screen 1500 can be customized for each site or user, uses natural English, and interprets the risk network 500 data like an expert would.
  • This interface allows the user to click on words like "High” to see the underlying information that influenced that determination.
  • This screen can be printed or used in custom output reports.
  • the Risk Summary Table 1600 provides a powerful mechanism for the user to interact with risk data and understand the risks to their site. Clicking on data within the table 1600 displays detailed supporting information. Selecting a row allows the user to see all of the details for that row or to view a simulation of the event represented by that row.
  • the Risk Detail Screen 1800 is accessed by clicking on the value of any of the calculations represented in the Risk Summary Table 1600.
  • This screen shows all of the detailed information for 500 pound car bombs.
  • the user can click on "more” for any of the statements that support the "High” assessment to see the information that they are based on.
  • This data is derived from the Risk Influence Network 500.
  • the Risk Detail Screen 1800 can also be accessed through the outline view.
  • the user can then view scenarios in a 3D simulation/gaming environment in order to gain more insight into the threat vector as played against his her site layout and counte ⁇ neasure setup.
  • the 3D Viewer 280 allows the user of the VAT 200 to play various threat scenarios against his her site.
  • the site layout is read in from the database as constructed in the 3D Builder 260.
  • the Computational Engine 230 is then invoked to calculate threat vectors, and the resulting data displayed on top of the layout in a three-dimensional view.
  • the user is then able to select a vector based on delivery type, risk value, or other such factors, and play the threat against the site in a realistic manner so that the consequences can be viewed.
  • the user can then switch to the 3D Builder 260 mode to add countermeasures, move countermeasures, or make other changes, and then run the simulations again as he/she builds up a site layout and plan.
  • Figure 19 displays a simplified example of a 3D Viewer Screen 1900.
  • the 3D Builder 260 allows the user to construct his base in the VAT 200 system for use with the various modules to calculate vulnerability and mitigate risk.
  • the user is presented with a palette of standard 3D construction tools, camera movement options, and structure types to build.
  • the countermeasure library and structure types are read in from the database, and the list is presented to the user so he can select a structure to build, maintaining the notion of a dynamic interface to the user based upon the information in the Database module 220.
  • the user then uses the tool to build up the site on top of a base image of the layout (scanned-in map, perhaps) or use a base AutoCAD DXF file if applicable, to add countermeasures, and to define the site perimeter.
  • FIG. 7 An exemplary interface to the 3D Builder module 260 of the VAT 200 is shown in Figure 7. After all buildings and structures are placed on the map, the road network can be drawn in using line segments, and any bodies of water can be placed. If any structure requires additional information (such as number of people inside, etc.), the text area below the 3D view is used for text input that will be stored with the object. The user can then place any existing counte ⁇ neasures such as cameras, guard posts, or jersey barriers for each THREATCON level to set the site baselines. The site is then saved out into the database when all structures and countermeasures are placed.
  • any existing counte ⁇ neasures such as cameras, guard posts, or jersey barriers for each THREATCON level
  • FIG 20 The process of building a structure is outlined in Figure 20. From the scanned in image, or just the bare grid layout, the user selects, point by point, the outline of the base of the structure (View 1). The system then fills in the outline and creates a solid 2D polygon (View 2). The user is then able to pull up on this polygon with motion of the mouse to extrude the shape into the third dimension up to the required height (number of stories or exact height) (View 3), and the system displays a final rendered building with shading and textures applied (View 4). Building other structures follows a similar method, with differences based on scale/orientation of the object. Smaller objects, or objects that cover large areas are "painted" in using an object brush.
  • Influence Network 500 For example, water is painted in as one would paint with a certain color in a standard 2D drawing program. Jersey barriers, for example, are placed one at a time; each "paint spot” showing up as one barrier. Once placed, it can then be moved or rotated as desired. Influence Network 500
  • the Influence Network 500 provides the VAT 200 with a knowledge base from which to determine risk.
  • the network 500 is comprised of all of the nodes 510, 510a that ultimately affect the risk of a given threat against a given target.
  • a node is defined as a piece of data used to influence other data in the network 500.
  • the nodes 510, 510a in the network 500 are combined to calculate belief. This belief is interpreted as the probability of a certain result occurring, based on all of the data available to make a determination. This determination can be made using either complete or partial data.
  • the network 500 can adapt to solve the problem based on the data entered.
  • One of the more common techniques for representing probabilistic knowledge in a network 500 involves Bayesian networks.
  • the Influence Network 500 is made up on a series of nodes 520, 510a with connections between each other.
  • a node can have parents (nodes that cause an effect) and children (nodes that are affected), but the network 500 can not contain cycles (circular paths among nodes).
  • Nodes without parents are considered leaf nodes 510a, and are typically where evidence is added to evaluate the network 500.
  • Each node 510, 510a is assigned a set of possible states, along with the probability of the state occurring. These probabilities reside in a structure called the conditional probability table, and represent the influences of prior beliefs on the decision.
  • the conditional probability table simply contains probabilities of the node occurring. These values are set by the evidence assigned from external data.
  • conditional probability tables of all nodes in the network 500 are initialized to a default state, which is an expected bias in the answers. As evidence is posted to the network 500, these probabilities are refined and the network 500 produces answers in which we have more confidence. In this manner, partial data can be used to refine beliefs, with the initial probabilities responsible for "filling in the gaps" of missing data. Using advanced statistical techniques, the confidence of each probability can also be computed. This confidence is extremely beneficial for justification of answers. Because of the subjective nature of various data used by the system, defense of the system's results is vital.
  • the structure of the network 500 is simple to represent. This presents flexibihty in the VAT 200 design, allowing the network 500 to be configurable from the object database 220.
  • each node 510, 510a of the network 500 is aware of its parents, children, and where it receives its data.
  • the network 500 structure can be stored in the database 220 ⁇ and manipulated externally by the VAT Editor 150.
  • the user can modify the behavior of the Influence Network 500. This is extremely beneficial to the VAT 200, as data refinement is vital to the survivability of the tool.
  • nodes can be added to the network 500 to refine beliefs. These nodes can only derive their data from the GUI 202, but by adding the node to the network 500 and modifying the tables of all nodes that it affects, the network 500 behavior can be altered.
  • Data used by the network 500 comes from several different locations. Data entered by the user directly into the GUT 202, as well as data resulting from the database and from calculations made by the Computational Engine 230, the Dynamics module 240, and external models are all used by the network 500. By providing data from various sources, the decisions made by the influence network 500 are highly robust, dependent not only upon user knowledge, but also on statistics, simulation, and physics.
  • the Computational Engine 230 is responsible for constructing and maintaining the network 500. User inputs to the GUT 202 are posted directly to the network 500, but the Computational Engine 230 coordinates any other input, resulting from calculations or external models.
  • the vectors of approach that are calculated by the VAT 200 determine the accessibility of a specific target to a specific threat (an actor with a weapon system). These vectors not only provide valuable data to the relative risk determination of the VAT 200, but when displayed graphically they provide a powerful tool for the user in understanding the vulnerabilities to their site.
  • a specific threat and target In order to compute the vectors of approach, a specific threat and target must be selected by the user. Using this data, the VAT 200 analyzes the threat and asset characteristics, the site layout, and the physical security measures to determine all possible approach vectors to the target.
  • the weighted-graph search algorithm searches for a path between two points, avoiding obstacles and impassible areas.
  • First-order physics are applied to ensure realism in the chosen path.
  • Decision theory is applied to determine the reactions of the threat upon encountering countermeasures.
  • Risk management support is provided in the VAT 200 by allowing the user to modify the site baseline based on the determination of vulnerabilities to specific threats. Once the user builds the baseline, characterizes assets and determines specific threats, the VAT 200 walks him/her through a susceptibility determination and consequence analysis. Susceptibilities and consequences, coupled with the probability of a specific threat attack, make up the relative risk of a target against that threat. In order to perform risk management, the user must reduce the susceptibility of a target to an attack, the likely consequences of an attack, and/or the probabihty of the attack occurring. All of these can be reduced through the employment of countermeasures or asset relocation.
  • FIG 22 provides an overview of the risk management process. Based on the cu ⁇ ent site baseline and the vulnerabilities determined by the VAT 200, the user is presented with countermeasures to employ across their installation. By targeting the placement of these countermeasures against the specific vulnerabilities, the user can reduce risk. To assist in this process, the VAT 200 analyzes the threat and suggests counte ⁇ neasures that can best reduce the components of risk associated with the threat. Comparing the effectiveness of the countermeasure against the threat accomplishes this. Coxmtermeasures that are most effective against the threat are presented to the user, along with suggestions for successful employment. These countermeasures are not limited to hardening of assets (blast walls,
  • the site baseline is ultimately modified.
  • the new baseline is then used to produce updated susceptibility and consequence determinations.
  • Other risk management options such as asset relocation will also be permitted. This cyclic process highlights the iterative nature of risk management and its application to planning.
  • the VAT 200 also allows the user to consider costs when managing risk. Preferred embodiments the VAT 200 do not provide a detailed cost modeling or cost benefit analysis capability; however, for classes of coxmtermeasures the user may select, the VAT Database 220 is populated with 'initial cost' and 'recurring cost' parameters. The values for these parameters are defined as none, low, moderate, or high. The database also contains fields for the user to enter dollar costs for specific countermeasures, if desired. These costs can be printed in custom reports or viewed in risk summary tables to sort and rank risk mitigation strategies by cost. Analytic Models
  • the VAT 200 uses analytic models to calculate the consequences of likely threat scenarios.
  • the Influence Network 500 requires an assessment of the consequences of an event in order to calculate the overall risk.
  • the VAT 200 potential consequences are simply damage to assets and human casualties. From these results, the risk network 500 calculates additional parameters such as the mission impact and the symbolic victory the te ⁇ orist may receive based on biasing values the user has entered for the affected assets.
  • the VAT 200 User Group selected the models that will be provided with the initial release of the VAT 200.
  • the VAT Plug-in interface 250 is also capable of interfacing with other models via the Analytic Models Interface.
  • Table A lists the models that are supported by prefened embodiments of the VAT 200. Other models may also be supported.
  • a design goal is to make the interaction of the VAT 200 with external models appear transparent to the end user.
  • the VAT 200 provides all of the set-up data required by the models in the co ⁇ ect format and interprets the damage and casualties calculated by the model.
  • the data required from the user by the VAT 200 may be simple, the interaction of the VAT 200 and external models is quite complex. This complexity is due to several important issues.
  • the VAT 200 and each of the analytic models represent the same features in different ways requiring complex data transformations.
  • the analytic models have limiting assumptions that the VAT 200 must track and present to users.
  • the VAT 200 must ultimately accept data from the analytic models.
  • the VAT 200 software has no means to validate this data.
  • the VAT 200 is written to accept data from models that calculate consequences for all kinds of weapons systems.
  • the VAT 200 includes plug-in modules that allow interfacing to six models covering blast, chemical, biological, and radiological agent scenarios.
  • third party developers may produce plug-ins that interface with other kinds of models in the future. Therefore, the VAT 200 must consider other kinds of models in its use of analytic models.
  • the sections below describe the approach that the VAT 200 takes for each of the model interfaces present in prefened embodiments of the VAT 200.
  • the ensemble of blast and fragment consequence calculators is diverse principally in the target dimension, the weapons themselves for the purposes of VAT 200 being substantially described by their net explosive weight and the presence or absence of efficient provisions for fragments.
  • Targets, on the other hand, and particularly buildings vary enormously in their sizes, shapes, construction details, the care in which they were constructed, their age, and their outfitting.
  • sunounding buildings and natural tenain features can markedly intensify or diminish blast and fragment effects on a given building and on its occupants.
  • the presence of buildings can shield people in the open from fragments, can channel weapon fragments at some people, and can contribute building fragments (especially but not exclusively glass fragments) to the injury-inducing or lethal objects flying through the air in the wake of an explosion.
  • Blast and fragment analytic models model one or several physical phenomena. These include air blast, fragmentation, structural response, and casualty or personnel hazard mechanics. All of the blast and fragment analytic models prefened embodiments address building damage in some fashion or another. In order to function they need three categories of inputs or assumptions. These categories are the characteristics of the weapon, the characteristics of the building being analyzed, and the geometric and geographic context for the weapon and the building.
  • a full real-world description of a weapon includes its net explosive weight, its shape, its containment vessel, boosters such as the presence of bottles of acetylene, and additional fragment generators that came with the weapon.
  • the weapon is concealed, as in the case of explosives concealed in an automobile or in the sides and bottom of a suitcase, the distribution of the explosives can affect the shape and power of the explosion.
  • Buildings have a host of features relevant to the calculation of damage.
  • the detail with which the VAT 200 user characterizes buildings may not match the detail for a given analytic model.
  • One option is to group buildings into general classes (e.g. two-story, box- walled building). This general characterization could be provided to models equipped to expand that into a representative building.
  • VAT 200 could do the expansion and send the representative building details to an analytic model. For either alternative there will be a reduction of predictive accuracy relative to providing actual details.
  • a contrasting case for building construction is when the VAT 200 user provides greater detail than an analytic model is equipped to use.
  • population within a building may have multiple representations: the total population in the building, numbers of people in each bay of a building, or individuals' specific positions within the building.
  • VAT 200 expects the following output from blast and fragment models:
  • FIG 24 illustrates the data flows for the chemical, biological and radiological (CBR) plug-in models.
  • the atmosphere is the vehicle for dispersion of CBR agents after release. Atmospheric dilution, interaction with water or with other substances in the atmosphere, and in the case of biological pathogens, exposure to sunlight, all act to degrade the toxicity of one or another of these agents. CBR effects calculations require (in order of priority) agent release specifics, meteorological conditions, tenain, and time of day.
  • CBR substance release information includes agent type, amount, mechanism for release, and delivery mechanisms.
  • the release mechanism describes how and how well an agent is aerosolized (e.g., explosive charge, spray, etc.) while delivery mechanism is the means of introducing the weapon system to the target (e.g. letter bomb, aircraft, etc.).
  • VAT 200 needs casualties and "damage” resulting from CBR attacks. Damage is partly the result of casualties, especially casualties to key and essential personnel, but it can also be the result of denial of use of facilities or an area and equipment until decontamination has been performed.
  • Casualty information can be provided several ways. One is simply a count of dead and incapacitated. An analytic model provides such numbers on the basis of that portion of supplied population databases which applies to the installation in question. A second method of expression is to provide geographically keyed data expressing the lethality density of the substance as a function of time. From the latter, VAT 200 is able to calculate its own casualty information taking into account building-by-building and area occupancy as a function of time of day. Even when the analytic model counts the casualties the geographic data is still useful for assessing secondary mission impact (i.e. "damage").
  • TSWG's Bomb Card analytically represented in VAT 200, provides ranges for building evacuation and ranges for withdrawal of people in the open. Both are indexed on a progression of common or likely te ⁇ orist explosive devices, ranging from 5 pound pipe bombs to 60,000 pound semi-trailer trucks.
  • the building evacuation distances are purely a function of net explosive weight.
  • the open air evacuation distances are a composite of predicted effects from case shrapnel, thrown vehicle fragments, and glass breakage. Mechanics of Use
  • VAT 200 will supply only type of bomb and net explosive weight in TNT equivalent pounds to the Bomb Card model due to the simplicity of the Bomb Card "model" approach (i.e., a simple look-up table).
  • the Bomb Card does not use any geometric and geographic information beyond the XY coordinates of the burst - for example height of detonation and presence of blast walls or nearby reflective natural or artificial features are not taken into account. Most importantly, no account whatever is taken of the character or construction of buildings.
  • the Bomb Card will return information about building damage and potential for casualties to personnel in the open.
  • AT Planner General Description
  • AT Planner a product of the U.S. Army Engineer Waterways Experiment Station, was developed to aid engineers in evaluating Force Protection issues from te ⁇ orist and saboteur attack. In its native mode it is a GUI-based interactive tool.
  • Features include the ability to make building retrofit recommendations and the ability to recommend barriers to stop vehicles of a specified size with a specified distance for acceleration.
  • Three-dimensional views showing building damage are available in the GUT 202 version and it is possible to request standoff distance calculations for specified buildings, specified damage types such as roof/wall failure or glass breakage, and for weapons of a specified net explosive weight.
  • AT Planner can use precise positions of persons outside of buildings, detailed window distribution information, treats building occupants only by calculating injury potentials in the interior bay by bay, and can incorporate the mitigating effects of blast walls close to the point of detonation. Threats are specified in net explosive weight of the equivalent TNT charge. However, detonations inside of building are not modeled and AT Planner does not use height of burst or weapon fragmentation data, and its ability to represent i ⁇ egularly shaped buildings is limited.
  • AT Planner's products include casualty information for outside individuals, coded panel-by-panel damage information for buildings, and a three-dimensional representation of building damage. VAT 200 will use these data to determine detailed consequences for threat- target pairs. Blast/FXTM General Description
  • Blast/FXTM was developed by TRW Inc. (formerly BDM Inc.) for the Federal Aviation Administration as a tool to model the effects of explosives against buildings and the people in them. Additional features include the ability to predict severity of injury to individuals at precise locations inside the building. Buildings may be described in substantial engineering and architectural detail and fragment characteristics of weapons are also modeled.
  • Weapons can be described by energetic chemical and net explosive weight (describing one in terms of the TNT equivalent net explosive weight is sufficient). Fragmenting capability can be infened from the casing but also fragment sizes can be specified, so that the model can accommodate weapons with bundled shrapnel such as nails. Mechanics of Use
  • Blast FXTM is alone among the VAT 200 analytic models in being able to take into account the specific locations of individuals within buildings.
  • Extensive building construction detail can also be used by Blast/FXTM: beams, columns, floors, and walls can be described for multiple levels by dimension, by category of material, and in the case of reinforced concrete, by the rebar spacing. Windows can be described by size and glazing material. Instead of requiring this level of construction detail from users, the VAT 200 will provide representative construction details conesponding to the generic building class selected by the user since prefened embodiments of the VAT 200 do not include the modeling of the interior of buildings.
  • Blast/FXTM's products returned to VAT 200 include the mortality or severity of injury to each person included in the scenario, component by component damage information, and three-dimensional views of the blast area with damage and casualties color coded (plus associated data to support this visualization).
  • FP Tool is a product of the Naval Surface Warfare Center (NSWC), Dahlgren, Virginia. Unlike AT Planner and Blast FXTM, FP Tool uses the TNT Standard methodology instead of the Kingery-Bulmash algorithms for its calculations. NSWC chose the TNT Standard in order to increase the accuracy of the calculations, especially for reflected air blast and elevated burst situations. Of the three blast and fragment models interoperable with prefened embodiments of the VAT 200, only FP Tool takes height of burst into account. The FP Tool also precisely models air blast-pressure decay but even with FP Tool the prediction is apt to be conservative.
  • Explosions internal to buildings may be modeled in the FP Tool. Exterior wall panel damage is predicted while interior walls are ignored in the calculation of this damage.
  • the cunent release uses eardrum damage and fragment-skin penetration as metrics for air blast personnel casualty.
  • the travel and consequences of fragments of the buildings themselves are not modeled in the cunent release of FP Tool: only casing fragments are considered. Fragment trajectories are calculated both for bursts outside and for bursts inside of buildings. When a fragment reaches an impediment, penetration is calculated on the basis of the fragment and the construction of the impediment. casualties to people from fragments are calculated on the basis of probability of hit for personnel in hazard volumes rather than on the basis of precise positions of occupants. FP Tool also calculates probabilities of equipment destruction from fragments. Mechanics of Use
  • the FP Tool can use weapon size, three-dimensional burst position information; multiple buildings; and barrier information. Building generic type, percentage of glass, and population density are usable but more extensive construction details are not. Equipment type and fragility can be used, if provided.
  • Results passed from FP Tool to VAT 200 include air blast information, building collapse information, building fragment information, building damage information, equipment casualty information, and personnel casualty information.
  • CBR Chemical/Biological/Radiological
  • the CBR Card provides a quick look assessment for casualties related to the use of CBR agent releases.
  • the purpose of this application is to provide a range of probable consequences from typical CBR attacks.
  • the Card provides actual "Lethal Dosage 50" (L/D 50 ) values for a given release. L/D so is the dose for which 50% of the affected population is likely to die from the given exposure.
  • L/D 50 is the dose for which 50% of the affected population is likely to die from the given exposure.
  • the casualties will take place over a variable time frame depending on the agent: chemical agents act very quickly (within minutes to hours) while biological and radiological may take days to weeks to kill. However, the dosage calculation will be determined assuming that the personnel in the area remain there for 30 minutes after the release.
  • the CBR Card is meant to provide a rough estimate of the consequence from a CBR attack and also to provide insight into crucial aspects of CBR releases. While the Bomb Card focused on standoff as the primary countermeasure to blast, the CBR Card will show the relative importance of time and situational awareness as critical weapons against CBR agent releases. Time is critical since if personnel can don a gas mask immediately upon being notified of a release then the hazard from CB releases is fairly minimal. Similarly, for radiological agents, limiting time exposed to the agent is the only way to prevent casualties for unprotected personnel.
  • the primary factors considered in developing the data to create the CBR Card are: source, release mechanism, amount of agent, delivery mechanism, and meteorological conditions.
  • the CBR Card permits several chemical agents to be selected: chlorine, VX, and GB. These three were selected because they span the likely threats in four relevant dimensions: availability, persistence, lethality, and history of use.
  • Chlorine is a representative industrial chemical agent meeting the test of easy availability. It is a toxic industrial material that has been discussed as a tenorist threat for years. It is lethal, its dense gas characteristics enable a cloud to linger in the absence of wind, and it is readily available. Moreover large tanker trucks are not uncommon, so inconspicuous delivery is plausible. Because of its likely packaging as a tanker truck the likely scenario is for a large amount of chlorine (tens of thousands of kilograms) to be released by a small explosive rupturing the tanker near the target.
  • VX is included in the CBR card to represent the persistent chemical agents
  • GB Sarin is included to represent the agents of highest lethality.
  • the two conditions of midnight release and noontime release were selected to show the disparity between the dispersion and the degradation of CBR releases under differing meteorological conditions.
  • Midnight release means no turbulence and no wind.
  • the resulting transport and dispersion occurs because of a physical phenomena called meander which is the random fluctuation of wind azimuth coupled with random variations of a small wind speed. (That is to say, it really is not physically possible to have absolute calm conditions.) Meander creates a slow moving enatic cloud that may eventually cover a large area.
  • the noontime release conditions provide a turbulent atmosphere with a four-knot wind. This condition provides a situation where the initial release will quickly produce a fairly directional plume of ground effects. The wind speed of four knots was selected to provide a reasonable ground footprint over minutes to hours without diluting the release too quickly.
  • Anthrax is sufficient to represent biological warfare agents.
  • Anthrax is a worst case choice because as a spore it is relatively resistant to ultraviolet light so it has a long linger time (relative to other biological agents) and is also more lethal than most other biological agents. It is also readily available and, unlike the chemical agents, it can kill at a long distance from its point of release. Three different, plausible dehvery mechanisms are used - aircraft spray, van spray, and backpack spray.
  • Cobalt 60 is a likely source due to its availability from medical applications.
  • One dehvery method is used (suitcase bomb) for its application since in any other form it would be very dangerous to the terrorist employing it and an explosive release provides an effective way to spread a small amount of material quickly.
  • the two parameters that the CBR Card will require from the user will be direction of prevailing wind and location of the source.
  • the data produced from the series of CBR scenarios described above will be applied to the site within VAT 200 with these two pieces of data. In this way, personnel affected by the release may be calculated and provided as a consequence term and, if requested by the user, plotted on the site map.
  • the prevailing wind condition is very important for CB releases since it specifically identifies the region at risk from a CB release.
  • the user may experiment using different wind azimuths to determine the severity of a CBR attack during non-nominal meteorological conditions (i.e., the xiser may perform what-if analyses).
  • the CBR Card does not consider terrain effects. All scenario runs assume flat terrain. This simplification could obviously be important especially for very hilly terrain and urban areas.
  • HPAC Hazard Prediction and Assessment Capability
  • HPAC can either determine typical meteorological conditions for fee site's geographic location and season of fee year from its own resident databases or a default file will be made available for modification.
  • fee terrain will affect fee transport and dispersion but VAT 200 assumes flat terrain.
  • Data from HPAC will be typical contours showing fee extent of a cloud's growth scaled to dose levels representative of physical impairment and/or high probability of death.
  • HPAC is capable of using every bit of fee agent cloud, time and meteorology, and geographic data that VAT 200 will supply. Some users of VAT 200 will be unable to provide information in detail and so will instead characterize weapons, weather, and geography by generic category. Together, VAT 200 and HPAC will extrapolate from these to fee details HPAC's computation engine requires in order to run.
  • VAT 200 will receive geographic lethality and incapacitation information from HPAC that it will then use bofe for casualty and for mission impact assessment External Interfaces
  • the VAT 200 provides a mechanism that allows end users to enhance fee functionality provided by fee VAT 200 on dehvery.
  • the VAT Plug-in module interface allows third parties to create software modules feat extend fee VAT 200's capabihties beyond feose delivered as part of fee standard VAT 200 installation.
  • plug-in modules There are cunently three variants of plug-in modules: Analytic Model plug-ins, Data Analysis plug-in modules, and I/O plug-in modules.
  • the following sections discuss the VAT 200's Plug-in module interface and fee capabilities of each of the plug-in types in an overview fashion feat attempts to provide context for fee other sections of this specification. Plug-in Module Interface
  • the VAT 200's external interface mechanism is constructed around fee notion of software plug-in modules which provide enhanced behavior for fee VAT 200 in specific areas of functionality: new analytic models, new textual data interpretation paragraphs, or new sources to import or export data to or from fee VAT 200.
  • Software plug-in modules are binaiy objects built from compiled code that adheres to standards defined for fee AVAT 100 Suite.
  • VAT 200 In general terms, for all plug-in modules, fee VAT 200 expects a base level of functionality feat manages fee low-level interface wife fee VAT 200 software. On top of feat functionality, the VAT 200 expects that a plug-in will implement additional functionahty that will allow fee plug-in to provide enhanced behavior for fee VAT 200 software.
  • the overarching design principle for the Plug-in module interface design is to make it easy for third party programmers to develop plug-ins for different situations, not precluding fee possibihty that more than one plug-in of a particular type (e.g. two analytic model plug-ins and or feree analysis module plug-ins) may be registered wife fee VAT 200 and potentially be running concunently with the others.
  • the VAT 200 Analytic Models Interface will allow module developers to create interfaces to external analytic models and interface them wife fee VAT 200. Through fee Analytic Models Interface fee VAT 200 will be capable of exporting munitions, terrain, geometry and other information in fee VAT Database 220 for analytic models to use in their calculations.
  • a major design goal for this interface is that fee user will not be required to interact with an external model's native interface (if any exists) in order to use it or its results in VAT 200 risk calculations.
  • fee VAT 200 Analytic Models Interface provides a number of control functions feat allow fee VAT 200 to control fee execution of a compliant Analytic Model.
  • the VAT 200 In support of fee user created report format requirement, the VAT 200 exposes fee Data Analysis modules interface.
  • the VAT 200 uses Data Analysis modules to interpret the results of user-entered data and formulate statements about feat data. Throughout fee interview process for Professional Assessors and Planners and during fee creation of output reports, fee VAT 200 uses Data Analysis modules to create custom paragraphs of text.
  • the exposed interface allows end users to create their own Data Analysis modules that can be used in user modified screen sets or in user defined output report formats.
  • the Data Analysis module interface includes control methods feat allow fee VAT 200 to interact wife Data Analysis modules and exposes portions of fee VAT Database 220 to allow fee module to perform queries on fee database.
  • the third external interface fee VAT 200 exposes is fee IO module interface.
  • the VAT 200 uses IO modules to read and write data from/to external data sources.
  • the VAT 200 includes IO modules for importing data in fee following formats: TIFF - Image format JPEG - Image format
  • the VAT 200 may also include an IO module for fee following format: JIS - The JSIVA Information System Output Reports
  • the VAT 200 has a report generation capability that assists in fee preparation of JSIVA formatted professional assessment reports, assessment team briefings, and AT/FP plans.
  • fee NAT 200 allows fee user to define additional report formats feat can be used to generate new report types in addition to feose originally supplied wife the VAT 200.
  • the VAT 200 accompKshes this by storing report formats feat define fee information to be contained in VAT 200 generated reports in a content independent format Report formats are editable from within fee VAT 200 Editor. Using fee report format editor, fee user can modify any of fee report formats supplied wife fee VAT 200 and/or create completely new formats that are unlike feose supplied with fee VAT 200. Professional Assessment Report Generation Capability
  • Report formats are fee heart of the VAT 200's report generation capability.
  • the VAT 200 stores report formats that represent all fee report types that fee VAT 200 produces. Even fee AT FP Plans and Professional Assessment Reports feat fee VAT 200 generates are created using VAT 200 report formats. Report formats define for fee VAT 200 fee contents of a report independently of fee info ⁇ nation feat will ultimately be contained in fee reports. Using a report format, at report generation time the VAT 200 iterates through user entered site information and assembles a report based on fee info ⁇ nation.
  • Report formats consist of a small set of elements that can be assembled by the VAT 200 in building block fashion to create a whole document.
  • report formats consist of Sections 2510, Paragraphs 2520, and Clauses 2530.
  • Major divisions of generated documentation are stored as sections in VAT 200 report formats. Sections consist of a title element and one or more paragraphs that make up fee body of fee block. Each section in a VAT 200 report format contains paragraphs that define fee content of fee block.
  • Paragraphs in VAT 200 reports are usually what feeir name implies - paragraphs of text - although the VAT 200 extends this definition slightly for added flexibility by allowing graphs and tables to be inserted as paragraphs 2520.
  • paragraphs 2520 may contain clauses 2530 feat define fee content of fee paragraph 2520.
  • Clauses 2530 are the lowest level element of a VAT 200 report format.
  • Paragraphs in a VAT 200 report format may be one of several different types.
  • the simplest form of paragraph is a boilerplate paragraph that contains text feat is constant for all reports generated using fee report format. Boilerplate paragraphs insert their exact contents into generated reports.
  • Another, slightly more complex type of paragraph is fee analytic paragraph.
  • Analytic paragraphs are created from fee output of a Data Analysis module plug-in (see the external interfaces section for more information on Data Analysis modules). Using Data Analysis modules and analytic paragraphs, end users can create completely new forms of output for VAT 200 reports.
  • the next most complex form of paragraph is a composed paragraph.
  • Composed paragraphs are paragraphs that have one or more clauses feat are used to build fee body of fee paragraph at generation time. Composed paragraphs insert fee contents of fee clauses that comprise them into generated reports.
  • clauses can take multiple forms.
  • the simplest form of clause is a boilerplate clause.
  • boilerplate clauses are copied into generated reports unchanged.
  • the second form of a clause is the query clause.
  • Query clauses represent simple database queries. At report generation time, fee query is conducted and its results are what is inserted into generated reports.
  • the VAT 200 software accepts and stores a multitude of data elements including user input data, analytic model results and influence network 500 evaluation results.
  • a multitude of data elements including user input data, analytic model results and influence network 500 evaluation results.
  • fee Influence Network 500 has been specifically discussed previously due its central influence on fee VAT 200's complex risk calculations.
  • the VAT 200 maintains a Data Model, which contains information about fee physical elements of a particular domain, and fee Meta Data model. This section describes each of these models, feeir relationship to fee ofeer models, and how fee VAT 200 uses them to develop a complete representation ofa site.
  • the VAT 200 Data Model 2600 shown in simplified form in Figure 26, is how fee VAT 200 organizes information about fee real-world elements feat can exist in fee site under analysis.
  • the association of physical items, agents, and events as fee association element called AT FP Domain forms the base of fee diagram.
  • Each of fee branches of fee tree represents an orthogonal view of fee world feat represents items from the most general to fee most specific.
  • physical items are real objects in fee world that occupy space. For example under this organization, one could say they have a physical object, which is a vehicle, which is a land vehicle, etc. proceeding from fee most general to fee most specific.
  • Agents represent entities in fee world that have intent and perform actions. An example agent would be fee U.S. Army or a tenorist organization.
  • events are triggers that are likely to bring about change in fee world state or cause an agent to act. An example would be a coup or fee occunence of a religious holiday.
  • the VAT 200's second use of fee Data Model 2600 is to use instances of elements of the Data Model 2600 as part of associations feat are part of the VAT 200's Meta Data Model (shown in Figure 27 and described below). These element instances represent items feat actually exist as part of the profiles that fee VAT 200 is being used to create.
  • the VAT 200's Meta Data Model 2700 shown in Figure 27, is fee VAT 200's central aggregation mechanism for data about sites feat fee VAT 200 profiles.
  • the VAT Meta Data Model 2700 stores info ⁇ nation about fee collections of elements from fee Data Model 2600 feat are useful in fee AT FP domain.
  • the stmcture of fee Meta Data Model 2700 is primarily based on associations since it focuses on bringing together objects into real world constructs.
  • At fee root of fee tree are fee organizational elements Agency 2710, Region/Division 2720, and Site 2730. These objects provide for storing contextual information about a site and allow fee TTMS 130 to properly associate sites that are under fee same Agency 2710 or in fee same Region or Division 2720.
  • Sites 2730 are composed ofa Site Layout 2731 and one or more Info ⁇ nation Products 2732, Threats 2733 and Site Baselines 2724.
  • the VAT 200 uses fee Site Layout 2731 to store all of the static information about a site's infrastructure, stractures, and natural environment.
  • Site Baselines 2724 are used to store data about fee dynamic elements ofa site such as employed counte ⁇ neasures, asset locations, and organizations as these elements are organized for a particular configuration (e.g. one may speak of the THREATCON Alpha baseline versus fee THREATCON Bravo baseline.)
  • the VAT 200's final organizational element is fee Influence Network 500.
  • the Influence Network 500 provides a central framework from which fee VAT 200 evaluates risk.
  • Each of fee nodes 510, 510a in this network 500 represents an element feat affects fee overall risk for a given threat against a given target.
  • Nodes in fee network 500 can have parents (nodes that cause an effect on this node) and children (nodes feat are affected by this node), but fee network 500 cannot contain cycles.
  • an influence algorithm described fully in fee Influence Network 500 section
  • each of fee nodes in fee network 500 takes a set of possible states, each wife a probability of occurring.
  • fee values at children nodes are influenced by fee values in parent nodes in fee network 500.
  • fee VAT 200 populates fee leaf nodes 510a of fee Influence Network 500 using a combination of directly entered data, data pulled directly from fee Data or Meta Data models 2600, 2720, and calculated information based on data gained from network 500 searches.
  • data entered into fee Data Model 2600 and the Meta Data Model 2700 directly or indirectly affect fee site specific Influence Network 500 and therefore affect fee site's overall risk profile.
  • fee VAT 200 is divided internally into nine subsystems feat each implement a part of one of fee data models, fee influence model fee user interface, or ofeer systems feat operate on fee models to perform useful calculations.
  • the subsystems are identified in fee next section and defined in detail in later sections.
  • the VAT 200 is internally divided into nine subsystems. Each of these subsystems is implemented as a separate software package wife a public interface that the ofeer subsystems use to interact with fee package.
  • the VAT 200 Package Diagram 2900 in Figure 29 shows fee VAT 200, its subsystems, and feeir dependency relationships.
  • the block symbols e.g. GUT Engine 210) represent aggregations of functionahty within the VAT 200 that will be implemented as a subsystem wife specific defined interfaces.
  • the dotted arrows show which of the VAT 200's subsystems depend on ofeers. For each of feese dependencies, fee lower level package (at fee anowhead end of the a ⁇ ows) will implement an internal system interface.
  • fee VAT 200 uses a GUI Engine 210. Instead of producing an interface based on compiled code, fee GUT Engine 210 reads and creates fee user interface from fee database 220 at run-time. This approach provides a GUI 202 that can be modified by changing fee database 220 instead of fee code. It also provides fee abiUty to define different user interfaces for each type of user. This allows fee interfaces to be customized to fit fee user's specific needs and level of understanding.
  • the cunent user interface concept has five main sections menu bar, navigation bar, tool interface, outline view, and dynamic content area. Each of feese sections are created and managed by fee GUT Engine 210.
  • the menu bar provides file input/output commands, edit functions, simple navigation, and access to help.
  • the GUI Engine 210 passes fee commands to the appropriate VAT 200 subsystems and interacts with fee Windows clipboard as requested by fee user.
  • the navigation bar provides fee user wife web like navigation (back and forward buttons) and quick access to important features and sections of data in the VAT 200.
  • the GUT Engine 210 stores a screen history feat it uses to determine what screen to display when the back and forward buttons are used. They act exactly like the buttons found on a web browser. The remaining buttons on fee navigation bar are linked to specific screens in fee VAT 200 feat are immediately displayed when fee user presses them.
  • fee tool interface provides direct access to various tools contained in fee VAT 200.
  • Each of fee buttons when pressed, instructs fee GUI Engine 210 to activate a specific VAT 200 tool and display its interface.
  • the outline view's two purposes are to represent fee data in fee system and to allow fee user to move around in fee VAT 200 to view, edit, and change data.
  • the GUI Engine 210 populates fee outline as data is entered into the system and as fee VAT 200 needs information from fee user.
  • the info ⁇ nation is displayed in an outline form to better organize and manage its representation.
  • the GUI Engine 210 shown in Figure 6, reads information from the database and creates screens to allow fee user to interact wife fee system. This area, like fee rest of the interface, is completely controlled by fee GUI Engine 210, but fee 3D Engine 210 is also capable of writing info ⁇ nation to it. Whenever the 3D Builder 260 or Viewer 280 is needed, fee GUI Engine 210 provides a graphics context to fee 3D Engine 210 so that it can display graphics in fee dynamic content area. The GUI Engine 210 creates and manages all the toolbars feat are required to operate fee 3D Builder 260 and Viewer 280. It passes fee commands issued by fee user to fee 3D subsystem for processing. This provides a consistent interface to fee user and reheves fee 3D sub-system from the duties of handling user input.
  • the GUI Engine 210 handles multiple screen definition sets so feat each one can be customized to fit a specific set of users, but it does not require feat every screen be customized. Instead the engine supports default screens in addition to user type specific screens. This provides a mechanism where fee GUI Engine 210 uses a default screen anytime a user type specific one does not exist. This makes fee engine 210 more flexible and defining custom screens less time consuming.
  • Each object in fee system that requires user interaction has a least one screen associated wife it This is fee default screen to be used by fee GUI Engine 210.
  • each object can have other screens associated wife it to be used by a specific type VAT 200 user as shown in Figure 30.
  • GUI Engine 210 uses screen definitions to define what the dynamic content area of fee user interface should contain. These definitions define what the screen should contain, but not explicitly how it should be displayed or laid out. This has two main advantages:
  • the user interface is more flexible.
  • the screen definitions such as fee definition 3100 shown in Figure 31, consist of a list of what should be shown on the screen, but not how it should be laid out. This approach frees modification users from fee duties of having to graphically lay out each screen so feat feey can better concentrate on fee content of fee screen. It also allows fee GUT Engine 210 to be more flexible by allowing it to adapt fee screen to fee size and style of fee window available. It furthermore allows fee engine to decide, based on fee type of data to be input to output, what is fee best way to display it. The GUI Engine 210 uses the screen definition 3100 to determine what to display on the screen. To determine how to display fee information, it checks fee type of data and determines what input or output device to use.
  • fee GUI Engine 210 would check fee database and know feat this is a string. It would then use a text-input box on fee screen for the user to type the information into. If on the ofeer hand fee definition 3100 specified feat fee user's rank be entered (and a fist of acceptable ranks exist), fee engine would use a selection box so feat fee user would not need to type in fee answer. This technique is applied to all of fee items in the list until fee entire screen composition is known.
  • GUI Engine 210 uses rules similar to a web browser to layout the information on fee screen. It determines the spacing between lines, knows to emphasize fee title of fee screen, etc. Once this process is finished, fee engine displays fee screen to fee user and handles all fee interactions.
  • fee GUI Engine 210 is also responsible for determining what screen to show when. The user can jump to specific screens by using fee navigation bar, outline, and tool bar, but this is only part of fee navigational process. During the interview for example, fee user will press a done or next button to indicate feat feey are ready to proceed to fee next screen. The GUI Engine 210 is responsible for finding it.
  • the engine uses during navigation There are three methods that the engine uses during navigation. The first is to jump to a user-specified screen as described above. The second is to look at data dependencies in the object model and influence network 500. Many of feese objects require info ⁇ nation about ofeer objects. The GUI Engine 210 uses this info ⁇ nation to determine what object screen fee user should see next. But, this method alone may not produce a coherent progression of screens.
  • the GUI Engine 210 is equipped wife one final navigational method. In addition to specifying what to display on a screen, a screen definition can also specify other screens to be displayed. This allows it to override fee default behavior of fee system in order to provide a directed screen progression. A sample diagram of this process is shown in Figure 32. Computational Engine
  • the Computational Engine 230 subsystem of fee VAT 200 is responsible for providing support to the risk determination and mitigation processes. During feese processes, fee Computational Engine 230 builds and maintains fee structure of fee influence network 500, in addition to performing calculations to support decision-making. Figure 33 illustrates fee many steps of risk determination and analysis with which fee Computational Engine 230 is involved.
  • the key to fee knowledge of fee VAT 200 lies in fee Influence Network 500.
  • This network 500 embodies fee factors feat fee VAT 200 relies upon in making decisions during risk determination and mitigation.
  • Risk determination is composed of four major components: criticality determination, threat determination, susceptibihty determination, and consequence analysis.
  • Risk mitigation is comprised of countermeasure effectiveness analysis and consequence analysis.
  • Each of feese distinct components interacts wife fee influence network 500 in order to make decisions, and each decision made affects fee rest of fee Influence Network 500.
  • fee Influence Network 500 is capable of calculating fee relative risk ofa particular target against a particular threat.
  • Figure 34 illustrates fee interaction between feese steps of fee risk process and the Influence Network 500.
  • fee susceptibihty determination and risk mitigation components also make use of local networks in order to make complex decisions, as shown in Figures 35 a, b.
  • fee susceptibihty determination threat intentions and capabihties are compared to countermeasure effectiveness to determine fee reaction of the threat upon encountering a countermeasure. This complex inference is handled using a miniature Influence Network.
  • risk mitigation also uses threat and countermeasure characteristics in making decisions.
  • Various countermeasures are compared to fee specific threat to determine which ones are most effective at mitigating the risk of the threat against the target. These local decisions do not directly derive from fee prime Influence Network, so they are handled independently.
  • the stmcture of this network is used to control fee progression of fee screens shown to fee user, and the data collected by fee network 500 determines fee resulting output.
  • the network is capable of propagating data through itself in order to make decisions, but it must rely on external means to obtain this data
  • the GUI 202 provides a portion of this data directly from fee user through elements on fee screen. The remaining data is fee result of various calculations performed by fee Computational Engine 230.
  • Figure 36 depicts fee relationships between the nodes of fee influence network, fee data connection wife the GUT 202, and the calculations made against fee data model.
  • the primary calculation that fee Computational Engine 230 is responsible for is the generation of approach vectors. These vectors represent fee many ways in which a threat can reach fee target in order to attack. Based on feese vectors, fee accessibility of the target is calculated and used in the influence network 500 to determine relative risk. Figure 37 outlines the steps necessary to construct these vectors.
  • Step 1-37 involves computing fee range from the target feat fee threat must reach in order to affect consequences.
  • Step 2-37 which is in reality fee controlling loop of fee process, involves using a weighted graph search technique to build fee path. This technique takes two points and builds a path between them. In building fee path, the algorithm seeks to minimize cost, which in this case is fee number of counte ⁇ neasures that it must face, and maximize effectiveness, or fee resulting consequences to the target.
  • Steps 3-37 and 4-37 are actually responsible for supporting fee weighted graph search algorithm.
  • Step 3-37 involves fee actual reasoning component that deals wife countermeasures.
  • fee search algorithm can evaluate fee response of fee threat to the countermeasure(s), and if necessary, can alter fee path based on the results.
  • Step 4- 37 involves fee application of first-order physics to fee threat dehvery mechanism.
  • fee weighted graph algorithm determines fee types of tenain feat the dehvery mechanism can cross, and fee areas that the mechanism can fit through.
  • fee local influence network 500 makes use of physics to determine the denial capabihties of fee countermeasure(s) against fee threat.
  • fee Dynamics module 240 calculates fee speed and timing of fee threat along fee path, for use in later playback.
  • Step 5-37 of constructing vectors consists of refining fee many paths feat are produced. Invariably, similar and redundant vectors are generated, differing only shghtly from ofeer vectors and not providing useful data to fee process. Using pattern-matching algorithms, feese extraneous vectors are removed in order to simplify fee final representations. Finally, in step 6-37, fee accessibility value of fee threat to fee target is calculated for each vector. Once all of fee interesting vectors have been constructed, fee accessibility of fee site is computed based on the accessibility values of all vectors. This value is used directly by fee influence network 500 to determine relative risk. Dynamics module 240
  • the Dynamics module 240 is responsible for calculating and updating fee state of fee physical objects during fee simulation of the threat ingress, given realistic physical properties of fee environment and objects acting in fee environment.
  • the Dynamics module 240 is the set of code feat modifies and stores the state vectors of all objects.
  • a state vector is a set of physical characteristics and measurements feat describe completely fee current configuration ofa given object
  • fee state vector used in the VAT 200 includes position in three-space, a rotation quaternion to describe the rotation of fee object, fee linear momentum, and fee angular momentum. This state vector is then updated every computation cycle of the Dynamics module 240 as external forces interact with fee object and impose a change on the state vector configuration.
  • the Dynamics module 240 has three main sections. The first represents fee object itself. The others act on feat object and are labeled as fee Force Accumulator and fee Equation Solver. For each cycle of fee computation fee object sends a message to fee Force Acciimulator module to sum up all forces acting upon the object.
  • the Force Accumulator has knowledge on how to calculate fee various forces in accordance wife fee Lagrangian dynamics equations (dynamics equations based on energy conservation). For example, fee Accumulator will access other objects if there is a collision force, or access only fee gravitational constant if it is fee gravitational force desired. The total force vector is feen passed back to fee object.
  • Figure 38 shows a complete module diagram and data flow outline.
  • the Solver uses an implicit method of solving fee ordinary differential equation and utilizes dynamic time steps to minimize e ⁇ ors that occur in stiff Ordinary Differential Equations (ODE) (feose that can "blow up" during standard explicit computational methods wife too large a time-step).
  • ODE Ordinary Differential Equations
  • the Dynamics module 240 is able to simulate any simple physical phenomena, such as object-object collisions, gravitational acceleration of an object, friction and resistance effects, and deformation events.
  • the physical object as stored in fee Dynamics module 240 has a volume (spatial extent), mass, and a state vector as described above.
  • VAT 200 Database .
  • the VAT 200 In order to store fee many sources of data used throughout the system, the VAT 200 employs a relational database. With a relational database, the VAT 200 is capable of saving data from previous sessions for the user to access later.
  • fee database provides a framework for sharing data between modules in fee system, and between users at different locations.
  • Figure 4 summarizes fee many different types of data stored in fee VAT Database 220.
  • the VAT Database 220 operation must be totally transparent to fee typical user. This is because fee architectural requirements will not support fee traditional model where a database administrator manages fee database independent of fee application.
  • the VAT 200 system is unique in fee sense feat it must operate in bofe standalone and traditional multi-tier modes. Therefore, fee VAT Database 220 is designed in such a way as to provide data storage capabihties feat are transparent to fee user and require zero maintenance.
  • VAT 200 architecture is predominantly object-oriented in nature.
  • a relational database is not object-oriented, but is organized by tables.
  • the code is commonly referred to as a 'mapping' code because it is used to map fee application objects to relational entities in fee database.
  • fee effort to develop fee mapping code can be substantial.
  • the goal of fee VAT 200 is to minimize fee mapping code effort, while maintaining complete functionahty wife vendor independence.
  • Figure 39 depicts fee object-to-entity relationship.
  • the VAT 200 apphcation incorporates a database broker to perform fee necessary object-to- relational mapping functions.
  • the broker is a distinct module in fee VAT 200 apphcation performing mapping functions, therefore encapsulating database access code.
  • This approach provides a transparent conversion of fee relational model into fee VAT 200's object model. Modifications to fee relational model only require modification to fee broker.
  • the database broker handles all data storage and retrieval functions for the VAT 200 apphcation, therefore housing fee necessary database communication code. Regardless of the selected database, fee interface between fee VAT 200 application and broker remains constant.
  • the relational data model is implemented by defining relational entities for fee VAT 200 object classes as shown in Figure 40. Each entity is designed to support fee object model as efficiently as possible. The methods and aggregation features of fee object model become incorporated into fee database broker.
  • the relational data model begins as a logical model defining fee necessary entities and appropriate relationships between.
  • the VAT 200 contains fee capability to render a site layout in a three-dimensional manner. This includes two modes of operation. The first is a 3D view feat allows fee user to construct a site or add objects to a site (3D Builder 260). The second allows fee user to view a simulation ran in a 3D environment (3D Viewer 280).
  • the Builder 260 and Viewer 280 are two modes of operation built on top of the 3D Run-time environment 270, which is based on the OpenGL graphics library. Both use fee same underlying rendering techniques, while presenting to fee user different functionahty. This allows fee code base to be shared between fee Builder 260 and fee Viewer 280, resulting in a smaller memory footprint, easier transition between Builder 260 and Viewer 280 portions of fee VAT 200, and a consistent 3D interface.
  • the 3D Builder 260 allows fee user to construct his base in fee VAT 200 system for use wife the various modules to calculate vulnerability and mitigate risk.
  • the user is presented with a palette of standard 3D construction tools, camera movement options, and structure types to build.
  • the countermeasure library and structure types are feen read in from the database, and the list presented to fee user in an appropriate menu so he can select a structure to build.
  • the user feen uses the tool to build up his site on top of base image of fee layout (scanned-in map, perhaps) or use a base AutoCAD DXF file if appUcable.
  • a flow diagram of fee builder process is shown in Figure 41.
  • the Viewer 280 allows fee user to view fee site layout as constructed in fee Builder 260, feen displays fee results of fee computational cycle feat calculates risk to various assets on fee layout. This information is displayed as "threat vectors" on fee layout, or representations of paths feat a threat dehvery mechanism would take. Each of feese paths can be selected by fee user, and fee threat scenario can feen be played out, including fee consequence display at fee end based upon data received from fee external blast or CB models.
  • a flow diagram of fee Viewer 280 process is shown in Figure 42.
  • the 3D Viewer 280 and 3D Builder 260 bofe sit on top of fee base 3D Run-time engine as outlined in the previous section. Each interacts wife different sub-modules of fee Run-time to alter fee user interaction, rendering mode, and display options.
  • the Viewer 280 while interacting wife fee Computational Engine 230 and Dynamics module 240, communicates wife fee non-physical data structures to populate fee threat vector display list It also interacts wife fee camera model to change fee view upon user request, as well as makes calls to fee rendering engine itself to change display modes (switch to wire-frame mode, map textures differently, et cetera).
  • the Builder 260 on fee ofeer hand, needs to access fee structure of static data to populate fee terrain and structure information (static polygons), while also communicating wife fee rendering engine and fee camera model.
  • the Builder 260 upon initial startup, takes input from a 2D image or a 2D AutoCAD file (DXF). This is then used as fee base of fee modeling session, which allows fee user to build on top of fee actual site layout in order to bring it into fee third dimension.
  • the DXF file is parsed and translated into an internal format, and all 3D information generated by fee Builder 260 is kept in an internal format for maximum efficiency.
  • the model is feen saved out into a common 3D file format that can be stored into fee data store (object persistence mechanism), and pulled up later in fee Viewer 280. All asset characteristic info ⁇ nation is imbedded into fee 3D-file format so feat all info ⁇ nation is in one location.
  • 3D Run-time Environment 3D Run-time Environment
  • Bofe fee 3D Viewer 280 and fee 3D Builder 260 are based upon fee same 3D Run-time Environment 270 (also referred to herein as fee 3D simulation/gaming environment) that handles the rendering of fee scene.
  • the 3D engine stores texture information, polygonal models, and lighting information needed to render fee scene quickly and reaUstically.
  • a detailed look at fee sub-modules of the 3D-Run-time Environment 270 is found in Figure 43.
  • the 3D Engine takes input from fee database to retrieve fee site layout as built by fee Builder, or from the cunent polygon structure feat fee user has constructed in fee case of fee Builder.
  • the texture images are stored and linked from individual polygons, and fee geometry of fee layout and buildings are stored separately from fee geometry of fee mobile objects such as trucks.
  • the polygons for static data such as fee terrain and buildings are stored in a manner feat is geared toward quick rendering, while fee objects feat move do not necessarily remain in fee same physical area during fee simulation, and so cannot take advantage of fee spatially-ordered data structure.
  • a Binary Space Partitioning (BSP) tree is feen used to store fee terrain and structure polygons to allow for fee quickest rendering ofa large scene while allowing for rapid view-frustum culling and level of detail control.
  • BSP trees allow all polygons to be stored in a tree structure that is branched based upon spatial position, so polygons close to one another in physical space are close in data space as well. These techniques are used to allow for faster rendering speeds on the limited hardware of fee PC platform.
  • the models used to draw all auxiliary vehicles and structures are kept in a model library within fee 3D-rendering module to facilitate fee addition of new models.
  • the track models for example, will not be stored integrated in wife fee site layout, but will be stored separately to allow addition or changes to fee truck model.
  • the site terrain and additional geometry are exportable to a common model interchange format (DXF) for viewing in an external model viewer independent of the VAT 200.
  • DXF common model interchange format
  • the rendering engine uses fee OpenGL graphics Apphcation Programming Interface, or API.
  • This Ubrary of graphics routines has become fee industry standard for fast real-time graphics, and is suoDOrted bv most video hardware to provide acceleration and keep most of the graphics pipeline processing tasks off of fee CPU.
  • OpenGL provides a robust set of primitive calls to render polygons wife reaUstic Ughting, shading, and texturing effects, z-buffering, and ofeer advanced graphics features.
  • the graphics Ubrary lends itself to a scene graph approach for storing polygons and transforms internally, while also allowing for a BSP tree or ofeer spatial structure to exist internally since OpenGL does not deal wife higher-level polygon sorting or organization.
  • a scene graph is a technique used to store rotations and translations in a tree structure. This structure allows changes at a higher level to affect all objects below fee node; organizing rotations and translations in an efficient manner.
  • the Report Generator module of fee VAT 200 is responsible for fee creation of electronic and printed output from fee VAT 200 system.
  • the report generator is driven based on inputs from fee user interface that indicate the report type to generate and fee desired output format
  • the report generator always operates on fee active dataset for fee VAT 200.
  • the Report Generator module is built around fee design concepts expressed in fee User Defined Report Generation Capabihty section. As described in that section, report formats form fee heart of fee report generation capabihty whose stmcture is reflected in its class hierarchy as shown in Figure 25, Report Format and Figure 44, VAT Report Generator module. In addition to fee Report Format, Section, Paragraph and Clause object classes discussed in the User Defined Report Generation Capabihty section; fee Report Generator module adds a class for fee report feat forms fee public interface for creating reports in multiple formats, a report generator class that forms the public interface for fee subsystem, and several subclasses which implement fee specific behaviors for paragraph types, clause types, and output formats.
  • the report generator object defines fee public interface for the Report Generator module. It is the only object in this subsystem feat persists throughout a VAT 200 execution. Ofeer objects in fee subsystem are instantiated and destroyed as necessary when generating reports or creating user- defined report formats.
  • the report object is an abstract object feat is never instantiated. Instead, it defines fee public interface to several subclasses feat deal wife fee specifics of particular output formats. This indirect approach aUows the VAT 200 to be more easily expanded in fee future to include support for additional output file format types. Initially, the VAT 200 will be capable of creating documents in RTF, and Microsoft Word 97 TM formats.
  • fee GUI 202 When fee user requests to generate a report, fee GUI 202 sends fee report format, fee desired output type, and optionally, an output file name. Report generation occurs in two stages: quahfication and creation. During fee qualification stage fee report generation subsystem performs a walkthrough of fee report format and verifies feat each Section, paragraph, and clause has enough info ⁇ nation to create its output If qualification succeeds, feen fee subsystem actually creates fee report.
  • the VAT Plug-in Interface 250 exposes portions of VAT 200 functionaUty to allow end users to enhance fee capabihties of fee VAT 200 beyond feose that are delivered with fee VAT 200.
  • the VAT Plug-in Interface 250 subsystem exposes four interfaces which collectively allow the user to enhance VAT 200 behavior in three areas: adding additional analytic models, adding additional textual interpreters, and adding additional data input and output converters.
  • plug- ins are self-registering Microsoft COM objects that implement fee VAT Plug-in Interface and at least one of fee other VAT Plug-in Interfaces 250.
  • the static structure of fee VAT Plug-in interface 250 subsystem is shown in The Plug-In Interface Class Structure as shown in Figure 45.
  • the plug-in interface is structured to support fee four exposed interfaces; each external interface is represented internally by a class that provides fee methods to interact across fee interface.
  • a higher level class plug- in interface implements control for the plug-in interface and provides fee public interface for fee VAT Plug-in Interface module 250.
  • VAT 200 initializes fee VAT Plug-in Interface module 250, which feen proceeds to register all plug-ins feat are located in fee VAT 200 system plug-ins directory and feose in fee user plug-ins directory. Each registered plug-in is feen started by fee VAT 200 to allow it to perform any resource allocation and startup processing feat may be required. After VAT 200 processing has completed, this process is reversed. Each plug-in is shutdown to allow it to free any resources it may have acquired during fee VAT 200 execution, and fee VAT plug-in interface 250 is shutdown.
  • Run-time processing varies depending on fee type of plug-in. As shown in Figure 46, while fee VAT 200 is running fee plug-in is dormant. When fee user requests an analytic model execution, however, the plug-in proceeds through three states. The pre-execute state allows a plug-in module to perform any data gather/reformatting required for an impending model execution. After completing pre-execution processing, fee VAT 200 proceeds through the execute state wherein fee VAT 200 would actually execute fee external model, and fee post execute state where fee VAT 200 allows fee analytic module plug-in to perform any post processing and data collection.
  • TIMS TIMS
  • the TIMS 130 is composed of seven screens:
  • the login screen allows fee user entry into fee system based on a login ID and a password.
  • a splash screen welcomes fee user to fee system and offers a list of possible menu selections.
  • the browse screen 4700 is shown in Figure 12.
  • the browse screen 4700 gives fee user fee abiUty to sort the site entries based on several different methods.
  • the user can also search fee sites for particular info ⁇ nation using fee search screen.
  • fee summary screen outlines all of fee info ⁇ nation available from that site.
  • fee compare screen the user can perform side-by-side comparisons of different report entries, either from fee same site or from different sites. At any time, fee user can capture comments or memos for later use wife fee notes screen.
  • the TTMS 130 provides fee user fee capabihty to view individual VAT 200 sessions from multiple sites.
  • the TIMS 130 also allows fee user to sort, search and browse fee data from fee individual VAT 200 sessions by categories such as threat type, risk, score and ofeers.
  • Figure 12 is an overview of user interaction wife fee TTMS 130.
  • Results from local VAT 200 sessions are transfened to fee TIMS 130, in fee form of fee VAT Database 220, and stored in a database along wife sessions from ofeer sites.
  • the TTMS 130 user can feen analyze these various sessions using several browse and search techniques. Each session is viewable by selecting fee Summary option, which displays a brief overview of fee session's report and the information collected during the session presented in the form of charts and tables. At any point, fee user can access a notes screen to capture comments for later review.
  • the TTMS 130 database architecture is similar to the local VAT 200 wife minor enhancements in order to support fee TTMS 130 operational requirements.
  • the TIMS 130 is implemented on a high performance database server supporting multiple cUents.
  • the TIMS 130 database is designed to support fee storage and access of multiple VAT 200 sessions from multiple sites. Each session is individually identified within fee database supporting fee TIMS 130 operational requirements.
  • the Database Management System (DBMS) handles data concu ⁇ ency, integrity and user aufeentication of fee TTMS 130 sessions.
  • fee user can perform many tasks to understand fee info ⁇ nation collected from fee local sites, including:
  • Browsing data The user can scroll through all of fee info ⁇ nation sessions collected from fee local sites
  • Searching The user can search for particular sets of data based on specific information, such as a site or a date
  • Ranking and sorting The user can sort fee data and assign rankings based on categories such as threat type, risk score, remediation cost, target types, and vulnerabihties.
  • Comparison - The user can compare report sessions between fee Professional Assessor and Planner, across different dates, and through ofeer means.
  • the TTMS 130 server handles fee reception and storage of fee local VAT 200 sessions, capturing each separate VAT Database 220 into one comprehensive data store.
  • the user feen accesses fee collection of VAT 200 data by pointing feeir Web browser to fee TIMS 130 server.
  • the server also handles login and password aufeentication before allowing VAT 200 data to be viewed.
  • the AVAT 100 Suite includes an editor feat is capable of modifying fee VAT 200 user interface, database, and reports formats.
  • the editor is a standalone apphcation feat interfaces wife fee VAT Database 220 in order to make all of fee available modifications. This is possible because the user interface definitions and report formats for fee VAT 200 are all stored in fee database instead of being compiled into fee VAT 200 executable.
  • the VAT Editor 150 is capable of creating and editing fee user interface screens and can define screens feat are tailored to different types of users. It can edit fee database to add object instances into the data model and modify fee influence network 500. Finally, fee VAT Editor 150 can create, edit, and delete report formats to create new and customized reports to meet future needs.
  • the VAT Editor 150 will allow fee user to bofe view and change many aspects of fee VAT 200 apphcation. It is designed to allow a knowledgeable user to customize and extend fee VAT 200 to address future user needs.
  • the tool will have a mode for viewing and modifying fee VAT 200 user interface, database, and output report formats. Each mode displays an overall picture of fee item being edited and provides a toolbar on fee left to issue edit commands. A mockup of fee interface is shown in Figure 11.
  • the User Interface Editing mode presents fee user wife a representation of fee current screen flow in fee system. It feen allows fee user to modify fee flow of fee screens, fee content of fee screens, and fee look and feel of fee apphcation. Because fee flow and contents of the screens are highly dependent on fee contents and structure of fee database, fee Database 220 mode is always available to fee user for reference.
  • the Database Editing mode provides fee user wife fee abiUty to view and move around fee database and its contents. It is capable of showing bofe fee data model and fee influence network 500. From there fee user can select a class or node to view and/or modify.
  • the Report Format Editing mode aUows fee user to view fee format of fee reports in fee VAT 200. They can feen create new reports from scratch, create new reports from existing report formats, and edit existing report formats.
  • the VAT Editor 150 will display fee sections, paragraphs, and clauses that comprise fee report format. The user can feen select items to edit and/or insert new items from a list
  • the screen Usting the feree editing modes is shown in Figure 49.
  • Each GUI 202 definition is also associated wife a specific user type feat will use it. The user
  • the GUI 202 definitions completely describe fee dynamic content for fee given object.
  • VAT Editor 150 fee user is able to specify.
  • ⁇ Data input and output fields including:
  • ⁇ Buttons including:
  • VAT Editor 150 can also specify fee look and feel of fee apphcation. This appUes to bofe fee dynamic content and fee static content. For fee dynamic content fee user can specify:
  • GUI 202 component What type of GUI 202 component is used for each type of data.
  • Boolean values are displayed using check boxes or a hst box wife true and false choices.
  • the database-editing mode will allow fee user to update and modify fee database 220 to:
  • the VAT Editor 150 is not able to edit or add classes in the Data Model 2600 in prefened embodiments. Output Report Format Editing
  • fee VAT Editor 150 When editing output reports using fee VAT Editor 150 fee user is able to create, modify, and delete report formats in fee system. This allows feem to customize exiting report formats or create completely news ones as feey see fit Report formats in fee VAT 200 consist of sections, which can consist of paragraphs that can consist of clauses. The user is able to add, remove, or modify any part ofa report. To create even more customized reports, fee VAT Editor 150 allows fee user to create, modify, and delete fee available sections, paragraphs, and clauses in fee system. The user can edit bofe the content and fee formatting of fee items in fee report. The paragraphs and clauses are where all fee report content is created. Sections, which can contain only paragraphs, are used to conveniently group paragraphs together for later reuse.
  • Figure 52 iUustrates fee various components of fee Editor 150.
  • the VAT Editor 150 reuses packages of fee VAT 200.
  • Figure 53 illustrates fee various subsystems of fee VAT Editor 150.
  • risk probability * vulnerabiUty.
  • Vulnerability is based on bofe susceptability and consequence.
  • the structure of fee influence network lends itself to modification for any of fee above-referenced risk situations.
  • fee invention calculates susceptibihty based in part upon fee 3D simulation/gaming environment (referred to above as accessabihty calculations) and in part upon consequence calculations performed by existing external programs via fee plug-in interfaces. Modification of this embodiment for an apphcation such as home security is straightforward.
  • fee consequence calculations instead of being performed wife blast and CBR models, can be simpUfied to calculate property loss and damage as a result ofa burglary.
  • the 3D simulation/ gaming environment can be modified to calculate vectors representing probable burglar entry routes rafeer than weapons dehvery routes.
  • fee invention may be modified for risk management of information theft by replacing fee 3D simulation/gaming environment wife a network security model.
  • fee 3D simulation/gaming environment (which calculates accessibiUty) can be replaced wife a model that calculates fee proximity of fee spacecraft to space debris, and fee blast/CBR calculators can be replaced with similar programs that model damage to fee spacecraft resulting from collisions wife space debris. While the invention has been described in detail in connection wife fee prefened embodiments known at fee time, it should be readily understood feat the invention is not limited to such disclosed embodiments. Rather, the invention can be modified to incorporate any number of variations, alterations, substitutions or equivalent arrangements not heretofore described, but which are commensurate wife fee spirit and scope of fee invention.

Abstract

An integrated risk management tool (200) includes a persistent object database (220) to store information about actors, physical surroundings, historical events, and other information. A decision support system (230) uses data objects from the database and advanced decision theory techniques such as Bayesian networks to infer the relative risk of an undesirable event. As part of the relative risk calculation, the tool uses a simulation and gaming environment (270) in which artificially intelligent actors interact with the environment to determine susceptibility to the undesired event.

Description

TITLE OF THE INVENTION
METHOD AND APPARATUS FOR RISK MANAGEMENT
BACKGROUND OF THE INVENTION" Field of the Invention
The invention is related to the management of risk in general and more particularly to an apparatus and method of managing risks associated with terrorism. Related Art
Risk can be defined as probability * vulnerability. Probability is the probability that an undesirable event will occur. Vulnerability is susceptibility to the event multiplied by the consequences associated with that event. Managing risk involves the process of determining the risk and taking steps to decrease the risk by decreasing the probability or vulnerability, or both. Managing risk is an important task faced by people in many different situations. Insurance companies and financial planners manage risk to capital when deciding when to insure and what stocks on bonds to include in a portfolio. Homeowners manage risk when deciding whether to purchase a burglar alarm system. One particularly important form of risk management is terrorism prevention.
Terrorism is a world-wide problem. Unfortunately, many in the United States associate terrorism with certain Arabian and/or Islamic nations and view the threat, of terrorism from this limited framework. However, as recent events such as the Oklahoma City bombing have demonstrated, terrorism is not limited to any particular nation, religion, political system, or ideology. Today, the problem has become far more complex and is rapidly changing. One problem faced by those with responsibility for assessing the threat of terrorism and its prevention is the lack of suitable tools to help them perform their tasks. Known tools generally fall into one of two categories: a) terrorist attack damage assessors; and b) terrorist attack likelihood predictors (i.e., probability calculators). The first type of tool, terrorist attack damage assessors (i.e., consequence calculators), are generally computer based. These tools attempt to answer the questions like "What will happen if a car carrying a 500 pound bomb explodes at the front door of my building?" (Blast model tools) and "What will happen if a 50 gallon drum of nerve gas is opened in the parking garage?" ("CBR" - chemical, biological and radiological - tools). The tools, which typically employ complex computer modeling algorithms such as those found in CAD/CAM programs, have three important drawbacks. First, they require detailed information (which can be difficult, time consuming and expensive to obtain) to construct the model and are often not flexible enough to handle situations in which the detailed data is not available. It is likely that data required to use these tools on the Murrah building in Oklahoma City would still not be collected at this point due to the time and costs associated with collecting such data. Second, these tools require expertise on the part of the user. Third, and perhaps most importantly, programs such as these provide no guidance as to the likelihood that the attack will succeed (the accessability), the likely location of an attack (e.g., the front or rear of the building, which building, etc., the type of weapon (explosive, chemical, biological or radiological) likely to be used, and how to prevent or at least minimize the occurrence of the attack in the first place.
The second type of tool, terrorist attack likelihood predictors, are typified by paper and pencil questionnaires provided by government agencies to remote locations. These tools attempt to answer the question "How likely am I to be attacked by terrorists?" The form of the tool is generally a series of questions such as "Do you have any nuclear material at your facility?", "Are you located in an urban, suburban or rural area? And "Are you a military or civilian installation?" These questionnaires award a certain number of points based on each answer and base the likelihood of terrorist attack on the total number of points. These tools also suffer from several serious drawbacks. While they may tell you that an attack is likely, they provide no guidance as to the nature of the attack and how to prevent it, provide no indication as to whether the attack will be successful, and provide no indication of the consequence of a successful attack.
Another problem faced by those charged with preventing terrorism is the lack of flexibility in adapting anti-terrorism plans. It has become the practice of many institutions to formulate an anti-terrorism plan that defines a number of threat levels. These plans are typically prepared by outside agencies or consulting firms based on individual knowledge and experience. Updating the plans based on changed circumstances requires the individual security specialists to be recalled, which is expensive and time consuming. Furthermore, the plans may not be appropriate for changing circumstances. By way of example, there may be great differences between a plan for high threat of terrorist activity on a military installation that was designed to protect mission-critical assets such as a weapons system and a plan for a high threat of terrorist activity on that same military installation when the high-threat condition is caused by a visit from a head of state or because of threatened attacks on troops rather than the weapons system. Furthermore, the source of the threat may also change its nature. A plan devised to stop a suicide car bomb attack favored by one known terrorist group may not be effective for a chemical attack favored by another terrorist group.
Changes to the plan may also become necessary because the site has expanded, or because of changes to the physical surroundings (e.g., new developments have been built in close proximity to a site previously surrounded by woods). Plan changes are also necessitated by the frequent changes to AT/FP doctrine, enunciated in sources such as DoD 2000.16, the Joint Service Integrated Vulnerability Assessment (JSIVA) Team standard operating procedures, and the J34 Installation AT/FP Planning Template, due to the evolving nature of the threat and lessons learned from previous attacks.
SUMMARY OF THE INVENTION
The aforementioned deficiencies have been overcome to a great extent by the present invention which provides an integrated risk management tool. The integrated risk management tool uses a persistent object database to store information about actors (individuals and/or groups), physical surroundings, historical events and other information. The risk management tool also includes a decision support system that uses data objects from the database and advanced decision theory techniques, such as Bayesian Networks, to infer the relative risk of an undesirable event. As part of the relative risk calculation, the tool uses a simulation and gaming environment in which artificially intelligent actors interact with the environment to determine susceptibility to the undesired event. Finally, the tool includes an open "plug-in" architecture that allows the tool to interface with existing consequence calculators. The tool also provides facilities for presenting data in a user-friendly manner as well as report generation facilities.
In preferred embodiments, the invention takes the form of a software program that may be run on a personal computer or workstation that allows users to evaluate the risk of a terrorist attack at their site, determine their vulnerability to a terrorist attack, assess the damage caused by a successful terrorist attack, and select countermeasures to prevent terrorist attacks. The program provides the user with importing, drawing and modeling tools to allow the user to quickly and easily build a model of the site of interest in both 2 and 3 dimensions. Once the site model is established, simulation is performed to generate information about threat scenarios. The simulation can be viewed by the user from whatever eye-point the user chooses. In the simulation, the user selects a weapons system and location for a terrorist attack, such as a car bomb at the rear of the building. The simulation constructs and analyzes possible routes that the terrorist may take to reach the location, taking into consideration the site model and all site-specific information such as the existence of roads, car barriers, guard stations, hills, etc. The simulation then selects the most probable route and calculates the likelihood of success, or accessability. The program will allow the user to modify the site model to add physical countermeasures (including hardening the target, denying access to the target, etc.) and re-run the simulation to determine the effectiveness of the countermeasures.
The system also provides an artificial intelligence risk assessment tool to help users manage risk. After the simulations have been run, the risk assessment tool determines relative risk based on the probability of an attack and the vulnerability of a site to an attack. Vulnerability is partially based on susceptibility, which in turn is partially based on the accessability as determined by the simulation described above; and partially based on a consequence calculation. The use in highly preferred embodiments of physical modeling and physics - based accessability calculations from the 3D simulation/gaming environment in the calculation of relative risk is seen as a particularly advantageous embodiment of the invention. In highly preferred embodiments, the risk assessment tool is implemented using a Bayesian influence network. The network is based upon input from experts in the anti- terrorism field.
The program can also provide damage assessments to the user under the user's control - in other words, the consequence calculation portion of the problem can be used independently of the risk management process as a whole. Provided with the program are two built-in analysis tools: 1) a first order blast-assessment tool; and 2) a first order downwind CBR hazard prediction tool. However, the program is built on a plug-in model. That is, the program is designed to interface with industry standard programs so that the standard programs will accept input from the invention and return the desired information (e.g., blast effects). In this manner, the program incorporates improvements to these programs as they occur without the need to update the program code. The user is allowed to specify a weapon system and delivery point, in response to which the system performs the damage calculations.
Preferred embodiments of the invention allow users to produce, view and print industry-standard reports as well as custom reports. Planners can develop AT/FP site plans in a standard J34 Installation AT/FP Planning Template format. Assessors can log observations and produce out-briefs and reports in JSIVA formats. Highly, preferred embodiments of the invention produce custom reports in JSIVA formats. More highly, preferred embodiments of the invention produce custom reports with detailed data on risk and other items.
Preferred embodiments of the invention provide a theater-level information management system (TIMS 130) that allows senior commanders to view information pertaining to multiple sites under their command. Access to the data is provided through a web-accessible browser interface. Preferred embodiments of the present invention also include an editing tool that allows modification of the database, the GUI 202, and the output of the system.
BRIEF DESCRIPTION OF THE DRAWINGS
The foregoing and other features and advantages of the invention will be more readily understood with reference to the following drawings in which: Figure 1 is a schematic diagram of an automated vulnerability assessment tool comprising the VAT, the VAT Editor, and the TIMS, according to one embodiment of the present invention.
Figure 2 is a block diagram of the architecture of the VAT of Figure 1.
Figure 3 is a view of a screen from a graphical user interface of the VAT according to a preferred embodiment of the invention.
Figure 4 is a symbolic diagram showing contents of the VAT database.
Figure 5 is a diagram of a risk influence network according to a preferred embodiment of the invention.
Figure 6 is a symbolic diagram showing inputs to the VAT database.
Figure 7 is an exemplary illustration of a 3D builder screen.
Figure 8 is a view of screens generated by the GUI.
Figure 9 is a symbolic view of the plug-in architecture.
Figure 10 is a symbolic view of the report generation process.
Figure 11 is a schematic view of the interaction of the VAT Editor with other system components.
Figure 12 is a block diagram showing connection of the TIMS to remote i computers/terminals.
Figure 13 is a user/AVAT interconnection diagram. Figure 14 is a review of a Planner Interface screen format. Figure 15 is a review of the Risk Assessment Screen. Figure 16 is a review of the Risk Summary Table Screen. Figure 17 is a review of the "Probability of Attack" Screen. Figure 18 is a review of the Risk Detail Screen. Figure 19 is a view of the 3D Viewer Screen.
Figures 20 a-d are screen views illustrating the construction of a 3D object.
Figure 21 is a block diagram of the Approach Vector Process.
Figure 22 is a flow diagram of the Risk Management Process.
Figure 23 is a data flow diagram of Blast and Fragment plug-in data flows.
Figure 24 is a data flow diagram of Chemical/Biological/Radiological plug-in data flows.
Figure 25 is a schematic diagram of a user created report format.
Figure 26 is a block diagram of the VAT Data Model.
Figure 27 is a block diagram of the Meta Data Model.
Figure 28 is a symbolic diagram of Meta Data Model.
Figure 29 is a block diagram of the VAT showing dependency relationships.
Figure 30 is an object association diagram of the database.
Figure 31 is a table of exemplary screen definitions.
Figure 32 is a process diagram of the navigational override process.
Figure 33 is a block diagram of the risk management process.
Figure 34 is a block diagram showing risk steps and influence network interaction.
Figures 35a and 35b are susceptibility determination and risk mitigation process diagrams, respectively.
Figure 36 is a diagram showing the relationship between the Influence Network, the graphical user interface, and calculations made against the model.
Figure 37 is a flowchart showing calculation of approach vectors.
Figure 38 is a block diagram of the Dynamics Module.
Figure 39 is an object model to relational model conversion map. Figure 40 is a class diagram of the Relational Data Model.
Figure 41 is a flowchart of the 3D Builder Process.
Figure 42 is a flowchart of the 3D Viewer Process.
Figure 43 is a block diagram of the 3D Run-time Environment.
Figure 44 is a block diagram of the VAT Report Generator Subsystem.
Figure 45 is a schematic diagram of the VAT Plug-in Interface Class Structure.
Figure 46 is a VAT plug-in state diagram.
Figure 47 is a review of the TIMS Browser screen.
Figure 48 is a TIMS Client-Server network diagram.
Figure 49 is a view of the VAT Editor Modes screens.
Figure 50 is a view of a user interface screen.
Figure 51 is a node - GUI relational diagram.
Figure 52 is a package diagram of the VAT Editor.
Figure 53 is a block diagram of the VAT Editor.
DETAILED DESCRIPTION
The present invention will be discussed with reference to preferred embodiments of risk management programs. Specific details, such as graphical user interfaces, report formats, etc., are set forth in order to provide a thorough understanding of the present invention. The preferred embodiments discussed herein should not be understood to limit the invention.
Although the invention has many uses, it finds particular utility in the terrorism risk management arena. Thus, the invention will be discussed in connection with terrorism risk management embodiments. However, as will be discussed further below, the invention is useful in many fields and is not limited to terrorism risk management embodiments. Referring now to Figure 1, an automated vulnerability assessment tool (AVAT) 100 includes a vulnerability assessment tool (VAT) 200, a theater information management system (TIMS) 130, and a NAT Editor 150. In preferred embodiments, the tool may be run on a personal computer or workstation. Each of these component parts of the AVAT 100 will be discussed in further detail below. The Vulnerability Assessment Tool
The VAT 200 presents a single interface to the user that accesses a powerful underlying architecture. This architecture, shown in Figure 2, is a complex integration of modules that are collectively employed to meet the needs of the VAT 200 users. Figure 2 shows the modules that comprise the VAT 200, the VAT's 200 external interfaces, and the relationships among the components. This complex architecture is better understood by a description of how the system is used.
Users must first interface with the system through a consistent and effective user interface. The users are not expert computer operators or technical experts, so the mode of communication must be straightforward and easily understood by the layman. The GUI 202 provides a web-like interface to the system with easy navigation references, screens that are simple and logically organized, and based on a dialog with the user rather than a form-based input. The VAT 200 User Interface exemplary screen 300 depicted in Figure 3 illustrates what the user interface looks like as the user enters information. This screen 300 allows direct access at all times to the tools associated with the VAT 200 and provides a structured or non-linear progression through the data entry interview, depending on user choice.
The GUI Engine 210, shown in Figure 2, (the term engine in a software context relates to a program that provides a specific capability, but is easily modifiable to support various implementations. A "GUI Engine" is simply a program to interact with the user graphically, without requiring scripted user interface screens. A Web browser is a good example of a GUI Engine 210 - the browser displays any Hypertext Markup Language (HTML) document and its links without them being programmed in the browser) allows user interface content to be different for each user while the structure of the interface 202 remains the same. This allows the VAT 200 to communicate differently with Planners and Professional Assessors, or even among the Services. For example, the Planner interface 204 contains instruction, examples, and a more verbose dialog to elicit the same information that the Professional Assessor may be able to enter through a simple form provided by the Professional Assessor interface 206. This allows the user interface 202 to be individualized, ensuring that the data is entered and displayed correctly for all users, but efficiently and quickly for expert users.
The GUI Engine 210 receives all of the screens, questions, and display data through the Database module 220. The Database module 220 is a relational database that contains all of the data used by the VAT 200, whether entered by the user, or calculated by the VAT 200, as shown in Figure 4. Driving the GUI 202 from the Database module 220 allows the user interface 202 to be dynamic, customizable, and readily updateable without reprogramming the user interface 202.
Although the GUI's 202 first task is to elicit data from the user through the interview process, the primary objective of the GUI 202 is to interface with the underlying Computational Engine 230 module, shown in Figure 2. The Computational Engine 230 combines user-entered data, along with data stored in the Database module 220, to calculate risk and all of its underlying components. The Computational Engine 230 uses elaborate artificial intelligence and simulation algorithms to analyze and assess the specific targets, threats, vulnerabilities, and ultimately, the risks at a user's site. The foundation for the Computational Engine 230 is the Influence Network 500 shown in Figure 5. This network 500 shows all of the nodes 510, 510a that ultimately affect the risk of a given threat against a given target. The values for each of the nodes 510, 510a are combined using probability and statistics equations that account for the weighting of the various nodes and the uncertainty in their values. The network 500 also provides results without requiring all of the data to be known. Thus, if the user does not have information for the detailed leaf nodes 510a the network 500 can adapt and solve the network 500 based on higher level data.
The VAT 200 architecture allows nodes 510, 510a and sub-nodes (not shown in Figure 5) of the network 500 to be 'turned-on' as new information is available. With additional information, the confidence in the results should increase. For example, the likelihood of an attack may not change as the user adds additional information at the leaf nodes 510a, but we can be more confident in the threat likelihood if it is backed up by supporting information. This flexibility allows users to gain quick insights into their risks and improve on their risk assessment as additional information is available.
This network 500 also provides a rigorous, quantitative calculation of risks. The network 500 provides an intuitive representation of the factors that the calculation considers. It can be read as, 'Leaf node X influences branch node Y, which, in turn, influences node Z'. The network 500 is capable of handling influences that cannot be quantitatively described. Thus, if one cannot be sure how much the anniversary of the Branch Davidian incident will affect the Probabihty of Attack (via the "Triggers" Leaf Node 510a), one can still include it in the network 500 calculation by simply stating that it may increase the probability. The implementation of the network 500 in the Computational Engine 230 also allows for the network 500 to be changed or modified without re-programming. Thus, if experts or events indicate that a new factor should be considered, it can be added to the risk network 500 by creating a new node object in the Database 220.
The network 500 provides an integrated representation of the factors that impact the specific risks at a site in a manner that can be understood by subject matter experts (to validate the model) and inteipreted by the VAT 200 so that results can be displayed in a meaningful manner to VAT 200 users. The data used by the network 500, as well as the network 500 itself, can be modified and upgraded by modifying the database 220 without deriving a new equation or reprogramming the VAT 200 artificial intelligence (Al) algorithms.
Many of the inputs to the network 500 can come directly from the GUI 202. Other inputs are derived from databases or are provided from intermediate Al, simulation, or model calculations. Threat vectors, blast consequences and accessibility of a target are all examples of nodes that require additional complex calculations to be conducted. The Computational Engine 230 manages all of these calculations. When the calculation involves the physics- based interaction of objects (i.e., like driving a truck), the Dynamics module 240 (shown in Figure 2) is used to calculate the forces, speed, acceleration, and other relevant physical parameters. When the calculation requires detailed modeling of weapons effects the Computational Engine 230 accesses external models through the Plug-in Interface 250 and uses the results of the model in the consequence nodes of the network 500. Each network node is stored in the Database module 220.
Much of the data required by the Computational Engine 230 is spatial in nature. In order to analyze specific terrorist threats, the Computational Engine 230 relies on a 3D representation of the user's site. This site is developed using the 3D Builder module 260. Like the GUI Engine 210, the 3D Builder module 260 is driven by the Database module 220 and all of the information entered into the 3D Builder 260 is stored in the Database module 220. Thus, all of the interfaces in the software are tightly integrated with a single database, as shown in Figure 6.
The 3D Builder 260, a screen shot 700 of which is shown in Figure 7, provides an interface for the user to build a 3D representation of his site. The 3D Builder 260 imports files from computer aided design (CAD) programs or images and uses them as the outline for the site layout. The user can then 'build' virtual representations of the buildings, roads, and perimeters of the site and identify population centers, VTPs, and countermeasures. This virtual representation of the site is stored in the Database module 220 and is used by the Computational Engine 230 to compute threat vectors and the accessibility of assets and by the Analytic Models to calculate weapon effects against targets.
The GUI 202 must also display complex risk, spatial, temporal, cost, and probabilistic data to the user in a useful and effective manner. Because the terrorist threat is often so vague and multi-dimensional, the information display must present simplified representations of the information and allow the user to interact with the information to see how the data is inter-related — what kinds of assets are most susceptible to a certain threat, which threats bear the highest consequences, and so on. Information from the risk influence network 500 and information in the Database module 220 can be interpreted and displayed in many combinations and representations. The GUI 202 provides sortable tables, text interpretations of data, 3D animations of scenarios, and graphs like the screens 801, 802, 803 shown in Figure 8. The GUI 202 provides web-like capability to drill-down into any high level information presented by the GUI 202. For example, if the probability of attack for a given threat is described in the GUI 202 as 'high', the user will be able to click on 'high' and drill- down to the nodes that caused the value to be high (e.g., Organization X is active in your area, they have Y weapon capabilities, and Z holy day is a trigger for this threat).
Understanding risk and the inter-relationships among threat, critical assets, and vulnerabilities is essential to developing an AT/FP plan. The Computational Engine 230 interprets threat data and recommends counteπneasures to the user that should be used to reduce the threat or the consequences of an attack. These countermeasures are not limited to hardening of assets (blast walls, FRF, etc.) but include countermeasures to:
Deter the threat from acting,
Deny access to the target,
Detect the threat or event,
Mitigate the consequences of an event,
Interdict the threat, and
Respond to the event.
The Database module 220 retains the relationships among these counteπneasures and procedures and the threats that they counter to allow the user to develop a defensive posture. The 3D Builder 260 allows the user to specifically place countermeasures and optimize their placement to be most effective against the threat.
The VAT 200 allows the user to consider costs when employing counteπneasures to manage risk. The VAT 200 does not provide a detailed cost modeling or cost benefit analysis capability; however, for classes of countermeasures the user may select, the VAT Database 220 is populated with 'initial cost1 and 'recurring cost' parameters. The values for these parameters are defined as none, low, moderate, or high. The database also contains fields for the user to enter dollar costs for specific countermeasures, if desired. These costs can be printed in custom reports or viewed in risk summary tables to sort and rank risk mitigation strategies by cost.
Much of the risk data presented to the user is generated by the Computational Engine 230. However, when considering risk, one of the most important considerations is the consequence of a specific threat against a specific target. The results of a threat-target pair must be analyzed to determine the casualties and damage that would result from the event so that this data can be used in the risk network 500. Rather than developing a simple routine or a new weapons model, the VAT 200 uses existing blast and nuclear, chemical, biological, and radiological (NCBR) models to calculate the consequences used by the Computational
Engine 230. In preferred embodiments, six models will be included with the VAT 200:
■ AT Planner from U.S. Army Corps of Engineers Waterways
Experiment Station
FP Tool from Naval Surface Warfare Center, Dahlgren, Virginia Blast FX™ from TRW, Inc. Blast Card (Look-up table) from TSWG HP AC from Defense Threat Reduction Agency (DTRA) CBR Card (Look-up table) from Titan Corporation
The plug-in interface 250 provides a mechanism 900 (shown symbolically in Figure 9) to send the model data from the VAT 200 that is needed to properly execute the model. The results of the model calculations are then sent back to the VAT 200 where they are interpreted and used by the risk network 500 and presented to the user. All of this happens without the user having to launch another program, learn how to use each of the external models, or enter the same information over again in another application.
The VAT 200 architecture allows other developers to interface to the VAT 200 and provide new models and capabilities that were not initially built in to the VAT 200. This flexible architecture ensures that the VAT 200 is not limited to yesterday's state-of-the-art, but rather, that it can be upgraded through plug-ins to take advantage of evolving models and data. Much like the model plug-ins, the data used by the decision network 500, the GUI 202 screens, and the database 220 itself can be modified by the VAT 200 support organization. Thus, as doctrine or the understanding of the terrorist threat improves, the VAT 200 can be readily modified to use this new information.
The VAT Database 220 can be exported from the system. This will not only allow for back-ups of the data, but also allows the Database 220 to be exchanged among users. This will allow Professional Assessors to import an installation's existing VAT Database 220 and use that as the starting point for their assessment - thereby eliminating the need to re-enter data.
All of the data entered by the user and the information calculated by the system is stored in the Database module 220. This information is therefore available for export and dissemination to reports and other applications as shown in Figure 10. The VAT 200 will provide, at a minimum, the report formats from the JSIVA Report and the AT/FP Installation Planning Template. Information from the VAT 200 will be used to populate these reports and the user will be able to finish the reports by writing the remaining required text. This document will then be saved to the database and will be available in Microsoft Word™ format for reproduction. The VAT 200 will also provide the flexibility for users to create custom reports or to save out and print VAT 200 risk assessment reports. VAT 200 Editor
In order to make this modification possible, the AVAT 100 Suite design provides a flexible architecture of component modules and a suite of tools (referred to herein as the VAT Editor 150) that can be used to modify the system. These tools allow the VAT 200 support organization to modify the VAT 200 without having to rely on the system developer or wade through millions of lines of code. Since all of the components of the system are tightly integrated with the Database module 220, the VAT Editor 150 essentially provides a way to modify the existing database 220 to change the GUT 202, Computational Engine 230, report output, etc., a shown in Figure 11. Theater Information Management System (TIMS')
The VAT 200 information is also available to Senior Commanders via the TIMS 130 to compare among the sites within their area of responsibility (AOR). The TIMS 130 is a web-based application that allows Senior Commanders to view top-level threat, vulnerability, and risk data from multiple VAT databases 220. These databases are stored in the TIMS 130 database that can be located on any web network 1200. The Senior Commander will access this database through a web browser client on any connected computer 1210 as shown in Figure 12. Data from the TIMS 130 can be compared, sorted, searched, and graphed. The TIMS 130 will be built using industry standard web technologies so that it can be integrated with other web applications.
Through the Plug-in Interface 250, the VAT 200 can also exchange data with other applications. This will allow the VAT 200 to import and export data to the JSIVA Information System (JIS) and other similar applications. This will ensure that users who have an investment in other applications will be able to effectively migrate to the VAT 200 and that users of all of the applications will be able to exchange data. While it may not be possible or desirable to provide an exchange mechanism for all of the data among the VAT 200 and other systems, the Plug-in Interface 250 will minimize the amount of re-entry of existing data. AVAT 100 Suite Deployment
The VAT 200, TIMS 130, and the VAT Editor 150 may be deployed for, by way of non-limiting example, the identified users as shown in Figure 13. Figure 13 shows the typical configurations for each user and the interfaces among the users. User Interface Design
A prefened embodiment of a VAT 200 interface design is illustrated in Figure 3. This design provides a web-like interface. The main content 310 window displays the interview, calculated results, and the 3D scene to the user. The panel 320 to the left of the main content window 310 provides an outline view for context and to allow the user to navigate the application as he/she desires. The toolbox 330 on the far left of the screen 300 provides ready access to major components of the system including external analytic models, the simulation, and output reports.
Figure 14 and Figure 15 are examples of the types of screens that appear in the main content window. The typical Planner Interface Screen 1400, as shown in Figure 14, has large fonts, natural English, and establishes context for questions and information before they are presented.
The Risk Assessment Screen 1500, shown in Figure 15, is a notional representation of an intelligent natural language representation of risk data provided by the Computational Engine 230. This screen 1500 can be customized for each site or user, uses natural English, and interprets the risk network 500 data like an expert would. This interface allows the user to click on words like "High" to see the underlying information that influenced that determination. This screen can be printed or used in custom output reports.
The Risk Summary Table 1600, shown in Figure 16, provides a powerful mechanism for the user to interact with risk data and understand the risks to their site. Clicking on data within the table 1600 displays detailed supporting information. Selecting a row allows the user to see all of the details for that row or to view a simulation of the event represented by that row.
Clicking on one of the first three column headings from the Risk Summary Table 1600 makes that column the primary grouping function. This allows the user to see risks grouped by weapon, delivery system, and target. Clicking on any other column heading makes that column the secondary sort. Therefore, clicking on the "Targets" colxunn heading 1610 and then clicking on the "Prob of Attack" column heading 1620 would group all of the risks by target and sort them according to their probability of attack as shown in the screen 1700 in Figure 17.
The Risk Detail Screen 1800, as shown in Figure 18, is accessed by clicking on the value of any of the calculations represented in the Risk Summary Table 1600. In this example, the user clicked "High" in the "Prob of Attack" colxunn of the 500 pound car bomb against the Headquarters row. This screen shows all of the detailed information for 500 pound car bombs. The user can click on "more" for any of the statements that support the "High" assessment to see the information that they are based on. This data is derived from the Risk Influence Network 500. The Risk Detail Screen 1800 can also be accessed through the outline view.
After accessing the data in tabular form, the user can then view scenarios in a 3D simulation/gaming environment in order to gain more insight into the threat vector as played against his her site layout and counteπneasure setup.
The 3D Viewer 280 allows the user of the VAT 200 to play various threat scenarios against his her site. The site layout is read in from the database as constructed in the 3D Builder 260. The Computational Engine 230 is then invoked to calculate threat vectors, and the resulting data displayed on top of the layout in a three-dimensional view. The user is then able to select a vector based on delivery type, risk value, or other such factors, and play the threat against the site in a realistic manner so that the consequences can be viewed. After the threat vector has been played, the user can then switch to the 3D Builder 260 mode to add countermeasures, move countermeasures, or make other changes, and then run the simulations again as he/she builds up a site layout and plan. Figure 19 displays a simplified example of a 3D Viewer Screen 1900.
The 3D Builder 260 allows the user to construct his base in the VAT 200 system for use with the various modules to calculate vulnerability and mitigate risk. The user is presented with a palette of standard 3D construction tools, camera movement options, and structure types to build. The countermeasure library and structure types are read in from the database, and the list is presented to the user so he can select a structure to build, maintaining the notion of a dynamic interface to the user based upon the information in the Database module 220. The user then uses the tool to build up the site on top of a base image of the layout (scanned-in map, perhaps) or use a base AutoCAD DXF file if applicable, to add countermeasures, and to define the site perimeter.
An exemplary interface to the 3D Builder module 260 of the VAT 200 is shown in Figure 7. After all buildings and structures are placed on the map, the road network can be drawn in using line segments, and any bodies of water can be placed. If any structure requires additional information (such as number of people inside, etc.), the text area below the 3D view is used for text input that will be stored with the object. The user can then place any existing counteπneasures such as cameras, guard posts, or jersey barriers for each THREATCON level to set the site baselines. The site is then saved out into the database when all structures and countermeasures are placed.
The process of building a structure is outlined in Figure 20. From the scanned in image, or just the bare grid layout, the user selects, point by point, the outline of the base of the structure (View 1). The system then fills in the outline and creates a solid 2D polygon (View 2). The user is then able to pull up on this polygon with motion of the mouse to extrude the shape into the third dimension up to the required height (number of stories or exact height) (View 3), and the system displays a final rendered building with shading and textures applied (View 4). Building other structures follows a similar method, with differences based on scale/orientation of the object. Smaller objects, or objects that cover large areas are "painted" in using an object brush. For example, water is painted in as one would paint with a certain color in a standard 2D drawing program. Jersey barriers, for example, are placed one at a time; each "paint spot" showing up as one barrier. Once placed, it can then be moved or rotated as desired. Influence Network 500
The Influence Network 500, shown in Figure 5, provides the VAT 200 with a knowledge base from which to determine risk. The network 500 is comprised of all of the nodes 510, 510a that ultimately affect the risk of a given threat against a given target. A node is defined as a piece of data used to influence other data in the network 500. Using probabilistic inference, the nodes 510, 510a in the network 500 are combined to calculate belief. This belief is interpreted as the probability of a certain result occurring, based on all of the data available to make a determination. This determination can be made using either complete or partial data. Thus, if the user does not enter data for all of the detailed leaf nodes 510a, the network 500 can adapt to solve the problem based on the data entered.
One of the more common techniques for representing probabilistic knowledge in a network 500 involves Bayesian networks. Using Bayesian techniques, the Influence Network 500 is made up on a series of nodes 520, 510a with connections between each other. A node can have parents (nodes that cause an effect) and children (nodes that are affected), but the network 500 can not contain cycles (circular paths among nodes). Nodes without parents are considered leaf nodes 510a, and are typically where evidence is added to evaluate the network 500. Each node 510, 510a is assigned a set of possible states, along with the probability of the state occurring. These probabilities reside in a structure called the conditional probability table, and represent the influences of prior beliefs on the decision. For leaf nodes 510a, there are no parents to affect the node's state, so the conditional probability table simply contains probabilities of the node occurring. These values are set by the evidence assigned from external data.
Children nodes have effects attributed to them from their parent nodes, so their probability tables are far more complex. For each possible combination of inputs from the node's parents, the table contains a probability of occurrence for each possible output of the node. As evidence is posted to the leaf nodes, the probabilities ripple throughout the network 500 as belief propagates. Evidence can also be posted to child nodes, and belief can then propagate backwards to its parents. This powerful feature allows belief to be refined in the network 500 at any level.
Initially, the conditional probability tables of all nodes in the network 500 are initialized to a default state, which is an expected bias in the answers. As evidence is posted to the network 500, these probabilities are refined and the network 500 produces answers in which we have more confidence. In this manner, partial data can be used to refine beliefs, with the initial probabilities responsible for "filling in the gaps" of missing data. Using advanced statistical techniques, the confidence of each probability can also be computed. This confidence is extremely beneficial for justification of answers. Because of the subjective nature of various data used by the system, defense of the system's results is vital.
Although the probabilistic inference of the network 500 requires complex mathematical operations, the structure of the network 500 is simple to represent. This presents flexibihty in the VAT 200 design, allowing the network 500 to be configurable from the object database 220. With this technique, each node 510, 510a of the network 500 is aware of its parents, children, and where it receives its data. Using these "smart" nodes, the network 500 structure can be stored in the database 220^and manipulated externally by the VAT Editor 150. By presenting the node structure to the user in an understandable manner, the user can modify the behavior of the Influence Network 500. This is extremely beneficial to the VAT 200, as data refinement is vital to the survivability of the tool. As data becomes available, decisions made by the network 500 can be modified to produce answers that are more accurate. In addition, if it becomes apparent that more data is necessary to produce an answer, nodes can be added to the network 500 to refine beliefs. These nodes can only derive their data from the GUI 202, but by adding the node to the network 500 and modifying the tables of all nodes that it affects, the network 500 behavior can be altered.
Data used by the network 500 comes from several different locations. Data entered by the user directly into the GUT 202, as well as data resulting from the database and from calculations made by the Computational Engine 230, the Dynamics module 240, and external models are all used by the network 500. By providing data from various sources, the decisions made by the influence network 500 are highly robust, dependent not only upon user knowledge, but also on statistics, simulation, and physics.
Because of the strong involvement between the Computational Engine 230 and the Influence Network 500, the Computational Engine 230 is responsible for constructing and maintaining the network 500. User inputs to the GUT 202 are posted directly to the network 500, but the Computational Engine 230 coordinates any other input, resulting from calculations or external models. Vectors of Approach
The vectors of approach that are calculated by the VAT 200 determine the accessibility of a specific target to a specific threat (an actor with a weapon system). These vectors not only provide valuable data to the relative risk determination of the VAT 200, but when displayed graphically they provide a powerful tool for the user in understanding the vulnerabilities to their site. In order to compute the vectors of approach, a specific threat and target must be selected by the user. Using this data, the VAT 200 analyzes the threat and asset characteristics, the site layout, and the physical security measures to determine all possible approach vectors to the target.
The calculation of these approach vectors is a multi-step process that takes into consideration the terrain, the layout of the site, physical capabilities of the threat delivery system, and the reasoning process of the threat actor. Figure 21 outlines the complete process for creating the approach vectors. The primary algorithmic techniques employed in creating these vectors are: a weighted graph search algorithm, first-order physics, decision theory, and pattern recogmtion.
Using the layout of the site and teπain, the weighted-graph search algorithm searches for a path between two points, avoiding obstacles and impassible areas. First-order physics are applied to ensure realism in the chosen path. Decision theory is applied to determine the reactions of the threat upon encountering countermeasures. Once all of the possible paths have been computed, a pattern recognition algorithm eliminates redundant vectors. Risk Management
Risk management support is provided in the VAT 200 by allowing the user to modify the site baseline based on the determination of vulnerabilities to specific threats. Once the user builds the baseline, characterizes assets and determines specific threats, the VAT 200 walks him/her through a susceptibility determination and consequence analysis. Susceptibilities and consequences, coupled with the probability of a specific threat attack, make up the relative risk of a target against that threat. In order to perform risk management, the user must reduce the susceptibility of a target to an attack, the likely consequences of an attack, and/or the probabihty of the attack occurring. All of these can be reduced through the employment of countermeasures or asset relocation.
Figure 22 provides an overview of the risk management process. Based on the cuπent site baseline and the vulnerabilities determined by the VAT 200, the user is presented with countermeasures to employ across their installation. By targeting the placement of these countermeasures against the specific vulnerabilities, the user can reduce risk. To assist in this process, the VAT 200 analyzes the threat and suggests counteπneasures that can best reduce the components of risk associated with the threat. Comparing the effectiveness of the countermeasure against the threat accomplishes this. Coxmtermeasures that are most effective against the threat are presented to the user, along with suggestions for successful employment. These countermeasures are not limited to hardening of assets (blast walls,
Mylar on windows, etc.) but include countermeasures to:
Deter the threat from acting
Deny access to the target
Detect the threat or event
Mitigate the consequences of an event
Interdict the threat
Respond to the event
As counteπneasures are added and removed to affect the risk, the site baseline is ultimately modified. The new baseline is then used to produce updated susceptibility and consequence determinations. Other risk management options such as asset relocation will also be permitted. This cyclic process highlights the iterative nature of risk management and its application to planning.
The VAT 200 also allows the user to consider costs when managing risk. Preferred embodiments the VAT 200 do not provide a detailed cost modeling or cost benefit analysis capability; however, for classes of coxmtermeasures the user may select, the VAT Database 220 is populated with 'initial cost' and 'recurring cost' parameters. The values for these parameters are defined as none, low, moderate, or high. The database also contains fields for the user to enter dollar costs for specific countermeasures, if desired. These costs can be printed in custom reports or viewed in risk summary tables to sort and rank risk mitigation strategies by cost. Analytic Models
The VAT 200 uses analytic models to calculate the consequences of likely threat scenarios. The Influence Network 500 requires an assessment of the consequences of an event in order to calculate the overall risk. For preferred embodiments the VAT 200 potential consequences are simply damage to assets and human casualties. From these results, the risk network 500 calculates additional parameters such as the mission impact and the symbolic victory the teπorist may receive based on biasing values the user has entered for the affected assets.
The VAT 200 User Group selected the models that will be provided with the initial release of the VAT 200. The VAT Plug-in interface 250 is also capable of interfacing with other models via the Analytic Models Interface. Table A below lists the models that are supported by prefened embodiments of the VAT 200. Other models may also be supported.
TABLE A Analytic Models
Figure imgf000029_0001
A design goal is to make the interaction of the VAT 200 with external models appear transparent to the end user. To support that goal, the VAT 200 provides all of the set-up data required by the models in the coπect format and interprets the damage and casualties calculated by the model. As a result, although the data required from the user by the VAT 200 may be simple, the interaction of the VAT 200 and external models is quite complex. This complexity is due to several important issues.
■ The VAT 200 and each of the analytic models represent the same features in different ways requiring complex data transformations.
■ The analytic models have limiting assumptions that the VAT 200 must track and present to users.
■ The VAT 200 must ultimately accept data from the analytic models. The VAT 200 software has no means to validate this data.
Compounding these issues is that the VAT 200 is written to accept data from models that calculate consequences for all kinds of weapons systems. The VAT 200 includes plug-in modules that allow interfacing to six models covering blast, chemical, biological, and radiological agent scenarios. However, third party developers may produce plug-ins that interface with other kinds of models in the future. Therefore, the VAT 200 must consider other kinds of models in its use of analytic models. The sections below describe the approach that the VAT 200 takes for each of the model interfaces present in prefened embodiments of the VAT 200. Consequence Model Plug-ins
Most plug-ins available in preferred embodiments of the VAT 200 pertain to casualty estimation and damage assessment. This ensemble falls naturally into two classes: those designed for estimating the consequences of blast and fragmenting weapons, and those which calculate the consequences of chemical, biological, or radiological weapons.
The ensemble of blast and fragment consequence calculators is diverse principally in the target dimension, the weapons themselves for the purposes of VAT 200 being substantially described by their net explosive weight and the presence or absence of efficient provisions for fragments. Targets, on the other hand, and particularly buildings, vary enormously in their sizes, shapes, construction details, the care in which they were constructed, their age, and their outfitting. In addition, sunounding buildings and natural tenain features can markedly intensify or diminish blast and fragment effects on a given building and on its occupants. The presence of buildings can shield people in the open from fragments, can channel weapon fragments at some people, and can contribute building fragments (especially but not exclusively glass fragments) to the injury-inducing or lethal objects flying through the air in the wake of an explosion.
In contrast to the blast and fragment family of weapon-target encounters, the CBR family is knit together by the dependence of all of them on wind-bome travel from release point to target. In the CBR family the variety is provided by the method of dispersal, meteorological/tenain effects, and by the varying quantities/qualities of the agents themselves. Conceptual Data Flow between VAT 200 and Blast and Fragment Analytic Models
As Figure 23 illustrates, data is exchanged between Analytic Models and the VAT 200 through the Plug-in Interface module 250. Blast and fragment analytic models model one or several physical phenomena. These include air blast, fragmentation, structural response, and casualty or personnel hazard mechanics. All of the blast and fragment analytic models prefened embodiments address building damage in some fashion or another. In order to function they need three categories of inputs or assumptions. These categories are the characteristics of the weapon, the characteristics of the building being analyzed, and the geometric and geographic context for the weapon and the building.
A full real-world description of a weapon includes its net explosive weight, its shape, its containment vessel, boosters such as the presence of bottles of acetylene, and additional fragment generators that came with the weapon. Where the weapon is concealed, as in the case of explosives concealed in an automobile or in the sides and bottom of a suitcase, the distribution of the explosives can affect the shape and power of the explosion.
Buildings have a host of features relevant to the calculation of damage. The detail with which the VAT 200 user characterizes buildings may not match the detail for a given analytic model. One option is to group buildings into general classes (e.g. two-story, box- walled building). This general characterization could be provided to models equipped to expand that into a representative building. Alternatively, VAT 200 could do the expansion and send the representative building details to an analytic model. For either alternative there will be a reduction of predictive accuracy relative to providing actual details. A contrasting case for building construction is when the VAT 200 user provides greater detail than an analytic model is equipped to use. In addition, population within a building, may have multiple representations: the total population in the building, numbers of people in each bay of a building, or individuals' specific positions within the building. This discussion highlights the need for the VAT 200 Plug-in to provide the appropriate transformation of variables between potentially disparate data fields.
The geometric and geographic context for weapon-target pairs is also potentially much richer than some models are capable of processing. However, the user may not possess all of the information that a model could use to refine its predictions and where the missing information is required, either the analytic model or VAT 200 will make reasonable assumptions that will be clearly explained to the user.
VAT 200 expects the following output from blast and fragment models:
■ Structural damage;
■ Casualty mformation; and ■ Information keyed to the geography showing the extent of the various effects of the explosion.
Conceptual Data Flow between VAT 200 and CBR Analytic Models
Figure 24 illustrates the data flows for the chemical, biological and radiological (CBR) plug-in models. The atmosphere is the vehicle for dispersion of CBR agents after release. Atmospheric dilution, interaction with water or with other substances in the atmosphere, and in the case of biological pathogens, exposure to sunlight, all act to degrade the toxicity of one or another of these agents. CBR effects calculations require (in order of priority) agent release specifics, meteorological conditions, tenain, and time of day.
CBR substance release information includes agent type, amount, mechanism for release, and delivery mechanisms. The release mechanism describes how and how well an agent is aerosolized (e.g., explosive charge, spray, etc.) while delivery mechanism is the means of introducing the weapon system to the target (e.g. letter bomb, aircraft, etc.).
VAT 200 needs casualties and "damage" resulting from CBR attacks. Damage is partly the result of casualties, especially casualties to key and essential personnel, but it can also be the result of denial of use of facilities or an area and equipment until decontamination has been performed.
Casualty information can be provided several ways. One is simply a count of dead and incapacitated. An analytic model provides such numbers on the basis of that portion of supplied population databases which applies to the installation in question. A second method of expression is to provide geographically keyed data expressing the lethality density of the substance as a function of time. From the latter, VAT 200 is able to calculate its own casualty information taking into account building-by-building and area occupancy as a function of time of day. Even when the analytic model counts the casualties the geographic data is still useful for assessing secondary mission impact (i.e. "damage"). It should be noted that prefened embodiments of the VAT 200 do not model or use the details of the interior of buildings or related heating and ventilation systems so the effects on personnel inside of buildings from CBR releases will be approximated by a standard mitigation factor. However, standard procedures relevant to minimizing the casualties inside of buildings from CBR releases (e.g. turn off air conditioning or ventilation system) are provided. Top-Level Descriptions of Consequence Model Plug-ins
Blast and Fragment Models
Bomb Card General Description
TSWG's Bomb Card, analytically represented in VAT 200, provides ranges for building evacuation and ranges for withdrawal of people in the open. Both are indexed on a progression of common or likely teπorist explosive devices, ranging from 5 pound pipe bombs to 60,000 pound semi-trailer trucks. The building evacuation distances are purely a function of net explosive weight. The open air evacuation distances are a composite of predicted effects from case shrapnel, thrown vehicle fragments, and glass breakage. Mechanics of Use
VAT 200 will supply only type of bomb and net explosive weight in TNT equivalent pounds to the Bomb Card model due to the simplicity of the Bomb Card "model" approach (i.e., a simple look-up table).
The Bomb Card does not use any geometric and geographic information beyond the XY coordinates of the burst - for example height of detonation and presence of blast walls or nearby reflective natural or artificial features are not taken into account. Most importantly, no account whatever is taken of the character or construction of buildings.
The Bomb Card will return information about building damage and potential for casualties to personnel in the open. AT Planner General Description
AT Planner, a product of the U.S. Army Engineer Waterways Experiment Station, was developed to aid engineers in evaluating Force Protection issues from teπorist and saboteur attack. In its native mode it is a GUI-based interactive tool. Features include the ability to make building retrofit recommendations and the ability to recommend barriers to stop vehicles of a specified size with a specified distance for acceleration. Three-dimensional views showing building damage are available in the GUT 202 version and it is possible to request standoff distance calculations for specified buildings, specified damage types such as roof/wall failure or glass breakage, and for weapons of a specified net explosive weight. Mechanics of Use
AT Planner can use precise positions of persons outside of buildings, detailed window distribution information, treats building occupants only by calculating injury potentials in the interior bay by bay, and can incorporate the mitigating effects of blast walls close to the point of detonation. Threats are specified in net explosive weight of the equivalent TNT charge. However, detonations inside of building are not modeled and AT Planner does not use height of burst or weapon fragmentation data, and its ability to represent iπegularly shaped buildings is limited.
AT Planner's products include casualty information for outside individuals, coded panel-by-panel damage information for buildings, and a three-dimensional representation of building damage. VAT 200 will use these data to determine detailed consequences for threat- target pairs. Blast/FX™ General Description
Blast/FX™ was developed by TRW Inc. (formerly BDM Inc.) for the Federal Aviation Administration as a tool to model the effects of explosives against buildings and the people in them. Features include the ability to predict severity of injury to individuals at precise locations inside the building. Buildings may be described in substantial engineering and architectural detail and fragment characteristics of weapons are also modeled.
Weapons can be described by energetic chemical and net explosive weight (describing one in terms of the TNT equivalent net explosive weight is sufficient). Fragmenting capability can be infened from the casing but also fragment sizes can be specified, so that the model can accommodate weapons with bundled shrapnel such as nails. Mechanics of Use
Of the ensemble of plug-in information pertinent to the general blast and fragment consequence projection task, Blast FX™ is alone among the VAT 200 analytic models in being able to take into account the specific locations of individuals within buildings.
Extensive building construction detail can also be used by Blast/FX™: beams, columns, floors, and walls can be described for multiple levels by dimension, by category of material, and in the case of reinforced concrete, by the rebar spacing. Windows can be described by size and glazing material. Instead of requiring this level of construction detail from users, the VAT 200 will provide representative construction details conesponding to the generic building class selected by the user since prefened embodiments of the VAT 200 do not include the modeling of the interior of buildings.
Blast/FX™'s products returned to VAT 200 include the mortality or severity of injury to each person included in the scenario, component by component damage information, and three-dimensional views of the blast area with damage and casualties color coded (plus associated data to support this visualization).
FP Tool
General Description
FP Tool is a product of the Naval Surface Warfare Center (NSWC), Dahlgren, Virginia. Unlike AT Planner and Blast FX™, FP Tool uses the TNT Standard methodology instead of the Kingery-Bulmash algorithms for its calculations. NSWC chose the TNT Standard in order to increase the accuracy of the calculations, especially for reflected air blast and elevated burst situations. Of the three blast and fragment models interoperable with prefened embodiments of the VAT 200, only FP Tool takes height of burst into account. The FP Tool also precisely models air blast-pressure decay but even with FP Tool the prediction is apt to be conservative.
Explosions internal to buildings may be modeled in the FP Tool. Exterior wall panel damage is predicted while interior walls are ignored in the calculation of this damage. The cunent release uses eardrum damage and fragment-skin penetration as metrics for air blast personnel casualty. The travel and consequences of fragments of the buildings themselves are not modeled in the cunent release of FP Tool: only casing fragments are considered. Fragment trajectories are calculated both for bursts outside and for bursts inside of buildings. When a fragment reaches an impediment, penetration is calculated on the basis of the fragment and the construction of the impediment. Casualties to people from fragments are calculated on the basis of probability of hit for personnel in hazard volumes rather than on the basis of precise positions of occupants. FP Tool also calculates probabilities of equipment destruction from fragments. Mechanics of Use
Of the ensemble of plug-in information pertinent to the general blast and fragment consequence projection task, the FP Tool can use weapon size, three-dimensional burst position information; multiple buildings; and barrier information. Building generic type, percentage of glass, and population density are usable but more extensive construction details are not. Equipment type and fragility can be used, if provided.
Results passed from FP Tool to VAT 200 include air blast information, building collapse information, building fragment information, building damage information, equipment casualty information, and personnel casualty information. Chemical/Biological/Radiological (CBR) Models CBR Card General Description
The CBR Card provides a quick look assessment for casualties related to the use of CBR agent releases. The purpose of this application is to provide a range of probable consequences from typical CBR attacks. The Card provides actual "Lethal Dosage 50" (L/D50) values for a given release. L/Dso is the dose for which 50% of the affected population is likely to die from the given exposure. It should be noted that the casualties will take place over a variable time frame depending on the agent: chemical agents act very quickly (within minutes to hours) while biological and radiological may take days to weeks to kill. However, the dosage calculation will be determined assuming that the personnel in the area remain there for 30 minutes after the release. The CBR Card is meant to provide a rough estimate of the consequence from a CBR attack and also to provide insight into crucial aspects of CBR releases. While the Bomb Card focused on standoff as the primary countermeasure to blast, the CBR Card will show the relative importance of time and situational awareness as critical weapons against CBR agent releases. Time is critical since if personnel can don a gas mask immediately upon being notified of a release then the hazard from CB releases is fairly minimal. Similarly, for radiological agents, limiting time exposed to the agent is the only way to prevent casualties for unprotected personnel.
The primary factors considered in developing the data to create the CBR Card are: source, release mechanism, amount of agent, delivery mechanism, and meteorological conditions.
The CBR Card permits several chemical agents to be selected: chlorine, VX, and GB. These three were selected because they span the likely threats in four relevant dimensions: availability, persistence, lethality, and history of use.
Chlorine is a representative industrial chemical agent meeting the test of easy availability. It is a toxic industrial material that has been discussed as a tenorist threat for years. It is lethal, its dense gas characteristics enable a cloud to linger in the absence of wind, and it is readily available. Moreover large tanker trucks are not uncommon, so inconspicuous delivery is plausible. Because of its likely packaging as a tanker truck the likely scenario is for a large amount of chlorine (tens of thousands of kilograms) to be released by a small explosive rupturing the tanker near the target.
The other two characteristics important to chemical weapons are relative lethality in small doses and persistence. No one chemical agent is best at both, so VX is included in the CBR card to represent the persistent chemical agents and GB Sarin is included to represent the agents of highest lethality.
The two conditions of midnight release and noontime release were selected to show the disparity between the dispersion and the degradation of CBR releases under differing meteorological conditions. Midnight release means no turbulence and no wind. The resulting transport and dispersion occurs because of a physical phenomena called meander which is the random fluctuation of wind azimuth coupled with random variations of a small wind speed. (That is to say, it really is not physically possible to have absolute calm conditions.) Meander creates a slow moving enatic cloud that may eventually cover a large area. The noontime release conditions provide a turbulent atmosphere with a four-knot wind. This condition provides a situation where the initial release will quickly produce a fairly directional plume of ground effects. The wind speed of four knots was selected to provide a reasonable ground footprint over minutes to hours without diluting the release too quickly.
Unless there is a continual release, turbulence, and exposure to water vapor will cause these effects to be fairly short-lived. In comparison to biological and radiological agents, chemical agents need to be brought right to the victim in order to work. For them the delivery mechanism is an important factor. That is why the CBR Card expands the three representative chemical agent cases to a variety of agent/delivery mechanism combinations such as aircraft drop, van spray, and suitcase bomb.
One agent, anthrax, is sufficient to represent biological warfare agents. Anthrax is a worst case choice because as a spore it is relatively resistant to ultraviolet light so it has a long linger time (relative to other biological agents) and is also more lethal than most other biological agents. It is also readily available and, unlike the chemical agents, it can kill at a long distance from its point of release. Three different, plausible dehvery mechanisms are used - aircraft spray, van spray, and backpack spray.
For the radiological threat, Cobalt 60 is a likely source due to its availability from medical applications. One dehvery method is used (suitcase bomb) for its application since in any other form it would be very dangerous to the terrorist employing it and an explosive release provides an effective way to spread a small amount of material quickly. Mechanics of Use
The two parameters that the CBR Card will require from the user will be direction of prevailing wind and location of the source. The data produced from the series of CBR scenarios described above will be applied to the site within VAT 200 with these two pieces of data. In this way, personnel affected by the release may be calculated and provided as a consequence term and, if requested by the user, plotted on the site map. The prevailing wind condition is very important for CB releases since it specifically identifies the region at risk from a CB release. However, the user may experiment using different wind azimuths to determine the severity of a CBR attack during non-nominal meteorological conditions (i.e., the xiser may perform what-if analyses).
The CBR Card does not consider terrain effects. All scenario runs assume flat terrain. This simplification could obviously be important especially for very hilly terrain and urban areas.
The example threats provided in the CBR Card give a broad range of potential threats with limited resolution. If any of these scenarios produce event consequences marginally acceptable or unacceptable, it is recommended that a more detailed examination of the scenario by considered by using the high fidelity CBR transport and dispersion model, HP AC, described in the next section. Hazard Prediction and Assessment Capability (HPAQ General Description
The high fidelity transport and dispersion engine within the Hazard Prediction and Assessment Capability (HPAQ application normally requires over 100 independent parameters to perform a detailed calculation. However, the resolution of fee information that will be available for a given site and scenario will not have much of this relevant information. The source of the release must be identified to include agent, agent dissemination device, and amount. HPAC has standard attributes of the agents stored in its databases to provide an initial release cloud. The transport and dispersion of this cloud, and its resulting lefeaHty, is largely an effect of fee environment into which this agent is released. VAT 200 does not need terrain and meteorological conditions to run but HPAC needs some values for these parameters. HPAC can either determine typical meteorological conditions for fee site's geographic location and season of fee year from its own resident databases or a default file will be made available for modification. In addition, fee terrain will affect fee transport and dispersion but VAT 200 assumes flat terrain. Data from HPAC will be typical contours showing fee extent of a cloud's growth scaled to dose levels representative of physical impairment and/or high probability of death. Mechanics of Use
HPAC is capable of using every bit of fee agent cloud, time and meteorology, and geographic data that VAT 200 will supply. Some users of VAT 200 will be unable to provide information in detail and so will instead characterize weapons, weather, and geography by generic category. Together, VAT 200 and HPAC will extrapolate from these to fee details HPAC's computation engine requires in order to run.
The present release of HPAC does not directly calculate casualty information. VAT 200 will receive geographic lethality and incapacitation information from HPAC that it will then use bofe for casualty and for mission impact assessment External Interfaces
The VAT 200 provides a mechanism that allows end users to enhance fee functionality provided by fee VAT 200 on dehvery. The VAT Plug-in module interface allows third parties to create software modules feat extend fee VAT 200's capabihties beyond feose delivered as part of fee standard VAT 200 installation. There are cunently three variants of plug-in modules: Analytic Model plug-ins, Data Analysis plug-in modules, and I/O plug-in modules. The following sections discuss the VAT 200's Plug-in module interface and fee capabilities of each of the plug-in types in an overview fashion feat attempts to provide context for fee other sections of this specification. Plug-in Module Interface
The VAT 200's external interface mechanism is constructed around fee notion of software plug-in modules which provide enhanced behavior for fee VAT 200 in specific areas of functionality: new analytic models, new textual data interpretation paragraphs, or new sources to import or export data to or from fee VAT 200. Software plug-in modules are binaiy objects built from compiled code that adheres to standards defined for fee AVAT 100 Suite.
In general terms, for all plug-in modules, fee VAT 200 expects a base level of functionality feat manages fee low-level interface wife fee VAT 200 software. On top of feat functionality, the VAT 200 expects that a plug-in will implement additional functionahty that will allow fee plug-in to provide enhanced behavior for fee VAT 200 software.
The overarching design principle for the Plug-in module interface design is to make it easy for third party programmers to develop plug-ins for different situations, not precluding fee possibihty that more than one plug-in of a particular type (e.g. two analytic model plug-ins and or feree analysis module plug-ins) may be registered wife fee VAT 200 and potentially be running concunently with the others. Analytic Models Interface
The VAT 200 Analytic Models Interface will allow module developers to create interfaces to external analytic models and interface them wife fee VAT 200. Through fee Analytic Models Interface fee VAT 200 will be capable of exporting munitions, terrain, geometry and other information in fee VAT Database 220 for analytic models to use in their calculations.
A major design goal for this interface is that fee user will not be required to interact with an external model's native interface (if any exists) in order to use it or its results in VAT 200 risk calculations. As a result, fee VAT 200 Analytic Models Interface provides a number of control functions feat allow fee VAT 200 to control fee execution of a compliant Analytic Model.
After execution, fee VAT 200 expects to receive results from fee model. The kinds of information feat an Analytic Model can return to the VAT 200 are listed below.
TABLE B Analytic Model Information Table
Figure imgf000044_0001
Data Analysis Module Interface
In support of fee user created report format requirement, the VAT 200 exposes fee Data Analysis modules interface. The VAT 200 uses Data Analysis modules to interpret the results of user-entered data and formulate statements about feat data. Throughout fee interview process for Professional Assessors and Planners and during fee creation of output reports, fee VAT 200 uses Data Analysis modules to create custom paragraphs of text. The exposed interface allows end users to create their own Data Analysis modules that can be used in user modified screen sets or in user defined output report formats. The Data Analysis module interface includes control methods feat allow fee VAT 200 to interact wife Data Analysis modules and exposes portions of fee VAT Database 220 to allow fee module to perform queries on fee database. IO Module Interface
The third external interface fee VAT 200 exposes is fee IO module interface. The VAT 200 uses IO modules to read and write data from/to external data sources.
Initially the VAT 200 includes IO modules for importing data in fee following formats: TIFF - Image format JPEG - Image format
DXF - Image format BMP - Image format
The VAT 200 may also include an IO module for fee following format: JIS - The JSIVA Information System Output Reports
The VAT 200 has a report generation capability that assists in fee preparation of JSIVA formatted professional assessment reports, assessment team briefings, and AT/FP plans. In addition, fee NAT 200 allows fee user to define additional report formats feat can be used to generate new report types in addition to feose originally supplied wife the VAT 200. The VAT 200 accompKshes this by storing report formats feat define fee information to be contained in VAT 200 generated reports in a content independent format Report formats are editable from within fee VAT 200 Editor. Using fee report format editor, fee user can modify any of fee report formats supplied wife fee VAT 200 and/or create completely new formats that are unlike feose supplied with fee VAT 200. Professional Assessment Report Generation Capability
Generation of fee report of a professional assessment is an option in fee reports section of fee VAT 200. A substantial portion of the report consists of directly transfened text comments keyed in by users. Ofeer portions of fee report are available from fee facihty physical and procedural baseline infoπnation maintained in the database as a basis for the VAT 200's calculation. Finally, ofeer portions of fee report are fee VAT 200's calculated results. Professional Assessment Team Briefing Generation Capability
Generation of a Professional Assessment Team hibriefing Outbriefing is an option in the reports section of the VAT 200. As with fee Professional Assessment report, fee bulk of this report is generated based on infoπnation entered by the user during his use of fee VAT 200. Ofeer Professional Assessment Team Briefings are supplied in template form to speed the report creation ability of Professional Assessors. AT FP Plan Generation Capability
Generation of fee AT FP Plan is also an option in fee reports section of fee VAT 200. A substantial portion of fee report consists of directly transfened text comments keyed in by users. Ofeer portions of fee report are available from fee facihty physical and procedural baseline information maintained fee database as a basis for fee VAT 200's calculations. Yet ofeer portions of the report are fee VAT 200's calculated results. User Defined Report Generation Capability
Report formats are fee heart of the VAT 200's report generation capability. The VAT 200 stores report formats that represent all fee report types that fee VAT 200 produces. Even fee AT FP Plans and Professional Assessment Reports feat fee VAT 200 generates are created using VAT 200 report formats. Report formats define for fee VAT 200 fee contents of a report independently of fee infoπnation feat will ultimately be contained in fee reports. Using a report format, at report generation time the VAT 200 iterates through user entered site information and assembles a report based on fee infoπnation.
Report formats consist of a small set of elements that can be assembled by the VAT 200 in building block fashion to create a whole document. As shown in Figure 25, report formats consist of Sections 2510, Paragraphs 2520, and Clauses 2530. Major divisions of generated documentation are stored as sections in VAT 200 report formats. Sections consist of a title element and one or more paragraphs that make up fee body of fee block. Each section in a VAT 200 report format contains paragraphs that define fee content of fee block. Paragraphs in VAT 200 reports are usually what feeir name implies - paragraphs of text - although the VAT 200 extends this definition slightly for added flexibility by allowing graphs and tables to be inserted as paragraphs 2520. As wife sections 2510, paragraphs 2520 may contain clauses 2530 feat define fee content of fee paragraph 2520. Clauses 2530 are the lowest level element of a VAT 200 report format.
Paragraphs in a VAT 200 report format may be one of several different types. The simplest form of paragraph is a boilerplate paragraph that contains text feat is constant for all reports generated using fee report format. Boilerplate paragraphs insert their exact contents into generated reports. Another, slightly more complex type of paragraph is fee analytic paragraph. Analytic paragraphs are created from fee output of a Data Analysis module plug-in (see the external interfaces section for more information on Data Analysis modules). Using Data Analysis modules and analytic paragraphs, end users can create completely new forms of output for VAT 200 reports. The next most complex form of paragraph is a composed paragraph. Composed paragraphs are paragraphs that have one or more clauses feat are used to build fee body of fee paragraph at generation time. Composed paragraphs insert fee contents of fee clauses that comprise them into generated reports. Finally, fee most complex type of paragraph stored in VAT 200 report formats is a special paragraph. Special paragraphs are paragraphs feat fee VAT 200 creates entirely based on information entered by the user as part of feeir interaction wife fee VAT 200. Special paragraphs are graphs, tables and ofeer forms of data representation that are constructed by the VAT 200 at the time of report generation feat contain infoπnation from fee VAT Database 220. The VAT 200 includes special paragraphs feat create tables and simple graphs.
As wife paragraphs, clauses can take multiple forms. The simplest form of clause is a boilerplate clause. As wife boilerplate paragraphs, boilerplate clauses are copied into generated reports unchanged. The second form ofa clause is the query clause. Query clauses represent simple database queries. At report generation time, fee query is conducted and its results are what is inserted into generated reports. Software Architecture Object Model and Architecture
The VAT 200 software accepts and stores a multitude of data elements including user input data, analytic model results and influence network 500 evaluation results. In order to provide structure to that data and make it available to all of fee parts of fee VAT 200 system feat may need it, there are three models fee VAT 200 uses to organize information. One of these models, fee Influence Network 500, has been specifically discussed previously due its central influence on fee VAT 200's complex risk calculations. In addition to fee Influence Network 500, the VAT 200 maintains a Data Model, which contains information about fee physical elements of a particular domain, and fee Meta Data model. This section describes each of these models, feeir relationship to fee ofeer models, and how fee VAT 200 uses them to develop a complete representation ofa site.
The VAT 200 Data Model 2600, shown in simplified form in Figure 26, is how fee VAT 200 organizes information about fee real-world elements feat can exist in fee site under analysis. The association of physical items, agents, and events as fee association element called AT FP Domain forms the base of fee diagram. Each of fee branches of fee tree represents an orthogonal view of fee world feat represents items from the most general to fee most specific. In this context, physical items are real objects in fee world that occupy space. For example under this organization, one could say they have a physical object, which is a vehicle, which is a land vehicle, etc. proceeding from fee most general to fee most specific. Agents represent entities in fee world that have intent and perform actions. An example agent would be fee U.S. Army or a tenorist organization. Finally, events are triggers that are likely to bring about change in fee world state or cause an agent to act. An example would be a coup or fee occunence of a religious holiday.
The VAT 200's second use of fee Data Model 2600 is to use instances of elements of the Data Model 2600 as part of associations feat are part of the VAT 200's Meta Data Model (shown in Figure 27 and described below). These element instances represent items feat actually exist as part of the profiles that fee VAT 200 is being used to create.
The VAT 200's Meta Data Model 2700, shown in Figure 27, is fee VAT 200's central aggregation mechanism for data about sites feat fee VAT 200 profiles. The VAT Meta Data Model 2700 stores infoπnation about fee collections of elements from fee Data Model 2600 feat are useful in fee AT FP domain. The stmcture of fee Meta Data Model 2700 is primarily based on associations since it focuses on bringing together objects into real world constructs.
At fee root of fee tree are fee organizational elements Agency 2710, Region/Division 2720, and Site 2730. These objects provide for storing contextual information about a site and allow fee TTMS 130 to properly associate sites that are under fee same Agency 2710 or in fee same Region or Division 2720.
Sites 2730 are composed ofa Site Layout 2731 and one or more Infoπnation Products 2732, Threats 2733 and Site Baselines 2724. The VAT 200 uses fee Site Layout 2731 to store all of the static information about a site's infrastructure, stractures, and natural environment. Conversely, Site Baselines 2724 are used to store data about fee dynamic elements ofa site such as employed counteπneasures, asset locations, and organizations as these elements are organized for a particular configuration (e.g. one may speak of the THREATCON Alpha baseline versus fee THREATCON Bravo baseline.)
The VAT 200's final organizational element, as described previously, is fee Influence Network 500. The Influence Network 500 provides a central framework from which fee VAT 200 evaluates risk. Each of fee nodes 510, 510a in this network 500 represents an element feat affects fee overall risk for a given threat against a given target. Nodes in fee network 500 can have parents (nodes that cause an effect on this node) and children (nodes feat are affected by this node), but fee network 500 cannot contain cycles. Using an influence algorithm (described fully in fee Influence Network 500 section), each of fee nodes in fee network 500 takes a set of possible states, each wife a probability of occurring. Ultimately, fee values at children nodes are influenced by fee values in parent nodes in fee network 500.
As shown in fee Figure 28, fee VAT 200 populates fee leaf nodes 510a of fee Influence Network 500 using a combination of directly entered data, data pulled directly from fee Data or Meta Data models 2600, 2720, and calculated information based on data gained from network 500 searches. As a consequence, data entered into fee Data Model 2600 and the Meta Data Model 2700 directly or indirectly affect fee site specific Influence Network 500 and therefore affect fee site's overall risk profile.
To implement fee behaviors implied by these feree models, fee VAT 200 is divided internally into nine subsystems feat each implement a part of one of fee data models, fee influence model fee user interface, or ofeer systems feat operate on fee models to perform useful calculations. The subsystems are identified in fee next section and defined in detail in later sections. Package Diagram
The VAT 200 is internally divided into nine subsystems. Each of these subsystems is implemented as a separate software package wife a public interface that the ofeer subsystems use to interact with fee package. The VAT 200 Package Diagram 2900 in Figure 29 shows fee VAT 200, its subsystems, and feeir dependency relationships. The block symbols (e.g. GUT Engine 210) represent aggregations of functionahty within the VAT 200 that will be implemented as a subsystem wife specific defined interfaces. The dotted arrows show which of the VAT 200's subsystems depend on ofeers. For each of feese dependencies, fee lower level package (at fee anowhead end of the aπows) will implement an internal system interface.
In addition to fee VAT 200's internal interfaces, this diagram shows fee external interfaces that have been defined for fee VAT 200, These interfaces are discussed in fee section above entitled External Interfaces. Subsystems GUI Engine
In order to provide a user interface that is tailored to multiple types of users and that can be modified without recompiling, fee VAT 200 uses a GUI Engine 210. Instead of producing an interface based on compiled code, fee GUT Engine 210 reads and creates fee user interface from fee database 220 at run-time. This approach provides a GUI 202 that can be modified by changing fee database 220 instead of fee code. It also provides fee abiUty to define different user interfaces for each type of user. This allows fee interfaces to be customized to fit fee user's specific needs and level of understanding.
The cunent user interface concept has five main sections menu bar, navigation bar, tool interface, outline view, and dynamic content area. Each of feese sections are created and managed by fee GUT Engine 210.
The menu bar provides file input/output commands, edit functions, simple navigation, and access to help. The GUI Engine 210 passes fee commands to the appropriate VAT 200 subsystems and interacts with fee Windows clipboard as requested by fee user.
The navigation bar provides fee user wife web like navigation (back and forward buttons) and quick access to important features and sections of data in the VAT 200. The GUT Engine 210 stores a screen history feat it uses to determine what screen to display when the back and forward buttons are used. They act exactly like the buttons found on a web browser. The remaining buttons on fee navigation bar are linked to specific screens in fee VAT 200 feat are immediately displayed when fee user presses them.
Similar to fee navigation bar, fee tool interface provides direct access to various tools contained in fee VAT 200. Each of fee buttons, when pressed, instructs fee GUI Engine 210 to activate a specific VAT 200 tool and display its interface.
The outline view's two purposes are to represent fee data in fee system and to allow fee user to move around in fee VAT 200 to view, edit, and change data. The GUI Engine 210 populates fee outline as data is entered into the system and as fee VAT 200 needs information from fee user. The infoπnation is displayed in an outline form to better organize and manage its representation.
Users can use fee outline to jump to information that feey need to change or enter simply by clicking on a line in the outline view. This instructs fee GUI Engine 210 to display fee screen feat contains fee proper infoπnation.
The most important part of fee interface is fee dynamic content area. This portion of fee interface contains fee screens feat:
■ Interview fee user
■ Allow fee user to view and modify data
■ Display results, charts, and graphs
■ Display 3D graphics for building fee site and simulating it
The GUI Engine 210, shown in Figure 6, reads information from the database and creates screens to allow fee user to interact wife fee system. This area, like fee rest of the interface, is completely controlled by fee GUI Engine 210, but fee 3D Engine 210 is also capable of writing infoπnation to it. Whenever the 3D Builder 260 or Viewer 280 is needed, fee GUI Engine 210 provides a graphics context to fee 3D Engine 210 so that it can display graphics in fee dynamic content area. The GUI Engine 210 creates and manages all the toolbars feat are required to operate fee 3D Builder 260 and Viewer 280. It passes fee commands issued by fee user to fee 3D subsystem for processing. This provides a consistent interface to fee user and reheves fee 3D sub-system from the duties of handling user input.
The GUI Engine 210 handles multiple screen definition sets so feat each one can be customized to fit a specific set of users, but it does not require feat every screen be customized. Instead the engine supports default screens in addition to user type specific screens. This provides a mechanism where fee GUI Engine 210 uses a default screen anytime a user type specific one does not exist. This makes fee engine 210 more flexible and defining custom screens less time consuming.
Each object in fee system that requires user interaction has a least one screen associated wife it This is fee default screen to be used by fee GUI Engine 210. In addition to feat screen each object can have other screens associated wife it to be used by a specific type VAT 200 user as shown in Figure 30.
As mentioned throughout this section, the GUI Engine 210 uses screen definitions to define what the dynamic content area of fee user interface should contain. These definitions define what the screen should contain, but not explicitly how it should be displayed or laid out. This has two main advantages:
■ The user interface is more flexible.
■ Defining screens is much simpler.
The screen definitions such as fee definition 3100 shown in Figure 31, consist ofa list of what should be shown on the screen, but not how it should be laid out. This approach frees modification users from fee duties of having to graphically lay out each screen so feat feey can better concentrate on fee content of fee screen. It also allows fee GUT Engine 210 to be more flexible by allowing it to adapt fee screen to fee size and style of fee window available. It furthermore allows fee engine to decide, based on fee type of data to be input to output, what is fee best way to display it. The GUI Engine 210 uses the screen definition 3100 to determine what to display on the screen. To determine how to display fee information, it checks fee type of data and determines what input or output device to use. For example, if fee definition 3100 specified feat fee user's name should be entered, fee GUI Engine 210 would check fee database and know feat this is a string. It would then use a text-input box on fee screen for the user to type the information into. If on the ofeer hand fee definition 3100 specified feat fee user's rank be entered (and a fist of acceptable ranks exist), fee engine would use a selection box so feat fee user would not need to type in fee answer. This technique is applied to all of fee items in the list until fee entire screen composition is known.
At this point the GUI Engine 210 uses rules similar to a web browser to layout the information on fee screen. It determines the spacing between lines, knows to emphasize fee title of fee screen, etc. Once this process is finished, fee engine displays fee screen to fee user and handles all fee interactions.
In addition to interpreting the screen content, fee GUI Engine 210 is also responsible for determining what screen to show when. The user can jump to specific screens by using fee navigation bar, outline, and tool bar, but this is only part of fee navigational process. During the interview for example, fee user will press a done or next button to indicate feat feey are ready to proceed to fee next screen. The GUI Engine 210 is responsible for finding it.
There are three methods that the engine uses during navigation. The first is to jump to a user-specified screen as described above. The second is to look at data dependencies in the object model and influence network 500. Many of feese objects require infoπnation about ofeer objects. The GUI Engine 210 uses this infoπnation to determine what object screen fee user should see next. But, this method alone may not produce a coherent progression of screens.
The GUI Engine 210 is equipped wife one final navigational method. In addition to specifying what to display on a screen, a screen definition can also specify other screens to be displayed. This allows it to override fee default behavior of fee system in order to provide a directed screen progression. A sample diagram of this process is shown in Figure 32. Computational Engine
The Computational Engine 230 subsystem of fee VAT 200 is responsible for providing support to the risk determination and mitigation processes. During feese processes, fee Computational Engine 230 builds and maintains fee structure of fee influence network 500, in addition to performing calculations to support decision-making. Figure 33 illustrates fee many steps of risk determination and analysis with which fee Computational Engine 230 is involved.
The key to fee knowledge of fee VAT 200 lies in fee Influence Network 500. This network 500 embodies fee factors feat fee VAT 200 relies upon in making decisions during risk determination and mitigation. Risk determination is composed of four major components: criticality determination, threat determination, susceptibihty determination, and consequence analysis. Risk mitigation is comprised of countermeasure effectiveness analysis and consequence analysis. Each of feese distinct components interacts wife fee influence network 500 in order to make decisions, and each decision made affects fee rest of fee Influence Network 500. Through fee data interaction between feese components, fee Influence Network 500 is capable of calculating fee relative risk ofa particular target against a particular threat. Figure 34 illustrates fee interaction between feese steps of fee risk process and the Influence Network 500.
In addition to interacting wife fee primary VAT 200 Influence Network 500, fee susceptibihty determination and risk mitigation components also make use of local networks in order to make complex decisions, as shown in Figures 35 a, b. During fee susceptibihty determination, threat intentions and capabihties are compared to countermeasure effectiveness to determine fee reaction of the threat upon encountering a countermeasure. This complex inference is handled using a miniature Influence Network. Similarly, risk mitigation also uses threat and countermeasure characteristics in making decisions. Various countermeasures are compared to fee specific threat to determine which ones are most effective at mitigating the risk of the threat against the target. These local decisions do not directly derive from fee prime Influence Network, so they are handled independently.
The stmcture of this network is used to control fee progression of fee screens shown to fee user, and the data collected by fee network 500 determines fee resulting output. The network is capable of propagating data through itself in order to make decisions, but it must rely on external means to obtain this data The GUI 202 provides a portion of this data directly from fee user through elements on fee screen. The remaining data is fee result of various calculations performed by fee Computational Engine 230. Figure 36 depicts fee relationships between the nodes of fee influence network, fee data connection wife the GUT 202, and the calculations made against fee data model.
The primary calculation that fee Computational Engine 230 is responsible for is the generation of approach vectors. These vectors represent fee many ways in which a threat can reach fee target in order to attack. Based on feese vectors, fee accessibility of the target is calculated and used in the influence network 500 to determine relative risk. Figure 37 outlines the steps necessary to construct these vectors.
There are six primary steps to building approach vectors. Step 1-37 involves computing fee range from the target feat fee threat must reach in order to affect consequences. Step 2-37, which is in reality fee controlling loop of fee process, involves using a weighted graph search technique to build fee path. This technique takes two points and builds a path between them. In building fee path, the algorithm seeks to minimize cost, which in this case is fee number of counteπneasures that it must face, and maximize effectiveness, or fee resulting consequences to the target.
Steps 3-37 and 4-37 are actually responsible for supporting fee weighted graph search algorithm. Step 3-37 involves fee actual reasoning component that deals wife countermeasures. Using a local version of fee influence network 500, fee search algorithm can evaluate fee response of fee threat to the countermeasure(s), and if necessary, can alter fee path based on the results. Step 4- 37 involves fee application of first-order physics to fee threat dehvery mechanism. By using physics provided by fee Dynamics module 240, fee weighted graph algorithm determines fee types of tenain feat the dehvery mechanism can cross, and fee areas that the mechanism can fit through. In addition, fee local influence network 500 makes use of physics to determine the denial capabihties of fee countermeasure(s) against fee threat. In a later post-processing sequence, fee Dynamics module 240 calculates fee speed and timing of fee threat along fee path, for use in later playback.
Step 5-37 of constructing vectors consists of refining fee many paths feat are produced. Invariably, similar and redundant vectors are generated, differing only shghtly from ofeer vectors and not providing useful data to fee process. Using pattern-matching algorithms, feese extraneous vectors are removed in order to simplify fee final representations. Finally, in step 6-37, fee accessibility value of fee threat to fee target is calculated for each vector. Once all of fee interesting vectors have been constructed, fee accessibility of fee site is computed based on the accessibility values of all vectors. This value is used directly by fee influence network 500 to determine relative risk. Dynamics module 240
The Dynamics module 240 is responsible for calculating and updating fee state of fee physical objects during fee simulation of the threat ingress, given realistic physical properties of fee environment and objects acting in fee environment.
The Dynamics module 240 is the set of code feat modifies and stores the state vectors of all objects. A state vector is a set of physical characteristics and measurements feat describe completely fee current configuration ofa given object For example, fee state vector used in the VAT 200 includes position in three-space, a rotation quaternion to describe the rotation of fee object, fee linear momentum, and fee angular momentum. This state vector is then updated every computation cycle of the Dynamics module 240 as external forces interact with fee object and impose a change on the state vector configuration.
The Dynamics module 240 has three main sections. The first represents fee object itself. The others act on feat object and are labeled as fee Force Accumulator and fee Equation Solver. For each cycle of fee computation fee object sends a message to fee Force Acciimulator module to sum up all forces acting upon the object. The Force Accumulator has knowledge on how to calculate fee various forces in accordance wife fee Lagrangian dynamics equations (dynamics equations based on energy conservation). For example, fee Accumulator will access other objects if there is a collision force, or access only fee gravitational constant if it is fee gravitational force desired. The total force vector is feen passed back to fee object. Figure 38 shows a complete module diagram and data flow outline.
From that point, the Equation Solver takes fee time derivative of fee object's state vector at time t„, adds in fee force as accumulated earlier, and integrates over a given time step Δt to result in a final state vector at time t, = t^ + Δt. The Solver uses an implicit method of solving fee ordinary differential equation and utilizes dynamic time steps to minimize eπors that occur in stiff Ordinary Differential Equations (ODE) (feose that can "blow up" during standard explicit computational methods wife too large a time-step).
The Dynamics module 240 is able to simulate any simple physical phenomena, such as object-object collisions, gravitational acceleration of an object, friction and resistance effects, and deformation events. The physical object as stored in fee Dynamics module 240 has a volume (spatial extent), mass, and a state vector as described above. VAT 200 Database .
In order to store fee many sources of data used throughout the system, the VAT 200 employs a relational database. With a relational database, the VAT 200 is capable of saving data from previous sessions for the user to access later. In addition, fee database provides a framework for sharing data between modules in fee system, and between users at different locations. Figure 4 summarizes fee many different types of data stored in fee VAT Database 220.
The VAT Database 220 operation must be totally transparent to fee typical user. This is because fee architectural requirements will not support fee traditional model where a database administrator manages fee database independent of fee application. The VAT 200 system is unique in fee sense feat it must operate in bofe standalone and traditional multi-tier modes. Therefore, fee VAT Database 220 is designed in such a way as to provide data storage capabihties feat are transparent to fee user and require zero maintenance.
VAT 200 architecture is predominantly object-oriented in nature. A relational database is not object-oriented, but is organized by tables. In order to implement an object-oriented apphcation design fee use of a relational database conversion code is required. The code is commonly referred to as a 'mapping' code because it is used to map fee application objects to relational entities in fee database. Depending on fee apphcation, fee effort to develop fee mapping code can be substantial. The goal of fee VAT 200 is to minimize fee mapping code effort, while maintaining complete functionahty wife vendor independence. Figure 39 depicts fee object-to-entity relationship.
The VAT 200 apphcation incorporates a database broker to perform fee necessary object-to- relational mapping functions. The broker is a distinct module in fee VAT 200 apphcation performing mapping functions, therefore encapsulating database access code. This approach provides a transparent conversion of fee relational model into fee VAT 200's object model. Modifications to fee relational model only require modification to fee broker.
The database broker handles all data storage and retrieval functions for the VAT 200 apphcation, therefore housing fee necessary database communication code. Regardless of the selected database, fee interface between fee VAT 200 application and broker remains constant.
The relational data model is implemented by defining relational entities for fee VAT 200 object classes as shown in Figure 40. Each entity is designed to support fee object model as efficiently as possible. The methods and aggregation features of fee object model become incorporated into fee database broker. The relational data model begins as a logical model defining fee necessary entities and appropriate relationships between.
From fee logical model, physical models can be created for any supported relational database. 3D Builder/Viewer
The VAT 200 contains fee capability to render a site layout in a three-dimensional manner. This includes two modes of operation. The first is a 3D view feat allows fee user to construct a site or add objects to a site (3D Builder 260). The second allows fee user to view a simulation ran in a 3D environment (3D Viewer 280). The Builder 260 and Viewer 280 are two modes of operation built on top of the 3D Run-time environment 270, which is based on the OpenGL graphics library. Both use fee same underlying rendering techniques, while presenting to fee user different functionahty. This allows fee code base to be shared between fee Builder 260 and fee Viewer 280, resulting in a smaller memory footprint, easier transition between Builder 260 and Viewer 280 portions of fee VAT 200, and a consistent 3D interface.
The 3D Builder 260 allows fee user to construct his base in fee VAT 200 system for use wife the various modules to calculate vulnerability and mitigate risk. The user is presented with a palette of standard 3D construction tools, camera movement options, and structure types to build. The countermeasure library and structure types are feen read in from the database, and the list presented to fee user in an appropriate menu so he can select a structure to build. The user feen uses the tool to build up his site on top of base image of fee layout (scanned-in map, perhaps) or use a base AutoCAD DXF file if appUcable. A flow diagram of fee builder process is shown in Figure 41.
The Viewer 280 allows fee user to view fee site layout as constructed in fee Builder 260, feen displays fee results of fee computational cycle feat calculates risk to various assets on fee layout. This information is displayed as "threat vectors" on fee layout, or representations of paths feat a threat dehvery mechanism would take. Each of feese paths can be selected by fee user, and fee threat scenario can feen be played out, including fee consequence display at fee end based upon data received from fee external blast or CB models. A flow diagram of fee Viewer 280 process is shown in Figure 42.
The 3D Viewer 280 and 3D Builder 260 bofe sit on top of fee base 3D Run-time engine as outlined in the previous section. Each interacts wife different sub-modules of fee Run-time to alter fee user interaction, rendering mode, and display options. The Viewer 280, while interacting wife fee Computational Engine 230 and Dynamics module 240, communicates wife fee non-physical data structures to populate fee threat vector display list It also interacts wife fee camera model to change fee view upon user request, as well as makes calls to fee rendering engine itself to change display modes (switch to wire-frame mode, map textures differently, et cetera). The Builder 260, on fee ofeer hand, needs to access fee structure of static data to populate fee terrain and structure information (static polygons), while also communicating wife fee rendering engine and fee camera model.
The Builder 260, upon initial startup, takes input from a 2D image or a 2D AutoCAD file (DXF). This is then used as fee base of fee modeling session, which allows fee user to build on top of fee actual site layout in order to bring it into fee third dimension. The DXF file is parsed and translated into an internal format, and all 3D information generated by fee Builder 260 is kept in an internal format for maximum efficiency. When fee user is finished, the model is feen saved out into a common 3D file format that can be stored into fee data store (object persistence mechanism), and pulled up later in fee Viewer 280. All asset characteristic infoπnation is imbedded into fee 3D-file format so feat all infoπnation is in one location. 3D Run-time Environment
Bofe fee 3D Viewer 280 and fee 3D Builder 260 are based upon fee same 3D Run-time Environment 270 (also referred to herein as fee 3D simulation/gaming environment) that handles the rendering of fee scene. The 3D engine stores texture information, polygonal models, and lighting information needed to render fee scene quickly and reaUstically. A detailed look at fee sub-modules of the 3D-Run-time Environment 270 is found in Figure 43.
The 3D Engine takes input from fee database to retrieve fee site layout as built by fee Builder, or from the cunent polygon structure feat fee user has constructed in fee case of fee Builder. The texture images are stored and linked from individual polygons, and fee geometry of fee layout and buildings are stored separately from fee geometry of fee mobile objects such as trucks. The polygons for static data such as fee terrain and buildings are stored in a manner feat is geared toward quick rendering, while fee objects feat move do not necessarily remain in fee same physical area during fee simulation, and so cannot take advantage of fee spatially-ordered data structure. A Binary Space Partitioning (BSP) tree is feen used to store fee terrain and structure polygons to allow for fee quickest rendering ofa large scene while allowing for rapid view-frustum culling and level of detail control. BSP trees allow all polygons to be stored in a tree structure that is branched based upon spatial position, so polygons close to one another in physical space are close in data space as well. These techniques are used to allow for faster rendering speeds on the limited hardware of fee PC platform.
The models used to draw all auxiliary vehicles and structures are kept in a model library within fee 3D-rendering module to facilitate fee addition of new models. The track models, for example, will not be stored integrated in wife fee site layout, but will be stored separately to allow addition or changes to fee truck model. The site terrain and additional geometry are exportable to a common model interchange format (DXF) for viewing in an external model viewer independent of the VAT 200.
The rendering engine uses fee OpenGL graphics Apphcation Programming Interface, or API. This Ubrary of graphics routines has become fee industry standard for fast real-time graphics, and is suoDOrted bv most video hardware to provide acceleration and keep most of the graphics pipeline processing tasks off of fee CPU. OpenGL provides a robust set of primitive calls to render polygons wife reaUstic Ughting, shading, and texturing effects, z-buffering, and ofeer advanced graphics features. The graphics Ubrary lends itself to a scene graph approach for storing polygons and transforms internally, while also allowing for a BSP tree or ofeer spatial structure to exist internally since OpenGL does not deal wife higher-level polygon sorting or organization. A scene graph is a technique used to store rotations and translations in a tree structure. This structure allows changes at a higher level to affect all objects below fee node; organizing rotations and translations in an efficient manner. Report Generator Module
The Report Generator module of fee VAT 200 is responsible for fee creation of electronic and printed output from fee VAT 200 system. The report generator is driven based on inputs from fee user interface that indicate the report type to generate and fee desired output format The report generator always operates on fee active dataset for fee VAT 200.
The Report Generator module is built around fee design concepts expressed in fee User Defined Report Generation Capabihty section. As described in that section, report formats form fee heart of fee report generation capabihty whose stmcture is reflected in its class hierarchy as shown in Figure 25, Report Format and Figure 44, VAT Report Generator module. In addition to fee Report Format, Section, Paragraph and Clause object classes discussed in the User Defined Report Generation Capabihty section; fee Report Generator module adds a class for fee report feat forms fee public interface for creating reports in multiple formats, a report generator class that forms the public interface for fee subsystem, and several subclasses which implement fee specific behaviors for paragraph types, clause types, and output formats.
The report generator object defines fee public interface for the Report Generator module. It is the only object in this subsystem feat persists throughout a VAT 200 execution. Ofeer objects in fee subsystem are instantiated and destroyed as necessary when generating reports or creating user- defined report formats.
The report object is an abstract object feat is never instantiated. Instead, it defines fee public interface to several subclasses feat deal wife fee specifics of particular output formats. This indirect approach aUows the VAT 200 to be more easily expanded in fee future to include support for additional output file format types. Initially, the VAT 200 will be capable of creating documents in RTF, and Microsoft Word 97 TM formats.
A similar approach has been taken with fee paragraph and clause objects. Abstract base classes form fee interface to feese classes, while specific subclass objects allow for specific behaviors for different paragraph and clause types.
When fee user requests to generate a report, fee GUI 202 sends fee report format, fee desired output type, and optionally, an output file name. Report generation occurs in two stages: quahfication and creation. During fee qualification stage fee report generation subsystem performs a walkthrough of fee report format and verifies feat each Section, paragraph, and clause has enough infoπnation to create its output If qualification succeeds, feen fee subsystem actually creates fee report.
If qualification fails, feen fee subsystem returns wife a failed qualification message. Reports that fail qualification may still be generated, however, some infoπnation may be indicated as being missing or incomplete. During generation ofa report for which fee format qualification failed, those sections, paragraphs, or clauses feat failed will insert a qualification failure message in fee output report that indicates feat fee required source data was not available. Plug-in Interface
The VAT Plug-in Interface 250 exposes portions of VAT 200 functionaUty to allow end users to enhance fee capabihties of fee VAT 200 beyond feose that are delivered with fee VAT 200. The VAT Plug-in Interface 250 subsystem exposes four interfaces which collectively allow the user to enhance VAT 200 behavior in three areas: adding additional analytic models, adding additional textual interpreters, and adding additional data input and output converters. In general terms, plug- ins are self-registering Microsoft COM objects that implement fee VAT Plug-in Interface and at least one of fee other VAT Plug-in Interfaces 250.
The static structure of fee VAT Plug-in interface 250 subsystem is shown in The Plug-In Interface Class Structure as shown in Figure 45. The plug-in interface is structured to support fee four exposed interfaces; each external interface is represented internally by a class that provides fee methods to interact across fee interface. In addition to fee interface classes, a higher level class plug- in interface implements control for the plug-in interface and provides fee public interface for fee VAT Plug-in Interface module 250.
During VAT 200 startup, fee VAT 200 initializes fee VAT Plug-in Interface module 250, which feen proceeds to register all plug-ins feat are located in fee VAT 200 system plug-ins directory and feose in fee user plug-ins directory. Each registered plug-in is feen started by fee VAT 200 to allow it to perform any resource allocation and startup processing feat may be required. After VAT 200 processing has completed, this process is reversed. Each plug-in is shutdown to allow it to free any resources it may have acquired during fee VAT 200 execution, and fee VAT plug-in interface 250 is shutdown.
Run-time processing varies depending on fee type of plug-in. As shown in Figure 46, while fee VAT 200 is running fee plug-in is dormant. When fee user requests an analytic model execution, however, the plug-in proceeds through three states. The pre-execute state allows a plug-in module to perform any data gather/reformatting required for an impending model execution. After completing pre-execution processing, fee VAT 200 proceeds through the execute state wherein fee VAT 200 would actually execute fee external model, and fee post execute state where fee VAT 200 allows fee analytic module plug-in to perform any post processing and data collection. TIMS
Interface Design
The TIMS 130 is composed of seven screens:
Login screen Welcome (splash) screen Browse screen Search screen Summary screen Compare screen Notes screen
The login screen allows fee user entry into fee system based on a login ID and a password. Once logged in, a splash screen welcomes fee user to fee system and offers a list of possible menu selections. The browse screen 4700 is shown in Figure 12. The browse screen 4700 gives fee user fee abiUty to sort the site entries based on several different methods. The user can also search fee sites for particular infoπnation using fee search screen. Once fee user had decided upon a particular site and report, fee summary screen outlines all of fee infoπnation available from that site. Using fee compare screen, the user can perform side-by-side comparisons of different report entries, either from fee same site or from different sites. At any time, fee user can capture comments or memos for later use wife fee notes screen. Software Architecture
The TTMS 130 provides fee user fee capabihty to view individual VAT 200 sessions from multiple sites. The TIMS 130 also allows fee user to sort, search and browse fee data from fee individual VAT 200 sessions by categories such as threat type, risk, score and ofeers.
Figure 12 is an overview of user interaction wife fee TTMS 130. Results from local VAT 200 sessions are transfened to fee TIMS 130, in fee form of fee VAT Database 220, and stored in a database along wife sessions from ofeer sites. The TTMS 130 user can feen analyze these various sessions using several browse and search techniques. Each session is viewable by selecting fee Summary option, which displays a brief overview of fee session's report and the information collected during the session presented in the form of charts and tables. At any point, fee user can access a notes screen to capture comments for later review.
The TTMS 130 database architecture is similar to the local VAT 200 wife minor enhancements in order to support fee TTMS 130 operational requirements. The TIMS 130 is implemented on a high performance database server supporting multiple cUents. The TIMS 130 database is designed to support fee storage and access of multiple VAT 200 sessions from multiple sites. Each session is individually identified within fee database supporting fee TIMS 130 operational requirements. The Database Management System (DBMS) handles data concuπency, integrity and user aufeentication of fee TTMS 130 sessions.
Through the user-friendly interface of fee T MS 130, fee user can perform many tasks to understand fee infoπnation collected from fee local sites, including:
■ Browsing data - The user can scroll through all of fee infoπnation sessions collected from fee local sites
■ Searching - The user can search for particular sets of data based on specific information, such as a site or a date
■ Ranking and sorting - The user can sort fee data and assign rankings based on categories such as threat type, risk score, remediation cost, target types, and vulnerabihties.
■ Comparison - The user can compare report sessions between fee Professional Assessor and Planner, across different dates, and through ofeer means.
Because of fee web-enabled capability of fee TIMS 130, a client-server arrangement is used as depicted in Figure 48. The TTMS 130 server handles fee reception and storage of fee local VAT 200 sessions, capturing each separate VAT Database 220 into one comprehensive data store. The user feen accesses fee collection of VAT 200 data by pointing feeir Web browser to fee TIMS 130 server. The server also handles login and password aufeentication before allowing VAT 200 data to be viewed. VAT Editor
The AVAT 100 Suite includes an editor feat is capable of modifying fee VAT 200 user interface, database, and reports formats. The editor is a standalone apphcation feat interfaces wife fee VAT Database 220 in order to make all of fee available modifications. This is possible because the user interface definitions and report formats for fee VAT 200 are all stored in fee database instead of being compiled into fee VAT 200 executable.
The VAT Editor 150 is capable of creating and editing fee user interface screens and can define screens feat are tailored to different types of users. It can edit fee database to add object instances into the data model and modify fee influence network 500. Finally, fee VAT Editor 150 can create, edit, and delete report formats to create new and customized reports to meet future needs. User Interface Design
The VAT Editor 150 will allow fee user to bofe view and change many aspects of fee VAT 200 apphcation. It is designed to allow a knowledgeable user to customize and extend fee VAT 200 to address future user needs. The tool will have a mode for viewing and modifying fee VAT 200 user interface, database, and output report formats. Each mode displays an overall picture of fee item being edited and provides a toolbar on fee left to issue edit commands. A mockup of fee interface is shown in Figure 11.
The User Interface Editing mode presents fee user wife a representation of fee current screen flow in fee system. It feen allows fee user to modify fee flow of fee screens, fee content of fee screens, and fee look and feel of fee apphcation. Because fee flow and contents of the screens are highly dependent on fee contents and structure of fee database, fee Database 220 mode is always available to fee user for reference.
The Database Editing mode provides fee user wife fee abiUty to view and move around fee database and its contents. It is capable of showing bofe fee data model and fee influence network 500. From there fee user can select a class or node to view and/or modify.
The Report Format Editing mode aUows fee user to view fee format of fee reports in fee VAT 200. They can feen create new reports from scratch, create new reports from existing report formats, and edit existing report formats. The VAT Editor 150 will display fee sections, paragraphs, and clauses that comprise fee report format. The user can feen select items to edit and/or insert new items from a list The screen Usting the feree editing modes is shown in Figure 49.
User Interface Editing
There are two aspects of fee User Interface feat can be modified: fee dynamic content and the overall look and feel as shown in Figure 50.
Nodes in fee influence network 500 and fee objects in fee data model 2600 drive fee dynamic content of fee user interface, shown above. Each of feese items has one or more GUI 202 definitions associated wife it as shown in Figure 51.
Each GUI 202 definition is also associated wife a specific user type feat will use it. The user
is able to:
■ Create and edit user types
■ Create and edit fee GUI 202 definitions feat fee GUI Engine 210 associates wife each user type for each node and data model object
The GUI 202 definitions completely describe fee dynamic content for fee given object.
Using fee VAT Editor 150 fee user is able to specify.
■ The title for fee screen
■ Screen breaks
■ Static text
■ Data input and output fields including:
■ Associated prompts and questions
■ Where fee data is stored in fee database
■ How it should be entered including:
■ Size limits
■ Type limitations
■ Choice lists
■ Default values
■ Images
■ Placement
■ Source file
■ Buttons including:
■ Text label
■ Type
■ Action
■ The objects in fee database feat should be filled in next In addition to defining fee dynamic content of fee user interface fee VAT Editor 150 can also specify fee look and feel of fee apphcation. This appUes to bofe fee dynamic content and fee static content. For fee dynamic content fee user can specify:
■ What type of GUI 202 component is used for each type of data. Example: Boolean values are displayed using check boxes or a hst box wife true and false choices.
■ The format for specific types of objects on fee screen. Example: Titles are bolded and centered.
For fee static content the user can specify:
■ The colors to use for GUI 202 elements
■ The fonts to use for GUI 202 elements
■ The images to use for icons
Database Editing
The database-editing mode will allow fee user to update and modify fee database 220 to:
■ Create and edit objects in fee Data Model 2600 by defining instances of existing classes. Example: Create a Jeep from fee vehicle class by filling in its parameters.
■ Add simple nodes to fee Node Tree that can only receive input from fee user interface, feey cannot access data model objects or system calculations.
■ Adjust fee influence of certain nodes in fee Node Tree including any that feey create.
■ Add general data to fee database for use in fee GUI 202 and reports.
The VAT Editor 150 is not able to edit or add classes in the Data Model 2600 in prefened embodiments. Output Report Format Editing
When editing output reports using fee VAT Editor 150 fee user is able to create, modify, and delete report formats in fee system. This allows feem to customize exiting report formats or create completely news ones as feey see fit Report formats in fee VAT 200 consist of sections, which can consist of paragraphs that can consist of clauses. The user is able to add, remove, or modify any part ofa report. To create even more customized reports, fee VAT Editor 150 allows fee user to create, modify, and delete fee available sections, paragraphs, and clauses in fee system. The user can edit bofe the content and fee formatting of fee items in fee report. The paragraphs and clauses are where all fee report content is created. Sections, which can contain only paragraphs, are used to conveniently group paragraphs together for later reuse.
The paragraphs in an output report can consist of:
Static Text
Results from simple queries of the database that return graphs or tables
Results from a report plug-in
Groups of clauses in the report system
Images
Clauses in a report can consist of:
■ Static text
■ Data values in fee database
■ Results from simple queries of fee database feat return text or simple data values
Figure 52 iUustrates fee various components of fee Editor 150. The VAT Editor 150 reuses packages of fee VAT 200. Figure 53 illustrates fee various subsystems of fee VAT Editor 150.
The invention has been described above in connection wife a preferred embodiment related terrorist risk management However, fee architecture of fee invention lends itself to modification for various ofeer types of risk, including but not limited to fee following:
Infrastructure Attacks
Information Theft (hackers, computer theft, etc.)
Financial Risk Management
Insurance Risk Management
Environmental Hazards
Risks to Qn-Qrbit SatelUte Systems and Constellations
Risks Associated wife Air and/or Highway Travel
Risks to Manned and Unmanned Space Travel MiUtary Planning and targeting (inverse of the risk problem)
Executive Personal Protection
Home Security
Building Security
Program and Project Risk Management
Drug Research or Ofeer R&D Planning
The modification is aided by the plug-in architecture of the invention. As discussed above, risk = probability * vulnerabiUty. Vulnerability is based on bofe susceptability and consequence. The structure of fee influence network lends itself to modification for any of fee above-referenced risk situations. For example, in terrorism risk management embodiments, fee invention calculates susceptibihty based in part upon fee 3D simulation/gaming environment (referred to above as accessabihty calculations) and in part upon consequence calculations performed by existing external programs via fee plug-in interfaces. Modification of this embodiment for an apphcation such as home security is straightforward. For example, fee consequence calculations, instead of being performed wife blast and CBR models, can be simpUfied to calculate property loss and damage as a result ofa burglary. The 3D simulation/ gaming environment can be modified to calculate vectors representing probable burglar entry routes rafeer than weapons dehvery routes. As anofeer example, fee invention may be modified for risk management of information theft by replacing fee 3D simulation/gaming environment wife a network security model. As a still further example, in a risk management system directed toward risks associated wife space travel, fee 3D simulation/gaming environment (which calculates accessibiUty) can be replaced wife a model that calculates fee proximity of fee spacecraft to space debris, and fee blast/CBR calculators can be replaced with similar programs that model damage to fee spacecraft resulting from collisions wife space debris. While the invention has been described in detail in connection wife fee prefened embodiments known at fee time, it should be readily understood feat the invention is not limited to such disclosed embodiments. Rather, the invention can be modified to incorporate any number of variations, alterations, substitutions or equivalent arrangements not heretofore described, but which are commensurate wife fee spirit and scope of fee invention.
Accordingly, fee invention is not to be seen as limited by fee foregoing description, but is only limited by the scope of the appended claims.

Claims

WHAT IS CLAIMED IS:
1. An apparatus for assessing a risk ofa tenorist attack comprising: a memory; an input device; a display device; and a processor connected to fee memory, fee input device and fee display device, fee processor being configured to perform fee steps of: inputting infoπnation about a site of potential tenorist attack from a user; constructing a model of fee site based on fee infoπnation input from fee user; accepting a designation from fee user of a weapon and dehvery point at fee site; deteπnining an accessabiUty of fee site to fee weapon/delivery point by determining a threat vector which is mostly Ukely fee threat vector by which fee weapon will be dehvered and fee likelihood ofa successful deUvery based on fee model; determining a probabiUty that a tenorist attack will occur; and calculating a relative risk based at least partially on fee accessibiUty and probabiUty.
2. The apparatus of Claim 1, wherein fee relative risk is further based on a consequence calculation.
3. The apparatus of Claim 2, wherein fee consequence calculations is performed by outputting data including model data to a consequence calculator plug-in and accepting consequence data from fee plug-in.
4. The apparatus of Claim 1, wherein he processor is further configured to perform the step of preparing a report including fee probabiUty, accessabiUty and relative risk.
5. The apparatus of Claim 1 , wherein fee processor is further configured to perform fee step of displaying a three dimensional rφresentation of fee most Ukely threat vector to fee user.
6. The apparatus of Claim 1, wherein fee relative risk is calculated using a Bayesian network.
7. A method for assessing a risk of a tenorist attack comprising fee steps of: inputting information about a site ofa potential tenorist attack from a user; constructing a model of fee site based on fee input from fee user; accφting a designation from the user ofa weapon and dehvery point at fee site; determining an accessabiUty of fee site to fee weapon/dehvery point by deteπnining a threat vector which is mostly likely fee threat vector by which fee weapon will be dehvered and fee likelihood ofa successful dehveiy based on fee model; deterrnining a probabiUty that a terrorist attack wiU occur; and calculating a relative risk based at least partially on fee accessibility and probabiUty.
8. The method of Claim 7, wherein fee relative risk is further based on a consequence calculation.
9. The method of Claim 8, wherein fee consequence calculations is performed by outputting data including model data to a consequence calculator plug-in and accφting consequence data from fee plug-in.
10. The method of Claim 7, wherein fee processor is further configured to perform the step of preparing a report including fee probabiUty, accessabiUty and relative risk.
11. The method of Claim 7, wherein fee processor is further configured to perform fee stφ of displaying a three dimensional rφresentation of fee most likely threat vector to fee user.
12. The method of Claim 7, wherein fee relative risk is calculated using a Bayesian network.
13. A method of assessing risk comprising fee stφs of: calculating a probabiUty feat an event will occur, calculating a vulnerabiUty to the event; and calculating a relative risk based on fee probabiUty and vulnerabiUty; wherein the calculating stφs are performed using an artificial intelUgence network.
14. The mefeod of Claim 13, wherein fee artificial intelligence network is a Bayesian network.
15. The mefeod of Claim 13, wherein the vulnerabiUty is based upon a suscφtabihty to fee event and a consequence of fee event.
16. The mefeod of Claim 15, wherein fee suscφtabiUty is based upon an accessabiUty which is determined from a model of a physical environment
17. The mefeod of Claim 13, wherein fee risk is a risk of a tenorist attack.
18. The mefeod of Claim 13, wherein fee risk is a risk of an infrastructure attack.
19. The mefeod of Claim 13, wherein fee risk is a risk of an infoπnation theft.
20. The mefeod of Claim 13, wherein fee risk is financial loss.
21. The mefeod of Claim 13, wherein fee risk is insurance loss.
22. The mefeod of Claim 13, wherein fee risk is environmental hazard.
23. The mefeod of Claim 13, wherein fee risk is risk of loss or damage to on-orbit satelUte systems and constellations.
24. The mefeod of Claim 13, wherein fee risk is associated wife air travel.
25. The mefeod of Claim 13, wherein fee risk is associated wife highway travel.
26. The mefeod of Claim 13, wherein fee risk is associated wife manned and unmanned space travel.
27. The mefeod of Claim 13, wherein fee risk is associated wife military action.
28. The mefeod of Claim 13, wherein fee risk is injury to a person.
29. The mefeod of Claim 13, wherein fee risk is crime committed on a person.
30. The mefeod of Claim 13, wherein fee risk is a risk to home security.
31. The mefeod of Claim 13, wherein fee risk is a risk to building security.
32. The method of Claim 13, wherein fee risk is program and project risk management.
33. An apparatus for assessing risk comprising: a database for storing information including infoπnation about at least one actor, physical surroundings, and expert observations; a simulation and gaming environment in communication wife fee database for determining a threat vector and a likelihood feat fee threat will succeed; a plug-in interface in communication wife fee database and connectable to a consequence calculator for outputting infoπnation from fee database to fee consequence calculator and inputting information concerining a consequence of an undesirable event; and a decision support system in communication wife fee database for calculating a relative risk based on probabiUty and vulnerabiUty determined from information in fee database and infoπnation from fee simulation and gaming environment and fee plug-in interface.
34. The apparatus ofclaim 33, further comprising a report generator for assembling a report concerning fee relative risk.
35. The apparatus of claim 34, further comprising a theater information management system for sharing database information wife remote terminals or computers.
36. The apparatus ofclaim 33, wherein fee database is an object oriented database.
37. The apparatus ofclaim 36, wherein objects in fee database are persistent objects.
38. The apparatus of claim 33, wherein fee infoπnation in fee database further includes historical information.
39. The apparatus ofclaim 33, further comprising an editor for editing information in fee database.
40. The apparatus of claim 33, wherein fee risk is a risk of tenorist attack.
41. The apparatus ofclaim 33, wherein fee decision support system employs a Bayesian network.
PCT/US2000/032822 1999-12-03 2000-12-04 Method and apparatus for risk management WO2001040984A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU19414/01A AU1941401A (en) 1999-12-03 2000-12-04 Method and apparatus for risk management

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/453,509 US7231327B1 (en) 1999-12-03 1999-12-03 Method and apparatus for risk management
US09/453,509 1999-12-03

Publications (2)

Publication Number Publication Date
WO2001040984A1 WO2001040984A1 (en) 2001-06-07
WO2001040984A9 true WO2001040984A9 (en) 2002-05-30

Family

ID=23800833

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2000/032822 WO2001040984A1 (en) 1999-12-03 2000-12-04 Method and apparatus for risk management

Country Status (3)

Country Link
US (4) US7231327B1 (en)
AU (1) AU1941401A (en)
WO (1) WO2001040984A1 (en)

Families Citing this family (342)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6615189B1 (en) 1998-06-22 2003-09-02 Bank One, Delaware, National Association Debit purchasing of stored value card for use by and/or delivery to others
US7809642B1 (en) 1998-06-22 2010-10-05 Jpmorgan Chase Bank, N.A. Debit purchasing of stored value card for use by and/or delivery to others
US6032136A (en) 1998-11-17 2000-02-29 First Usa Bank, N.A. Customer activated multi-value (CAM) card
US7231327B1 (en) * 1999-12-03 2007-06-12 Digital Sandbox Method and apparatus for risk management
US8793160B2 (en) 1999-12-07 2014-07-29 Steve Sorem System and method for processing transactions
US7136860B2 (en) 2000-02-14 2006-11-14 Overture Services, Inc. System and method to determine the validity of an interaction on a network
US7174339B1 (en) * 2000-03-07 2007-02-06 Tririga Llc Integrated business system for the design, execution, and management of projects
US6816786B2 (en) * 2000-04-18 2004-11-09 Devrie S Intriligator Space weather prediction system and method
US7783500B2 (en) * 2000-07-19 2010-08-24 Ijet International, Inc. Personnel risk management system and methods
US7343303B2 (en) * 2000-07-19 2008-03-11 Ijet International, Inc. Global asset risk management system and methods
US6842737B1 (en) * 2000-07-19 2005-01-11 Ijet Travel Intelligence, Inc. Travel information method and associated system
US7099886B2 (en) * 2000-07-20 2006-08-29 Microsoft Corporation Method and apparatus for identifying programming object attributes
US6993448B2 (en) 2000-08-09 2006-01-31 Telos Corporation System, method and medium for certifying and accrediting requirements compliance
US7380270B2 (en) * 2000-08-09 2008-05-27 Telos Corporation Enhanced system, method and medium for certifying and accrediting requirements compliance
US6901346B2 (en) * 2000-08-09 2005-05-31 Telos Corporation System, method and medium for certifying and accrediting requirements compliance
US8762178B2 (en) * 2000-09-30 2014-06-24 Advisen, Ltd. System and method for providing global information on risks and related hedging strategies
US20050144114A1 (en) * 2000-09-30 2005-06-30 Ruggieri Thomas P. System and method for providing global information on risks and related hedging strategies
US6710711B2 (en) * 2000-10-02 2004-03-23 Kenneth M. Berry Method for identifying chemical, biological and nuclear attacks or hazards
US7305351B1 (en) * 2000-10-06 2007-12-04 Qimonda Ag System and method for managing risk and opportunity
GB2372843A (en) 2000-10-12 2002-09-04 Strategic Thought Ltd Integrative project risk management system
AU2002237718A1 (en) * 2000-10-30 2002-05-21 Tririga, Inc. Method for associating graphical objects with non-graphical data
US8121937B2 (en) 2001-03-20 2012-02-21 Goldman Sachs & Co. Gaming industry risk management clearinghouse
US7899722B1 (en) 2001-03-20 2011-03-01 Goldman Sachs & Co. Correspondent bank registry
US7548883B2 (en) 2001-03-20 2009-06-16 Goldman Sachs & Co Construction industry risk management clearinghouse
US8285615B2 (en) 2001-03-20 2012-10-09 Goldman, Sachs & Co. Construction industry risk management clearinghouse
US8069105B2 (en) 2001-03-20 2011-11-29 Goldman Sachs & Co. Hedge fund risk management
US20040006532A1 (en) * 2001-03-20 2004-01-08 David Lawrence Network access risk management
US8140415B2 (en) 2001-03-20 2012-03-20 Goldman Sachs & Co. Automated global risk management
US7904361B2 (en) 2001-03-20 2011-03-08 Goldman Sachs & Co. Risk management customer registry
US20030225687A1 (en) * 2001-03-20 2003-12-04 David Lawrence Travel related risk management clearinghouse
US8209246B2 (en) 2001-03-20 2012-06-26 Goldman, Sachs & Co. Proprietary risk management clearinghouse
US7958027B2 (en) 2001-03-20 2011-06-07 Goldman, Sachs & Co. Systems and methods for managing risk associated with a geo-political area
US8527400B2 (en) * 2001-03-20 2013-09-03 Goldman, Sachs & Co. Automated account risk management
US7313546B2 (en) 2001-05-23 2007-12-25 Jp Morgan Chase Bank, N.A. System and method for currency selectable stored value instrument
US7617201B1 (en) * 2001-06-20 2009-11-10 Microstrategy, Incorporated System and method for analyzing statistics in a reporting system
US20020198750A1 (en) * 2001-06-21 2002-12-26 Innes Bruce Donald Risk management application and method
US7904454B2 (en) 2001-07-16 2011-03-08 International Business Machines Corporation Database access security
WO2003010701A1 (en) 2001-07-24 2003-02-06 First Usa Bank, N.A. Multiple account card and transaction routing
US8020754B2 (en) * 2001-08-13 2011-09-20 Jpmorgan Chase Bank, N.A. System and method for funding a collective account by use of an electronic tag
US7311244B1 (en) 2001-08-13 2007-12-25 Jpmorgan Chase Bank, N.A. System and method for funding a collective account by use of an electronic tag
US6975996B2 (en) 2001-10-09 2005-12-13 Goldman, Sachs & Co. Electronic subpoena service
US20030169853A1 (en) * 2001-10-12 2003-09-11 Moses Thomas H. Electronic emergency response management system
AU2002367595A1 (en) * 2001-11-28 2003-09-22 Goldman, Sachs And Co. Transaction surveillance
CA2364425A1 (en) * 2001-12-05 2003-06-05 Algorithmics International Corp. A system for calculation of operational risk capital
US20030125997A1 (en) * 2001-12-20 2003-07-03 Allison Stoltz System and method for risk assessment
US7899688B2 (en) 2001-12-31 2011-03-01 Genworth Financial, Inc. Process for optimization of insurance underwriting suitable for use by an automated system
US8005693B2 (en) 2001-12-31 2011-08-23 Genworth Financial, Inc. Process for determining a confidence factor for insurance underwriting suitable for use by an automated system
US7844476B2 (en) 2001-12-31 2010-11-30 Genworth Financial, Inc. Process for case-based insurance underwriting suitable for use by an automated system
US7895062B2 (en) 2001-12-31 2011-02-22 Genworth Financial, Inc. System for optimization of insurance underwriting suitable for use by an automated system
US7818186B2 (en) 2001-12-31 2010-10-19 Genworth Financial, Inc. System for determining a confidence factor for insurance underwriting suitable for use by an automated system
US8793146B2 (en) * 2001-12-31 2014-07-29 Genworth Holdings, Inc. System for rule-based insurance underwriting suitable for use by an automated system
US7844477B2 (en) 2001-12-31 2010-11-30 Genworth Financial, Inc. Process for rule-based insurance underwriting suitable for use by an automated system
US7930230B2 (en) * 2002-02-13 2011-04-19 Sap Ag Methods and systems for risk evaluation
EP1336927A1 (en) * 2002-02-13 2003-08-20 Sap Ag Method and system for risk evaluation
CN1639718A (en) * 2002-02-26 2005-07-13 达米安·姆戈文 Management method
IE20030139A1 (en) * 2002-02-27 2003-10-01 Ind Interfaces Ltd A risk mapping system
US7756896B1 (en) 2002-03-11 2010-07-13 Jp Morgan Chase Bank System and method for multi-dimensional risk analysis
US7899753B1 (en) 2002-03-25 2011-03-01 Jpmorgan Chase Bank, N.A Systems and methods for time variable financial authentication
US20040210498A1 (en) 2002-03-29 2004-10-21 Bank One, National Association Method and system for performing purchase and other transactions using tokens with multiple chips
US8751391B2 (en) 2002-03-29 2014-06-10 Jpmorgan Chase Bank, N.A. System and process for performing purchase transactions using tokens
US20040078232A1 (en) * 2002-06-03 2004-04-22 Troiani John S. System and method for predicting acute, nonspecific health events
US7243008B2 (en) * 2002-06-11 2007-07-10 Lockheed Martin Automated intel data radio
US20070222589A1 (en) * 2002-06-27 2007-09-27 Richard Gorman Identifying security threats
WO2004008292A2 (en) * 2002-07-16 2004-01-22 Jp Morgan Chase Bank System and method for managing business continuity
US8239304B1 (en) 2002-07-29 2012-08-07 Jpmorgan Chase Bank, N.A. Method and system for providing pre-approved targeted products
US7809595B2 (en) 2002-09-17 2010-10-05 Jpmorgan Chase Bank, Na System and method for managing risks associated with outside service providers
US20040059701A1 (en) * 2002-09-20 2004-03-25 Sergey Fedorov Method and apparatus for integrating data aggregation of historical data and real-time deliverable metrics in a database reporting environment
US6952779B1 (en) * 2002-10-01 2005-10-04 Gideon Cohen System and method for risk detection and analysis in a computer network
US8407798B1 (en) 2002-10-01 2013-03-26 Skybox Secutiry Inc. Method for simulation aided security event management
US20040122736A1 (en) 2002-10-11 2004-06-24 Bank One, Delaware, N.A. System and method for granting promotional rewards to credit account holders
US7222298B2 (en) * 2002-11-12 2007-05-22 Siemens Communications, Inc. Advanced JAVA rich text format generator
US7702574B2 (en) * 2002-11-14 2010-04-20 Goldman Sachs & Co. Independent research consensus earnings estimates and methods of determining such
US20040172317A1 (en) * 2002-11-18 2004-09-02 Davis Nancy J. System for improving processes and outcomes in risk assessment
US20040098300A1 (en) * 2002-11-19 2004-05-20 International Business Machines Corporation Method, system, and storage medium for optimizing project management and quality assurance processes for a project
US6980927B2 (en) * 2002-11-27 2005-12-27 Telos Corporation Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing continuous risk assessment
US20040103309A1 (en) * 2002-11-27 2004-05-27 Tracy Richard P. Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing threat vulnerability feed
US20040103375A1 (en) * 2002-11-27 2004-05-27 Rutie Chen Method and apparatus for automated schematic rendering
US6983221B2 (en) * 2002-11-27 2006-01-03 Telos Corporation Enhanced system, method and medium for certifying and accrediting requirements compliance utilizing robust risk assessment model
US20040168086A1 (en) * 2002-12-18 2004-08-26 Carl Young Interactive security risk management
US20050190053A1 (en) * 2003-01-24 2005-09-01 Diegane Dione Managing an occupant of a structure during an emergency event
US7366674B2 (en) 2003-01-24 2008-04-29 Diegane Dione Occupant management method, system, and program product
US9307884B1 (en) * 2003-01-27 2016-04-12 The Pnc Financial Services Group, Inc. Visual asset structuring tool
AU2003902636A0 (en) * 2003-02-19 2003-06-12 Metatheme Pty Ltd Risk management
FR2851670B1 (en) * 2003-02-21 2005-07-01 Inst Francais Du Petrole METHOD FOR RAPIDLY DEVELOPING A STOCHASTIC MODEL REPRESENTATIVE OF A UNDERGROUND HETEROGENEOUS RESERVOIR CONSTRAINTED BY UNCERTAIN STATIC AND DYNAMIC DATA
WO2005040997A2 (en) * 2003-02-24 2005-05-06 Dione Diegane Emergency evacuation management method, system, and program product
US20050033761A1 (en) * 2003-03-04 2005-02-10 William Guttman System and method for generating and using a pooled knowledge base
US7031838B1 (en) * 2003-03-25 2006-04-18 Integrated Environmental Services. Inc. System and method for a cradle-to-grave solution for investigation and cleanup of hazardous waste impacted property and environmental media
SE0300894D0 (en) * 2003-03-28 2003-03-28 Saab Ab Method of establishing rules for a device intended to be used to generate decision support
US7567914B2 (en) 2003-04-30 2009-07-28 Genworth Financial, Inc. System and process for dominance classification for insurance underwriting suitable for use by an automated system
US7383239B2 (en) 2003-04-30 2008-06-03 Genworth Financial, Inc. System and process for a fusion classification for insurance underwriting suitable for use by an automated system
US7801748B2 (en) 2003-04-30 2010-09-21 Genworth Financial, Inc. System and process for detecting outliers for insurance underwriting suitable for use by an automated system
US7813945B2 (en) 2003-04-30 2010-10-12 Genworth Financial, Inc. System and process for multivariate adaptive regression splines classification for insurance underwriting suitable for use by an automated system
US8306907B2 (en) 2003-05-30 2012-11-06 Jpmorgan Chase Bank N.A. System and method for offering risk-based interest rates in a credit instrument
US20040249678A1 (en) * 2003-06-03 2004-12-09 Henderson E. Devere Systems and methods for qualifying expected risk due to contingent destructive human activities
US20050034075A1 (en) * 2003-06-05 2005-02-10 Ch2M Hill, Inc. GIS-based emergency management
US20040260591A1 (en) * 2003-06-17 2004-12-23 Oracle International Corporation Business process change administration
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US9118711B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
WO2005010681A2 (en) * 2003-07-18 2005-02-03 Archer-Daniels-Midland Company Method and system for managing regulatory information
US7386883B2 (en) * 2003-07-22 2008-06-10 International Business Machines Corporation Systems, methods and computer program products for administration of computer security threat countermeasures to a computer system
US20050022021A1 (en) * 2003-07-22 2005-01-27 Bardsley Jeffrey S. Systems, methods and data structures for generating computer-actionable computer security threat management information
US7068161B2 (en) * 2003-07-31 2006-06-27 Ch2M Hill, Inc. Method and system for analyzing the security of a facility
US7580909B2 (en) 2003-08-26 2009-08-25 Northrop Grumman Corporation Visual representation tool for structured arguments
US7953663B1 (en) 2003-09-04 2011-05-31 Jpmorgan Chase Bank, N.A. System and method for financial instrument pre-qualification and offering
US7698148B2 (en) * 2003-09-12 2010-04-13 Raytheon Company Web-based risk management tool and method
WO2005038708A2 (en) * 2003-10-14 2005-04-28 Kimberley Hanke System for manipulating three-dimensional images
US20050108063A1 (en) * 2003-11-05 2005-05-19 Madill Robert P.Jr. Systems and methods for assessing the potential for fraud in business transactions
US7707511B2 (en) * 2003-11-18 2010-04-27 Gary Edward Peterson Interactive risk management system and method
US20060116898A1 (en) * 2003-11-18 2006-06-01 Peterson Gary E Interactive risk management system and method with reputation risk management
US20050108080A1 (en) * 2003-11-18 2005-05-19 Peterson Gary E. Interactive risk management system and method
US7698159B2 (en) 2004-02-13 2010-04-13 Genworth Financial Inc. Systems and methods for performing data collection
US7370345B2 (en) * 2004-03-02 2008-05-06 Lenovo Singapore Pte. Ltd Domain controlling systems, methods and computer program products for administration of computer security threat countermeasures to a domain of target computer systems
SE527758C2 (en) * 2004-03-16 2006-05-30 Kjell Olsson Method in electronic systems for the detection of various parameters with the indication of probability values
US20080027690A1 (en) * 2004-03-31 2008-01-31 Philip Watts Hazard assessment system
US7006923B1 (en) * 2004-05-19 2006-02-28 The United States Of America As Represented By The Secretary Of The Navy Distributed biohazard surveillance system and apparatus for adaptive collection and particulate sampling
GB0412123D0 (en) * 2004-05-29 2004-06-30 Cambridge Systems Associates L Computer system for data manipulation and related methods
US8442953B2 (en) 2004-07-02 2013-05-14 Goldman, Sachs & Co. Method, system, apparatus, program code and means for determining a redundancy of information
US8996481B2 (en) 2004-07-02 2015-03-31 Goldman, Sach & Co. Method, system, apparatus, program code and means for identifying and extracting information
US8510300B2 (en) 2004-07-02 2013-08-13 Goldman, Sachs & Co. Systems and methods for managing information associated with legal, compliance and regulatory risk
US8762191B2 (en) 2004-07-02 2014-06-24 Goldman, Sachs & Co. Systems, methods, apparatus, and schema for storing, managing and retrieving information
US7376924B2 (en) * 2004-07-12 2008-05-20 International Business Machines Corporation Methods for placement which maintain optimized behavior, while improving wireability potential
US8458793B2 (en) * 2004-07-13 2013-06-04 International Business Machines Corporation Methods, computer program products and data structures for intrusion detection, intrusion response and vulnerability remediation across target computer systems
US20060026044A1 (en) * 2004-07-28 2006-02-02 Smith Donald X Ii Electronic content insurance system
US7392222B1 (en) 2004-08-03 2008-06-24 Jpmorgan Chase Bank, N.A. System and method for providing promotional pricing
US20070288208A1 (en) * 2004-08-20 2007-12-13 Lockheed Martin Corporation Measurable enterprise CBRNE protection
US20060059026A1 (en) * 2004-08-24 2006-03-16 Oracle International Corporation Compliance workbench
US20060047543A1 (en) * 2004-08-30 2006-03-02 Moses Thomas H Electronic emergency response management system with automated rule-based alert notifications and response deployment
US20060085390A1 (en) * 2004-10-15 2006-04-20 Ming-Feng Ho Method and system for online real-time query about current status of optical component
US20060089861A1 (en) * 2004-10-22 2006-04-27 Oracle International Corporation Survey based risk assessment for processes, entities and enterprise
US20060095963A1 (en) * 2004-10-29 2006-05-04 Simon Crosby Collaborative attack detection in networks
US7756692B2 (en) * 2004-11-12 2010-07-13 Southwest Research Institute Crowd behavior modeling method and system
US20060118636A1 (en) * 2004-12-07 2006-06-08 Planready, Inc. System and method for coordinating movement of personnel
US7680805B2 (en) * 2004-12-30 2010-03-16 Sap Ag Synchronization method for an object oriented information system (IS) model
US8255262B2 (en) * 2005-01-21 2012-08-28 Hntb Holdings Ltd Methods and systems for assessing security risks
US8190466B2 (en) 2005-01-21 2012-05-29 Hntb Holdings Ltd Methods and systems for identifying safe havens for hazardous transports
US7548925B2 (en) * 2005-01-24 2009-06-16 Microsoft Corporation Diagrammatic access and arrangement of data
US20070026426A1 (en) * 2005-04-26 2007-02-01 Applera Corporation System for genetic surveillance and analysis
US7984002B2 (en) * 2005-04-29 2011-07-19 Charles River Analytics, Inc. Automatic source code generation for computing probabilities of variables in belief networks
US7401731B1 (en) 2005-05-27 2008-07-22 Jpmorgan Chase Bank, Na Method and system for implementing a card product with multiple customized relationships
US7944468B2 (en) * 2005-07-05 2011-05-17 Northrop Grumman Systems Corporation Automated asymmetric threat detection using backward tracking and behavioral analysis
US7558755B2 (en) * 2005-07-13 2009-07-07 Mott Antony R Methods and systems for valuing investments, budgets and decisions
US7970788B2 (en) * 2005-08-02 2011-06-28 International Business Machines Corporation Selective local database access restriction
US20070078695A1 (en) * 2005-09-30 2007-04-05 Zingelewicz Virginia A Methods, systems, and computer program products for identifying assets for resource allocation
US20080126108A1 (en) * 2005-10-11 2008-05-29 Hodgin C Reed System and method for implementing a meteorological network for improved atmospheric modeling
US7933923B2 (en) 2005-11-04 2011-04-26 International Business Machines Corporation Tracking and reconciling database commands
US20070124186A1 (en) * 2005-11-14 2007-05-31 Lev Virine Method of managing project uncertainties using event chains
EP1954224B1 (en) * 2005-11-14 2013-05-29 Covidien LP Stent delivery system for ostial locations in a conduit
US7885841B2 (en) * 2006-01-05 2011-02-08 Oracle International Corporation Audit planning
JP4838593B2 (en) * 2006-01-24 2011-12-14 富士通株式会社 Trouble information analysis program, trouble information analysis apparatus, and trouble information analysis method
US7602281B2 (en) 2006-01-26 2009-10-13 The United States Of America As Represented By The Secretary Of The Army System and method for tactical distributed event warning notification for individual entities, and computer program product therefor
US7764185B1 (en) 2006-01-26 2010-07-27 The United States Of America As Represented By The Secretary Of The Army System, user warning and positioning device for use therein, and computer program product therefor, for tactical distributed event warning notification for individual entities
US7598850B2 (en) * 2006-01-26 2009-10-06 The United States Of America As Represented By The Secretary Of The Army System and method for centralized event warning notification for individual entities, and computer program product therefor
US7784682B2 (en) 2006-02-08 2010-08-31 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US8408455B1 (en) 2006-02-08 2013-04-02 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US20080133190A1 (en) * 2006-02-13 2008-06-05 Shay Peretz method and a system for planning a security array of sensor units
US20070203759A1 (en) * 2006-02-27 2007-08-30 Guy Carpenter & Company Portfolio management system with gradient display features
US20070208600A1 (en) * 2006-03-01 2007-09-06 Babus Steven A Method and apparatus for pre-emptive operational risk management and risk discovery
US20100235274A1 (en) * 2006-03-03 2010-09-16 Yu-Chiuan Chen Anti-terror platform for securing a community against terrorisms
US7753259B1 (en) 2006-04-13 2010-07-13 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to both customers and non-customers
US20070276679A1 (en) * 2006-05-25 2007-11-29 Northrop Grumman Corporation Hazard identification and tracking system
US7353115B2 (en) * 2006-07-20 2008-04-01 Swiss Reinsurance Company Computer system and method for determining a regional impact of earthquake events
US8090600B2 (en) 2006-07-31 2012-01-03 Insight Catastrophe Solutions Apparatuses, methods, and systems for building a risk evaluation product
US7844529B2 (en) 2006-07-31 2010-11-30 Insight Catastrophe Solutions Apparatuses, methods, and systems for providing a reconfigurable insurance quote generator user interface
US7844530B2 (en) 2006-07-31 2010-11-30 Insight Catastrophe Solutions Apparatuses, methods, and systems for providing a risk scoring engine user interface
US20080033737A1 (en) * 2006-08-02 2008-02-07 Crisaid Sarl Method and a system for providing a business organization with an online questionnaire to automatically create a manual for repsonding to a crisis
US10453029B2 (en) * 2006-08-03 2019-10-22 Oracle International Corporation Business process for ultra transactions
US20080071396A1 (en) * 2006-08-16 2008-03-20 Hntb Holdings Ltd Computerized systems and methods for hazardous material release event response
WO2008060308A2 (en) * 2006-09-11 2008-05-22 Hntb Holdings Ltd Data model for risk assessments
US20080077474A1 (en) * 2006-09-20 2008-03-27 Dumas Mark E Method and system for global consolidated risk, threat and opportunity assessment
US20080113329A1 (en) * 2006-11-13 2008-05-15 International Business Machines Corporation Computer-implemented methods, systems, and computer program products for implementing a lessons learned knowledge management system
US20080129724A1 (en) * 2006-12-04 2008-06-05 Nike, Inc. Image Editing
US8374832B1 (en) * 2006-12-06 2013-02-12 Exelis Inc. Virtual scene generator and probability of interception system and method
JP4312789B2 (en) * 2006-12-07 2009-08-12 富士通株式会社 Business continuity analysis program and business continuity analyzer
WO2008076984A1 (en) * 2006-12-16 2008-06-26 Armando Alvarez Methods and systems for risk management
US8141100B2 (en) 2006-12-20 2012-03-20 International Business Machines Corporation Identifying attribute propagation for multi-tier processing
US20080208637A1 (en) * 2007-01-03 2008-08-28 American International Group, Inc. Method And System For Assessing Environmental Risk Associated With Parcel Of Real Property
US8495367B2 (en) 2007-02-22 2013-07-23 International Business Machines Corporation Nondestructive interception of secure data in transit
US20100332640A1 (en) * 2007-03-07 2010-12-30 Dennis Sidney Goodrow Method and apparatus for unified view
US8495157B2 (en) 2007-03-07 2013-07-23 International Business Machines Corporation Method and apparatus for distributed policy-based management and computed relevance messaging with remote attributes
WO2008109848A2 (en) 2007-03-07 2008-09-12 Bigfix, Inc. Pseudo-agent
US20080243439A1 (en) * 2007-03-28 2008-10-02 Runkle Paul R Sensor exploration and management through adaptive sensing framework
US20080243425A1 (en) * 2007-03-28 2008-10-02 Eliazar Austin I D Tracking target objects through occlusions
US7770203B2 (en) * 2007-04-17 2010-08-03 International Business Machines Corporation Method of integrating a security operations policy into a threat management vector
US8285533B2 (en) * 2007-05-25 2012-10-09 Raytheon Company Directed energy weapon deployment simulation
US20080313143A1 (en) * 2007-06-14 2008-12-18 Boeing Company Apparatus and method for evaluating activities of a hostile force
US20120036098A1 (en) * 2007-06-14 2012-02-09 The Boeing Company Analyzing activities of a hostile force
US8676642B1 (en) 2007-07-05 2014-03-18 Jpmorgan Chase Bank, N.A. System and method for granting promotional rewards to financial account holders
US9968850B2 (en) * 2007-09-17 2018-05-15 Disney Enterprises, Inc. System for providing virtual spaces for access by users
US20090077475A1 (en) * 2007-09-17 2009-03-19 Areae, Inc. System for providing virtual spaces with separate places and/or acoustic areas
US8196050B2 (en) 2007-09-17 2012-06-05 Mp 1, Inc. System and method for embedding a view of a virtual space in a banner ad and enabling user interaction with the virtual space within the banner ad
CN101868811B (en) * 2007-09-19 2013-03-06 联合工艺公司 System and method for threat propagation estimation
US7890444B2 (en) * 2007-09-19 2011-02-15 International Business Machines Corporation Visualization of data availability and risk
US7805284B2 (en) * 2007-10-04 2010-09-28 Hitachi, Ltd. Simulation model defining system for generating a simulation program for a simulator simulating a behavior of economy or society regarded as a system of phenomena and events
US8417601B1 (en) 2007-10-18 2013-04-09 Jpmorgan Chase Bank, N.A. Variable rate payment card
US8622308B1 (en) 2007-12-31 2014-01-07 Jpmorgan Chase Bank, N.A. System and method for processing transactions using a multi-account transactions device
US8676746B2 (en) * 2008-01-03 2014-03-18 Microsoft Corporation Database management system risk assessment
AU2009200515A1 (en) 2008-02-13 2009-08-27 Aristocrat Technologies Australia Pty Limited A method of gaming, a game controller and a gaming system
US8078528B1 (en) 2008-02-21 2011-12-13 Jpmorgan Chase Bank, N.A. System and method for providing borrowing schemes
US8199166B2 (en) * 2008-03-14 2012-06-12 Schlumberger Technology Corporation Visualization techniques for oilfield operations
US20090248488A1 (en) * 2008-03-27 2009-10-01 British Telecommunications Public Limited Company Risk assessment forecasting in a supply chain
GB2458568B (en) * 2008-03-27 2012-09-19 Covertix Ltd System and method for dynamically enforcing security policies on electronic files
AU2009201387A1 (en) * 2008-04-22 2009-11-05 Aristocrat Technologies Australia Pty Limited A method of gaming, a gaming system and a game controller
US8261326B2 (en) 2008-04-25 2012-09-04 International Business Machines Corporation Network intrusion blocking security overlay
US8762188B2 (en) 2008-05-12 2014-06-24 Ut-Battelle, Llc Cyberspace security system
US20090281864A1 (en) * 2008-05-12 2009-11-12 Abercrombie Robert K System and method for implementing and monitoring a cyberspace security econometrics system and other complex systems
WO2009140639A1 (en) * 2008-05-15 2009-11-19 Unicorn Media, Inc. Relevancy search method for media objects in a database
US20090292509A1 (en) * 2008-05-23 2009-11-26 Thompson Benjamin P Method and system for assessing response of a building system to an extreme event
US8066571B2 (en) 2008-06-09 2011-11-29 Metaplace, Inc. System and method for enabling characters to be manifested within a plurality of different virtual spaces
US9403087B2 (en) * 2008-06-09 2016-08-02 Disney Enterprises, Inc. System and method of providing access to virtual spaces that are associated with physical analogues in the real world
US8301469B1 (en) 2008-06-24 2012-10-30 Mark Veldhuizen Mortgage insurance system
US8412556B2 (en) * 2008-07-31 2013-04-02 Siemens Aktiengesellschaft Systems and methods for facilitating an analysis of a business project
US8630888B2 (en) * 2008-07-31 2014-01-14 Siemens Aktiengesellschaft Systems and methods for analyzing a potential business partner
WO2010019462A2 (en) * 2008-08-15 2010-02-18 Raytheon Company Method and apparatus for critical infrastructure protection
US8112304B2 (en) * 2008-08-15 2012-02-07 Raytheon Company Method of risk management across a mission support network
US9100249B2 (en) * 2008-10-10 2015-08-04 Metaplace, Inc. System and method for providing virtual spaces for access by users via the web
US20100184500A1 (en) * 2009-01-06 2010-07-22 Peter Beasley System and method of using gaming software technology to motivate the use of business software
US20100185574A1 (en) * 2009-01-16 2010-07-22 Sondre Skatter Network mechanisms for a risk based interoperability standard for security systems
US8413108B2 (en) * 2009-05-12 2013-04-02 Microsoft Corporation Architectural data metrics overlay
US20110029351A1 (en) * 2009-07-31 2011-02-03 Siemens Ag Systems and Methods for Providing Compliance Functions in a Business Entity
US8966110B2 (en) * 2009-09-14 2015-02-24 International Business Machines Corporation Dynamic bandwidth throttling
EP2302470A3 (en) 2009-09-29 2014-06-11 Honeywell International Inc. Systems and methods for configuring a building management system
US8565902B2 (en) * 2009-09-29 2013-10-22 Honeywell International Inc. Systems and methods for controlling a building management system
US8584030B2 (en) * 2009-09-29 2013-11-12 Honeywell International Inc. Systems and methods for displaying HVAC information
DE102009048591A1 (en) * 2009-10-07 2011-04-14 Wincor Nixdorf International Gmbh System and method for providing data regarding business events within business processes
US20110154117A1 (en) * 2009-12-22 2011-06-23 General Electric Company, A New York Corporation Methods and apparatus to perform log file analyses
US8688501B2 (en) * 2010-01-20 2014-04-01 International Business Machines Corporation Method and system enabling dynamic composition of heterogenous risk models
US8577505B2 (en) * 2010-01-27 2013-11-05 Honeywell International Inc. Energy-related information presentation system
WO2011097529A1 (en) * 2010-02-04 2011-08-11 Snap-On Incorporated Customer and vehicle dynamic grouping
US8370046B2 (en) * 2010-02-11 2013-02-05 General Electric Company System and method for monitoring a gas turbine
US8719065B2 (en) * 2010-04-23 2014-05-06 Raytheon Company System and method for maximizing the value of allocation of processes to resources within an operational system
US8600587B1 (en) * 2010-09-16 2013-12-03 Rockwell Collins, Inc. System and method for determining an object threat level
US9607155B2 (en) 2010-10-29 2017-03-28 Hewlett Packard Enterprise Development Lp Method and system for analyzing an environment
US20120203806A1 (en) * 2011-02-07 2012-08-09 Ivan Panushev Building information management system
US20120330959A1 (en) * 2011-06-27 2012-12-27 Raytheon Company Method and Apparatus for Assessing a Person's Security Risk
US8856936B2 (en) * 2011-10-14 2014-10-07 Albeado Inc. Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security
US20130096980A1 (en) * 2011-10-18 2013-04-18 Mcafee, Inc. User-defined countermeasures
WO2013086409A1 (en) * 2011-12-09 2013-06-13 Dun & Bradstreet Business Information Solutions, Ltd. Portfolio risk manager
US9426169B2 (en) * 2012-02-29 2016-08-23 Cytegic Ltd. System and method for cyber attacks analysis and decision support
US8791836B2 (en) 2012-03-07 2014-07-29 Lockheed Martin Corporation Reflexive response system for popup threat survival
IL219362A (en) 2012-04-23 2017-04-30 Verint Systems Ltd System and method for prediction of threatened points of interest
US8831793B2 (en) * 2012-05-03 2014-09-09 Lockheed Martin Corporation Evaluation tool for vehicle survivability planning
US9030347B2 (en) 2012-05-03 2015-05-12 Lockheed Martin Corporation Preemptive signature control for vehicle survivability planning
US9240001B2 (en) 2012-05-03 2016-01-19 Lockheed Martin Corporation Systems and methods for vehicle survivability planning
US9024757B1 (en) 2012-05-09 2015-05-05 Priority 5 Holdings, Inc. Event prediction using temporal and geospatial precursor networks
WO2013188337A2 (en) * 2012-06-12 2013-12-19 Risk Management Solutions, Inc. Predicting and managing impacts from catastrophic events
US20140007244A1 (en) * 2012-06-28 2014-01-02 Integrated Solutions Consulting, Inc. Systems and methods for generating risk assessments
US9652813B2 (en) * 2012-08-08 2017-05-16 The Johns Hopkins University Risk analysis engine
US8947437B2 (en) 2012-09-15 2015-02-03 Honeywell International Inc. Interactive navigation environment for building performance visualization
US9634977B2 (en) 2012-10-01 2017-04-25 Salesforce.Com, Inc. Systems and methods of redactive messaging
US20140137257A1 (en) * 2012-11-12 2014-05-15 Board Of Regents, The University Of Texas System System, Method and Apparatus for Assessing a Risk of One or More Assets Within an Operational Technology Infrastructure
US9171401B2 (en) 2013-03-14 2015-10-27 Dreamworks Animation Llc Conservative partitioning for rendering a computer-generated animation
US9405915B2 (en) * 2013-03-14 2016-08-02 Whitehat Security, Inc. Techniques for correlating vulnerabilities across an evolving codebase
US9218785B2 (en) 2013-03-15 2015-12-22 Dreamworks Animation Llc Lighting correction filters
US9508051B2 (en) * 2013-03-15 2016-11-29 Bmc Software, Inc. Business development configuration
US9589382B2 (en) 2013-03-15 2017-03-07 Dreamworks Animation Llc Render setup graph
US9208597B2 (en) 2013-03-15 2015-12-08 Dreamworks Animation Llc Generalized instancing for three-dimensional scene data
US9230294B2 (en) * 2013-03-15 2016-01-05 Dreamworks Animation Llc Preserving and reusing intermediate data
US9811936B2 (en) 2013-03-15 2017-11-07 Dreamworks Animation L.L.C. Level-based data sharing for digital content production
US9659398B2 (en) 2013-03-15 2017-05-23 Dreamworks Animation Llc Multiple visual representations of lighting effects in a computer animation scene
US9514562B2 (en) 2013-03-15 2016-12-06 Dreamworks Animation Llc Procedural partitioning of a scene
US9626787B2 (en) 2013-03-15 2017-04-18 Dreamworks Animation Llc For node in render setup graph
US10360524B2 (en) * 2013-05-22 2019-07-23 Ernest Forman System and a method for providing risk management
US10007792B1 (en) * 2013-11-27 2018-06-26 Amazon Technologies, Inc. Modeling a network security environment as a game
US20160356577A1 (en) * 2014-02-13 2016-12-08 Abb Technology Ag Systems and methods for assesing vulnerability of non-line of sight targerts
US10282786B1 (en) * 2014-05-29 2019-05-07 United Services Automobile Association Techniques to visualize and gamify risk management services
US11195233B1 (en) * 2014-06-12 2021-12-07 Allstate Insurance Company Virtual simulation for insurance
US11216887B1 (en) * 2014-06-12 2022-01-04 Allstate Insurance Company Virtual simulation for insurance
US10445496B2 (en) 2014-07-30 2019-10-15 Entit Software Llc Product risk profile
US9799208B2 (en) 2014-10-27 2017-10-24 Honeywell International Inc. Physical and logical threat analysis in access control systems using BIM
US9923954B2 (en) 2014-12-16 2018-03-20 International Business Machines Corporation Virtual fencing gradient to incrementally validate deployed applications directly in production cloud computing environment
US20160232467A1 (en) * 2015-02-10 2016-08-11 Wipro Limited System and method for optimizing the risk during software production release
US10230326B2 (en) 2015-03-24 2019-03-12 Carrier Corporation System and method for energy harvesting system planning and performance
US10459593B2 (en) 2015-03-24 2019-10-29 Carrier Corporation Systems and methods for providing a graphical user interface indicating intruder threat levels for a building
EP3274934A1 (en) 2015-03-24 2018-01-31 Carrier Corporation Floor plan coverage based auto pairing and parameter setting
WO2016154306A1 (en) 2015-03-24 2016-09-29 Carrier Corporation System and method for capturing and analyzing multidimensional building information
EP3274932A1 (en) 2015-03-24 2018-01-31 Carrier Corporation Integrated system for sales, installation, and maintenance of building systems
US10944837B2 (en) 2015-03-24 2021-03-09 Carrier Corporation Floor-plan based learning and registration of distributed devices
WO2016154320A1 (en) 2015-03-24 2016-09-29 Carrier Corporation System and method for determining rf sensor performance relative to a floor plan
CN113032863A (en) 2015-03-24 2021-06-25 开利公司 Floor plan based planning for building systems
US10148489B2 (en) 2015-09-01 2018-12-04 At&T Intellectual Property I, L.P. Service impact event analyzer for cloud SDN service assurance
US10822110B2 (en) 2015-09-08 2020-11-03 Lockheed Martin Corporation Threat countermeasure assistance system
US10361919B2 (en) 2015-11-09 2019-07-23 At&T Intellectual Property I, L.P. Self-healing and dynamic optimization of VM server cluster management in multi-cloud platform
EP3211591A1 (en) * 2016-02-23 2017-08-30 Tata Consultancy Services Limited Systems and methods for planning location-sensitive probabilistic behavior based evacuation paths
US10127027B2 (en) * 2016-10-31 2018-11-13 General Electric Company Scalable and secure analytic model integration and deployment platform
US20180293682A1 (en) * 2017-04-05 2018-10-11 Global Tel*Link Corporation System and method for providing suicide prevention and support
US20200110395A1 (en) * 2017-04-13 2020-04-09 Texas Tech University System System and Method for Automated Prediction and Detection of Component and System Failures
US11314872B2 (en) 2017-05-17 2022-04-26 Threatmodeler Software Inc. Systems and methods for automated threat modeling when deploying infrastructure as a code
US10255439B2 (en) * 2017-05-17 2019-04-09 Threatmodeler Software Inc. Threat modeling systems and related methods including compensating controls
US11568059B2 (en) 2017-05-17 2023-01-31 Threatmodeler Software Inc. Systems and methods for automated threat model generation from diagram files
US10747876B2 (en) 2017-05-17 2020-08-18 Threatmodeler Software Inc. Systems and methods for assisted model generation
US10984112B2 (en) 2017-05-17 2021-04-20 Threatmodeler Software Inc. Systems and methods for automated threat modeling of an existing computing environment
US10699008B2 (en) 2017-05-17 2020-06-30 Threatmodeler Software Inc. Threat model chaining and attack simulation systems and related methods
US11620386B2 (en) 2017-05-17 2023-04-04 Threatmodeler Software Inc. Threat modeling systems and related methods including mitigating components
US11159559B2 (en) 2017-05-17 2021-10-26 Threatmodeler Software Inc. Systems and methods for importing diagrams for automated threat modeling
US10713366B2 (en) 2017-05-17 2020-07-14 Threatmodeler Software Inc. Systems and methods for automated threat model generation from third party diagram files
US11783547B2 (en) * 2017-09-11 2023-10-10 Bae Systems Plc Apparatus and method for displaying an operational area
US11400927B2 (en) * 2018-01-29 2022-08-02 Ford Global Technologies, Llc Collision avoidance and mitigation
US10902954B2 (en) * 2018-06-25 2021-01-26 International Business Machines Corporation Mosquito population minimizer
US11328610B2 (en) * 2018-07-24 2022-05-10 Honeywell International Inc. Custom search queries for flight data
JP7206706B2 (en) * 2018-08-31 2023-01-18 積水ハウス株式会社 simulation system
CA3054216C (en) 2018-09-05 2023-08-01 Honeywell International Inc. Methods and systems for improving infection control in a facility
JP6669834B1 (en) * 2018-10-09 2020-03-18 株式会社 みずほ銀行 Risk control support system, risk control support method, and risk control support program
US10978199B2 (en) 2019-01-11 2021-04-13 Honeywell International Inc. Methods and systems for improving infection control in a building
CN110298077B (en) * 2019-05-27 2023-04-14 中国汽车技术研究中心有限公司 TARA analysis method and digital modeling system for automobile information security
US11086991B2 (en) 2019-08-07 2021-08-10 Advanced New Technologies Co., Ltd. Method and system for active risk control based on intelligent interaction
US11435884B1 (en) * 2019-09-10 2022-09-06 MagMutual Intermediate Holding Company Impactor, impactor mitigator, and entity structure graphical object visualization system and corresponding methods
USD916838S1 (en) * 2019-09-10 2021-04-20 MagMutual Intermediate Holding Company Display screen or portion thereof with transitional graphical user interface
USD926212S1 (en) * 2019-09-10 2021-07-27 MagMutual Intermediate Holding Company Display screen or portion thereof with transitional graphical user interface
US11164260B1 (en) * 2019-09-10 2021-11-02 MagMutual Intermediate Holding Company Systems and methods for simulating and visualizing loss data
USD917539S1 (en) 2019-09-10 2021-04-27 MagMutual Intermediate Holding Company Display screen or portion thereof with transitional graphical user interface
USD916837S1 (en) * 2019-09-10 2021-04-20 MagMutual Intermediate Holding Company Display screen or portion thereof with transitional graphical user interface
USD926211S1 (en) * 2019-09-10 2021-07-27 MagMutual Intermediate Holding Company Display screen or portion thereof with transitional graphical user interface
US11620594B2 (en) 2020-06-12 2023-04-04 Honeywell International Inc. Space utilization patterns for building optimization
US11783652B2 (en) 2020-06-15 2023-10-10 Honeywell International Inc. Occupant health monitoring for buildings
US11783658B2 (en) 2020-06-15 2023-10-10 Honeywell International Inc. Methods and systems for maintaining a healthy building
US11914336B2 (en) 2020-06-15 2024-02-27 Honeywell International Inc. Platform agnostic systems and methods for building management systems
US11823295B2 (en) 2020-06-19 2023-11-21 Honeywell International, Inc. Systems and methods for reducing risk of pathogen exposure within a space
US11184739B1 (en) 2020-06-19 2021-11-23 Honeywel International Inc. Using smart occupancy detection and control in buildings to reduce disease transmission
US11619414B2 (en) 2020-07-07 2023-04-04 Honeywell International Inc. System to profile, measure, enable and monitor building air quality
US11402113B2 (en) 2020-08-04 2022-08-02 Honeywell International Inc. Methods and systems for evaluating energy conservation and guest satisfaction in hotels
JP2022036839A (en) * 2020-08-24 2022-03-08 セイコーエプソン株式会社 Image processing apparatus, image processing method, and image processing program
US20220092534A1 (en) * 2020-09-18 2022-03-24 International Business Machines Corporation Event-based risk assessment
US11894145B2 (en) 2020-09-30 2024-02-06 Honeywell International Inc. Dashboard for tracking healthy building performance
EP3985602A1 (en) 2020-10-14 2022-04-20 Yoosec Lda A real-time prevention and emergency management system and respective method of operation
CA3195983A1 (en) * 2020-10-19 2022-04-28 William Patrick Marshall Optimization and prioritization of account directed distributions in an asset management system
US20220138347A1 (en) * 2020-10-29 2022-05-05 International Business Machines Corporation Risk evaluation of transmission of pathogens in a space
US20220134222A1 (en) * 2020-11-03 2022-05-05 Nvidia Corporation Delta propagation in cloud-centric platforms for collaboration and connectivity
EP4256502A1 (en) * 2020-12-02 2023-10-11 Swiss Reinsurance Company Ltd. Electronic system for forward-looking measurements of frequencies and/or probabilities of accident occurrences based on localized automotive device measurements, and corresponding method thereof
US20240055134A1 (en) * 2020-12-18 2024-02-15 Qfirst Systems, Inc. Systems and methods for providing real-time access, queue and risk management (aqrm)
US11662115B2 (en) 2021-02-26 2023-05-30 Honeywell International Inc. Hierarchy model builder for building a hierarchical model of control assets
US11372383B1 (en) 2021-02-26 2022-06-28 Honeywell International Inc. Healthy building dashboard facilitated by hierarchical model of building control assets
US11617093B1 (en) 2021-03-05 2023-03-28 T-Mobile Usa, Inc. Prioritizing an issue reported by a user of a wireless telecommunication network
US11373068B1 (en) * 2021-03-12 2022-06-28 The Government of the United States of America, as represented bv the Secretary of Homeland Security Digital unpacking of CT imagery
US11474489B1 (en) 2021-03-29 2022-10-18 Honeywell International Inc. Methods and systems for improving building performance
US11941558B2 (en) * 2021-04-08 2024-03-26 Raytheon Company Intelligence preparation of the battlefield (IPB) collaborative time machine with real-time options
WO2023034369A1 (en) * 2021-08-31 2023-03-09 Holmes Thaddeus J Strategy focusing system and method

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5153366A (en) * 1988-12-23 1992-10-06 Hughes Aircraft Company Method for allocating and assigning defensive weapons against attacking weapons
US5020411A (en) * 1989-03-06 1991-06-04 Larry Rowan Mobile assault logistic kinetmatic engagement device
US5440498A (en) * 1993-05-06 1995-08-08 Timm; Ronald E. Method for evaluating security of protected facilities
US5850352A (en) 1995-03-31 1998-12-15 The Regents Of The University Of California Immersive video, including video hypermosaicing to generate from multiple video views of a scene a three-dimensional video mosaic from which diverse virtual video scene images are synthesized, including panoramic, scene interactive and stereoscopic images
US5856803A (en) * 1996-07-24 1999-01-05 Pevler; A. Edwin Method and apparatus for detecting radio-frequency weapon use
US5992288A (en) * 1997-11-03 1999-11-30 Raytheon Company Knowledge based automatic threat evaluation and weapon assignment
US6807537B1 (en) 1997-12-04 2004-10-19 Microsoft Corporation Mixtures of Bayesian networks
US6254394B1 (en) * 1997-12-10 2001-07-03 Cubic Defense Systems, Inc. Area weapons effect simulation system and method
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US6442694B1 (en) * 1998-02-27 2002-08-27 Massachusetts Institute Of Technology Fault isolation for communication networks for isolating the source of faults comprising attacks, failures, and other network propagating errors
US6408404B1 (en) * 1998-07-29 2002-06-18 Northrop Grumman Corporation System and method for ensuring and managing situation awareness
US7454295B2 (en) * 1998-12-17 2008-11-18 The Watereye Corporation Anti-terrorism water quality monitoring system
US6823068B1 (en) * 1999-02-01 2004-11-23 Gideon Samid Denial cryptography based on graph theory
US6981146B1 (en) * 1999-05-17 2005-12-27 Invicta Networks, Inc. Method of communications and communication network intrusion protection methods and intrusion attempt detection system
US7430670B1 (en) * 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
EP1242934A4 (en) * 1999-08-06 2004-03-31 Ace Ina Holdings Inc Systems for, and method of, insuring risks in a restructured energy industry
US7231327B1 (en) 1999-12-03 2007-06-12 Digital Sandbox Method and apparatus for risk management
US6496110B2 (en) * 1999-12-06 2002-12-17 Science Applications International Corporation Rapid fire emergency response for minimizing human casualties within a facility
US6507353B1 (en) 1999-12-10 2003-01-14 Godot Huard Influencing virtual actors in an interactive environment
US20040249679A1 (en) * 2003-06-03 2004-12-09 Risk Assessment Solutions, Llc Systems and methods for qualifying expected loss due to contingent destructive human activities

Also Published As

Publication number Publication date
US9292874B2 (en) 2016-03-22
US7130779B2 (en) 2006-10-31
US20010027388A1 (en) 2001-10-04
US7231327B1 (en) 2007-06-12
US20010027389A1 (en) 2001-10-04
WO2001040984A1 (en) 2001-06-07
US7308388B2 (en) 2007-12-11
AU1941401A (en) 2001-06-12
US20080052054A1 (en) 2008-02-28

Similar Documents

Publication Publication Date Title
US7130779B2 (en) Method and apparatus for risk management
Davis et al. Motivated metamodels: Synthesis of cause-effect reasoning and statistical metamodeling
Davis et al. Families of models that cross levels of resolution: Issues for design, calibration and management
Iakovou et al. An information management system for the emergency management of hurricane disasters
Bigelow et al. Implications for model validation of multiresolution, multiperspective modeling (mrmpm) and exploratory analysis
Pohl et al. IMMACCS: A Multi-Agent Decision-Support System
Oryschak Specifying Space Defense Operator Interfaces through the Application of Cognitive Systems Engineering and Prototyping
Egan et al. Course of action scoring and analysis
Slavin Incentivizing Collaboration on Space Sustainability: Detectability, Identifiability, and Trackability of Space Missions
Kim A Multimodal Approach to Improve Fire Safety on Construction Sites
Singh Ride Technology Wave for Career Success: Continuous Learning Newer Technologies, Innovating and Integrating are Keys to Success
González ESIA Expert System for Systems Audit Risk-Based
James et al. Effects Based Operations (EBO) EndState
Hanson AD-A255 221
Mad Sahar Risk management for safety operation utilizing virtual reality simulation supported by intelligent HAZOP analysis
Fairs Trends in C3 System Technology
Housman et al. Knowledge Based Multi-Level Secure Network Technology
Bui Development of software architecture to investigate bridge security
Linebarger et al. The design for tractable analysis (DTA) framework: A methodology for the analysis and simulation of complex systems
Amber A methodology for applying a heuristic-based quality function analysis to a constrained data situation
Robidoux et al. Integrated Design and Manufacturing for the Navy FBM Program
Milks Realization of multiresolution modeling through domain engineering
Kallepalli Supply chain risk analysis
Kalyvas et al. Systems Analysis for Large Army Formations
Sobolewski et al. Towards a C3I Strategic Plan: Phase 1-Preliminary Considerations

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
AK Designated states

Kind code of ref document: C2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CR CU CZ DE DK DM DZ EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: C2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

COP Corrected version of pamphlet

Free format text: PAGES 1/53-53/53, DRAWINGS, REPLACED BY NEW PAGES 1/53-53/53; DUE TO LATE TRANSMITTAL BY THE RECEIVING OFFICE

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP