Library

Volume 12, Number 1, March 2009

Dynamic Content In Support Of The User-Defined Operational Picture

  1. 1 Alex Cameron, EDS Defence Services, Adelaide, South Australia, Australia.
  2. 2 Michael Donovan, EDS Defense Services, Herndon, VA, USA.
  3. 3 John Craig, EDS Defence, Ottawa, Canada.
  4. 4 Grant Osborne, Defence and Systems Institute, University of South Australia.

Abstract

Increasing operational tempo places a burden on ISR systems to yield timely content. Unfortunately for the military commander, the technology that can assist this endeavour is also creating a level playing field, where asymmetric operations are the norm. The response to this disruption must be rapid and highly exploitive of any new capability, content or data that is opportunistically acquired. In a Network Centric Warfare (NCW) environment, this is a very real scenario. It will be increasingly difficult for military organisations to manage information and content in environments that are becoming complex and highly interactive as they seek to exploit the information edge. This paper explores the concept of a User Defined Operation Picture (UDOP) and how with the capability to govern the acquisition and fusion of dynamically available information and content will greatly enhance the war fighter’s ability to win the war. The paper explores the proposition that within asymmetric environments an identity framework supported by a policy based security context is a method to rapidly enable connection and publishing data sources for consumption by soldiers and mission commanders. Novel techniques will be required that provide a just in time analysis, exploitation and visualisation of data as it enters the battle space picture. Coupled with a concept of a UDOP, commanders will have the ability to draw actionable conclusions from the flood of events and information available. They will also have the ability to allow resource owners at multiple levels of an organization to establish, manage (and override) policy for access to the flow of information along with the ability, using Identity Management systems, to provision infrastructure components when and where needed to support the mission planning and operations. In essence, we will increasingly need to work within rapidly altering structure of capability and vocabulary and not be constrained to the representation of static and ‘familiar’ information and content.

A net centric context

Network Enabled Capability (NEC) as it is known in the UK and Canada; Network Centric Warfare (NCW) as it is known in the US and Australia relies on the ability to collect, fuse and analyse data in near real-time within increasingly interconnected, interdependent and networked military systems. While the difference in terminology between the UK and Australia identifies differences in emphasis between centralisation and enablement, the desired objectives are identical. However the language of NCW is important because it shapes the way military leaders and planners think about what is possible [1]. NEC and NCW will be used interchangeably throughout this paper.

The intent of NEC is to enable rapid decision making and the rapid instantiation of the most appropriate military force to achieve the desired effect, and to achieve a continuing order of magnitude increase in leverage of existing and future assets. In addition to the provision of a digital secure communications network, it is also important to ensure that the net centric components, with the appropriate level of granularity, are available to gather and process information. This ensures our forces have the appropriate reach and ‘deployability’ to achieve rapid effect. The ability to respond quickly and to act decisively is a force multiplier. Figure 1 illustrates the integration lenses required to achieve information management and network-enabled operations and services.

Integration “lenses” and intersection point for information management and network-enabled operations and services.
Figure 1. Integration “lenses” and intersection point for information management and network-enabled operations and services.

The authors believe that the realisation of this objective is beyond doubt and inevitable, but it will evolve over time. Most importantly, it must be understood that the ultimate capability cannot be achieved “by design” but through the continual selection of incremental capability improvements in the doing. Our capital acquisition process will also adapt to this suit this new environment.

Fundamentally, for this to happen, we know that from an architectural perspective we will need a network of loosely coupled elements that can be assembled into an infinite number of possible ways. This ‘systems of systems’ approach is the foundation of NEC and NCW. Both the US DoD and Australian ADF are actively pursuing Service Oriented Architecture as a means to achieve interoperability between systems, requiring all IT programs to perform an assessment against the Net Centric Operations Warfare Reference Model (NCOW-RM). The US DoD, Defense Information Services Agency (DISA) has been tasked to deliver a set of common shared services, including SOA Foundation services, to ensure a common integration point between systems. These Network Centric Enterprise Services (NCES) are mostly under contract and are being delivered at the present time. The focus of DoD is, as previously stated, on interoperability and the ability of the systems to support the mission requirements. The systems must be shown to meet a number of NCOW Key Performance Parameters (KPP’s) and demonstrate interoperability, which takes precedence over any specific technology. The DoD is well down the path and strongly committed to delivering future IT capability to the business and war fighter missions using a service oriented approach.

An SOA framework for dynamic information fusion

  • There is no question that there is a convergence between doctrine, technology and the rate of asymmetric warfare. The unexpected requires rapid adjustments to any planned situation. Static doctrine will lead to rigid and predictable decision making that will always have detrimental outcomes. Probably best stated by Sun Tzu, If you know your enemy and know yourself; in a hundred battles, you will never be defeated….Well, the converse is equally true, so there must be an ability to constantly review rigid doctrine and to capitalize on any asymmetric advantage [2].

The concept of asymmetric operations derives from the exploitation of weaknesses in either doctrine or strategy. The same applies to the information systems that supply the critical data and information required in the face of these threats. Defence has now embraced the concept of a Service Oriented Architecture (SOA) approach as being the foundation of an architecture that can achieve the agility required. The concept of Network Centric Warfare can thus be realised.

Just as much as in the case of inflexible and rigid doctrine, a prescriptive approach to SOA can achieve the same undesired outcomes where the architecture built to a style will not satisfy the needs of an agile force but will become un-trusted and rigid. The network and architecture must be able to support this highly dynamic environment where trust is paramount and the ability to be integrated is pervasive. The architecture must be able to integrate information and content from unexpected sources and to support the visualisation of that information and content where human decision making is required.

At an element level, the NCW embraces the concept of a composibility of force elements with the concept of a force engagement package. Candidate engagement packages could be formed based on platforms, sensors and threats with integration being based on the available composite components that match a particular threat scenario and simulation model (Figure 2). This concept can be extended to composition of the Operational Picture which can fuse data from numerous sources, including weapons systems, organic and non-organic sensors and intelligence sources to generate an operational picture. The establishment of an operation picture built with “common” sources of data is powerful, provided the sources of data are discoverable in real-time. The components of a User Defined Operation Picture (UDOP) need not comprise pre packaged services or information feeds. Indeed an asymmetric threat will invariably be not anticipated and cannot be planned for. An architecture that can support dynamic discovery of data, and services will require a fundamental shift in our approach to security, policy, data classification, veracity and above all trust. Much of what is done in the field of Information Assurance today is restrictive and focuses on containment, within a rigid security framework. What is needed is a policy based security context that will allow the unfettered orchestration and flow of operational data.

FORCEnet Engagement Package is defined by its constituent participants. [9]
Figure 2. FORCEnet Engagement Package is defined by its constituent participants. [9]
  • The greatest impediment to realising this potential will be a lack of formalisation of how to interpret data, from initial perception, classification, synthesis, hypothesis, prediction and test. The emphasis and approach to the machine to machine interaction embedded within a system of systems approach will realise the potential of SOA. Present mathematical combat models and simulations are constrained in their usefulness in adapting or analysing operations, simply because the tools and the information structure lack semantic veracity and precision. Such systems that can be defined as semantically aware will not need to be “programmed” to adapt to all possible situations, but will use the data that is exploited or mined to know what it is doing, and perhaps to make decisions or inference outcomes. Take, for example, a hypothetical scenario shown in Figure 3.
A composite service interacting with discoverable services through commitment to high level ontonolgies can deduce security or trust threats.
Figure 3. A composite service interacting with discoverable services through commitment to high level ontonolgies can deduce security or trust threats.
  • A composite service has been formed and has no knowledge of the discoverable service but through commitment to a few representative ontologies they could be completely interlinked and information deduced without anyone in the scenario having the whole picture [8]. What can be deduced from this scenario is that a security assertion, from a discoverable Target Acquisition Service, has been assessed by the Assertion Threat Service. This assessment that matches assertions to threats based on a set of criteria, such as accumulated privilege or security posture, can infer that incorporating the new service into the current composite force will pose a security threat. As the complexity of the network increases through non-deterministic composition, such a deduction would not be possible unless concepts such as this are employed.
  • Designing systems to behave this way will take a quantum change in the way we approach content, and its categorisations. There will be a need for a new level of trust built on semantic awareness through the establishment of dynamic rules engines incorporating ontologies, established metadata, and canonical schemas. In the commercial sector initiatives around Resource Description Framework (RDF), Web Ontology Language (OWL), the Web Service Description Language and the Web Ontology Language for Services (OWL-S) are all laying the foundations for the next generation of the military information architecture. Systems designed to be semantically aware will be more robust, able to adapt to a dynamic and ambiguous environment supporting the military commander thus helping to lift the fog of war.

Establishing a policy based security context

  • In a dynamic data fusion environment (where data sources can be discovered, combined, and republished for consumption) it is necessary to establish a security context for controlling access to the information and other key resources. Owners of data sources will have established policies for who is authorised to access the data they provide, and the security context must maintain the integrity of these policies within the net centric operations environment. A key capability of this security context is the effective management of a federated Identity and Access Management (IAM) framework. The IAM framework is based upon core principles and focused on the need to identify and manage access to protected resources using a multi-layered policy model that allows maximum flexibility for the resource owner to manage access within the constraints of Community of Interest (COI) and enterprise policy.
  • The principles and overall framework for the architecture envisioned is depicted in Figure 4. The foundation is the need to establish policy for protection of resources and to manage requests for access to the resources based upon the level of trust between the resource owner and the assertions made about the requestor. This is monitored, managed, operated and accredited under an overall governance model. The framework is defined as a set of loosely coupled service components, implemented using best of class products, organized into the functional blocks depicted in figure 4. The major component blocks are described below.
  • Identity Management services assume that the majority of principals will have credentials issued by the security principal’s sponsoring organization or another appropriate sponsoring organization. The focus is on supporting definition of roles, groups, Communities of Interest, and provisioning and management of user accounts and metadata, made available through Policy Information Points (PIP). The concept of an identity is separate from a network or system access account in that the identity credential uniquely identifies a security principal and an account ties the identity to a role or set of permissions in a system. An identity is associated with a set of attributes that describe a set of claims that can be made about the security principal such as nationality, security clearance, location and role. The set of attributes are made available to support an access decision through a Policy Information Point (PIP).
  • An IAM framework is only useful if it has the ability to rapidly allow adoption to protect existing resources as well as provide the tools and guidance necessary to support future development. The Resource Policy Management services are focused on providing a common Policy Administration Point (PAP), allowing designated resource managers the ability to define the policy for access to the resources they control. Delegation of policy definition to the resource managers ensures the organizational agility, currency and operational control to support the mission. Policy is defined at multiple levels. The enterprise may define mandatory controls that cannot be superseded by local authorities. There may also be enterprise discretionary controls that can be overridden to meet local needs. Multiple levels of policy are normally defined to ensure that basic rules can be enforced across the scope of the policy. Local commanders may be granted authority to override policy to achieve mission objectives, but this action is still monitored and controlled. In addition to locally defined policy, use of recognized standards like eXtensible Access Control Markup Language (XACML) offer the potential for external policy statements to be exchanged between parties.
  • Access Control services provide for establishment of Trust to external identity sources, authentication of credentials, collection and processing of attributes necessary to resolve policy, and authorization services including policy decisions, policy enforcement and interfaces to auditing, operations and management reporting. A comprehensive and flexible set of tools allows rapid incorporation of existing legacy resources as well as support for delegation of policy decisions by an application to an external Policy Decision Point (PDP). PDP’s make policy decisions based upon consumer identity, resource and environmental attributes. The policy decision is then passed to the Policy Enforcement Point (PEP) aligned with any obligations or conditions that require further action before granting or recording access to a resource.
  • Attribute Based Access Control (ABAC) simplifies the process of writing policies for access to resources. It is more natural to describe access rules in terms of a set of facts about those who should be able to access a resource rather than a complex mapping of every individual or group that needs authorization, Using ABAC it is possible to write a policy in the form, “If a user is of nationality AUS and active duty military and has a clearance of at least secret then grant permission”. It is possible using a few dozen attributes to provide a comprehensive set of facts against which policy can be written. Attributes can be asserted about identities, resources, the environment (threat level, network path, device, etc) from the authoritative source, ensuring decisions are made using the most current information. Compared with a role based (RBAC) matrix of groups to resources (imagine 100K roles mapped to thousands of resources) the maintenance and accuracy of an ABAC approach to policy is considerably simpler to manage.
  • A robust, flexible and well-managed, policy-driven IAM framework can provide the agility necessary to make the right information available to personnel involved in planning, executing and monitoring of Net-Centric missions. It can support the need to integrate new sources of information in a rapid way while ensuring the protection of the information and assured enforcement of access controls and policy based upon defined trust relationships.
Components of trust.
Figure 4. Components of trust.

Collaboration and rules based analysis of events supporting decision support

In today’s battlespace, a greater quantity and quality of information is available for analysis and consumption to assist in mission decisions and actions. This includes information sources such as active sensors, imagery, intelligence information, known threats, historical data, data patterns, capability status, allied and coalition forces. The information, although valuable, is not being consumed in an effective and efficient manner, which leads to sub-optimal decisions and actions on the part of the individuals who rely on that information. Defining an effective policy framework that will allow for the automated consumption and analysis of information based on a predetermined set of rules and historical patterns will enable efficient processing and interpretation of the mountain of information to bring forward the critical information for decision makers [1]. Pre-processing the information will pinpoint and highlight the crucial information. The collaboration and interpretation of the current information with the historical information will increase the depth of knowledge around the events under analysis. Further processing of the events, with situational and impact assessments, will allow for focusing on the relevant information for the particular event under assessment. The end results are presented to the decision makers, allowing them to review the critical information compiled from trusted sources and make well informed timely decisions for action plans based on the current situation.

  • To provide this capability to the battlespace, the technological solution would be built upon the current NEC capabilities, a set of commercially available products and standard infrastructure components. The network will be used to gather the various sources of information and start the pre-processing of the data sources. A deployable compute environment will be built upon standard infrastructure components to consume the information, conduct the rules based analysis within the policy framework, and quickly process events with both the real-time and historical information. The end result gives the decision makers a near real-time view of the current situation and highlights the most relevant information for action. The ability to gather real-time events, add historical patterns and information, quickly process event streams and perform complex event analysis will greatly improve the velocity and effectiveness of the decisions made in the battlespace.

Data visualisation to support net centric decision making

  • Visualisation techniques enable the visual communication of data, relationships, processes and concepts to users [6]. These visualisation techniques facilitate the display of information to participants in a graphical manner to those exploring the data, providing insights to participants in a form that is easy to understand [3]. Abstract data sets can be displayed, allowing participants to gain insights by highlighting patterns or anomalies that exist within the data, enabling rapid assessment of a situation and providing a model on which to authorise appropriate actions. People are often considered to be visual in nature and as such interpret and comprehend data much more easily when it is presented using pictures, videos and charts than when the same data is described through text [7]. By utilising visualisation techniques a ‘sea of text’ can be transformed into a form that enables all of the information to be perceived ‘at a glance’ [3].
  • In order to achieve high levels of insight and true understanding of a data set, visualisation systems must be able to provide a ‘close approximation’ of real time interaction with the data, the results of which must appear quick enough to escape the notice of the end user [5] Additionally, by enabling the creation of custom links and relationships within the data, participants can meticulously craft a representation of the data that makes the most sense to them. As such, visualisations should not only be utilised to show the final results of analysis of data, but rather, should be leveraged during the data exploration process itself [4].
  • The nature of net centric decision-making presents a challenge to current visualisation system techniques. There are many, often disparate sources of data from which participants draw crucial information in order to make decisions and to achieve situational awareness. As such, in order to visually represent information from many sources, the raw data needs to be processed and stored in a normalised way. This shall enable data exploitation, statistical analysis, data fusion and inference techniques to process all of the data at once, as if it were a single data source. One can then make logical links between data sources, which under normal circumstances might not of been comparable. As such, new tools and techniques are required to take the multiple data sources and store them in a way that enables them to be comparable.
  • To this end, the term ‘Data Exploitation’ is proposed, encompassing processes involved in utilising multiple sources of data in order to gain the greatest possible advantage, in the context of intelligence, evidence and insights gained. In contrast to data mining and statistical analysis techniques, data exploitation provides opportunistic outcomes, striving to take advantage of the entire range of data from multiple data sources. In addition to looking at only file types and metadata (such as modified time or author name), the range of data examined through data exploitation processes includes forming relationships and logical inferences between multiple data sources and the data nodes within, in order to achieve a higher overall level of understanding of the data set. The primary outcomes of data exploitation are to provide evidence or intelligence based on a set of normalised data inputs. Furthermore, data exploitation techniques should enable experts to add domain knowledge into the data set, enabling users to frame the data with a context that they wish to examine. This context then also facilitates the filtering of data so that only important events and data elements are processed.
  • Research by University of South Australia is currently focused on tools and techniques aimed at addressing the problems surrounding the visualisation of large volumes of data spanning multiple data sources, data normalisation techniques and data exploitation techniques. The research being undertaken aims to provide enhanced digital devices for forensic investigation, data exploitation and visual data exploration. By enabling users to become part of the explorative or ‘hypothesis development’ phase of data analysis, the models and visual representations of data sets emerging form the data visualisation tools are well understood by the user. This level of understanding instils an element of trust in the model, which in turn enables the users to be more confident in actioning the results of their analysis. The following diagram (Figure 5) outlines the core concepts involved in the research. The process illustrated involves taking multiple data sources, normalising the data, extracting important events and making logical inferences across this dataset. From this initial processed data set a highly interactive data visualisation shall be utilised to facilitate user-crafted views of the data, enabling the addition of domain knowledge and context to the model. This information is then placed back into the data exploitation component to highlight events or relationships across data sets that are relevant to the context and domain knowledge that has been added. The last two phases are iterative, bouncing back and forth until a highly detailed, well-understood visual representation of the data has been created, with intent to support investigator’s hypothesises about a given activity or crime.
Overview of the systems being developed at the University of South Australia. Data exploitation and visualisation of multiple sources of data.
Figure 5. Overview of the systems being developed at the University of South Australia. Data exploitation and visualisation of multiple sources of data.

Summary

The authors have drawn together a view of how data may move and be interpreted within highly agile and asymmetric environment such as the battlespace, where trust and visualisation play pivotal roles in how information and content is interpreted. Many of today’s solutions rely on static data with very little ability to provide a different view of data from an analyst’s perspective.

This paper has examined the concept of a User-Defined Operation Picture (UDOP) that can be made possible with dynamic fusion of services, exploited data, derived or inferred information and content even in highly asymmetric environments. The need for a policy based security context as a method to rapidly enable connection and publishing of many data sources for consumption by soldiers and mission commanders was also discussed as was the need for future architectural components that aware semantically aware. All these improvements will further enhance decision making. New and innovative visualisation techniques will also play a key role as exploited content enters the battle space.

References

[1] D. Adams, The Predictive Battlespace, Tibco Strategic Thought Paper, June 2007.

[2] J. Ancker and M.D. Burke, “Doctrine for Asymmetric Warfare”, Military Review, July-August 2003.

[3] J.B. Colombe and G. Stephens, “Statistical Profiling and Visualization for Detection of Malicious Insider Attacks on Computer Networks”, Vizsec/DMSEC ’04: Proceedings Of The 2004 ACM Workshop On Visualization And Data Mining For Computer Security, pp. 138–142, 2004.

[4] G. Francia, M. Trifas, D. Brown, R. Francia, and C. Scott, “Visualization and Management of Digital Forensics Data”, InfoSecCD ’06: Proceedings Of The 3rd Annual Conference On Information Security Curriculum Development, pp. 96–101, 2006.

[5] I. Herman, G. Melancon, and M.S. Marshall, “Graph Visualization and Navigation in Information Visualization: A Survey”, IEEE Transactions on Visualization and Computer Graphics, Vol. 6 (1), pp. 24–43, 2000.

[6] T.M. Rhyne, M. Tory, T. Munzner, M. Ward, C. Johnson, and D.H. Laidlaw, “Information And Scientific Visualization: Separate But Equal Or Happy Together At Last”, Proceedings of the 14th IEEE Visualization 2003 (VIS’03), p. 115, 2003.

[7] S. Teelink and R.F. Erbacher, “Improving The Computer Forensic Analysis Process Through Visualization”, Communications of the ACM, 49 (2), 71–75, 2006.

[8] D. McComb, Semantics in Business Systems, Morgan Kaufmann Publishers, 2004.

[9] Committee on C4ISR for Future Naval Strike Groups, C4ISR for Future Naval Strike Groups, National Research Council, 2006.

Authors

Alexander Cameron is a Fellow and Enterprise Architect with EDS, with many years experience within Defence and the commercial sector. Alex was until recently the EDS Global Architecture capability leader, and is now the Chief Technology Executive within the newly formed EDS Defence Systems group with Australia. Alex has an interest in systems of systems architectures and SOA, and IdAM integration, and ensuring systems are designed to be eco friendly and efficient. He holds a patent (pending) in the area of dynamic processing.

Michael Donovan is an Enterprise Architect with EDS. with over 25 years of experience ranging from architecture of large applications and enterprise infrastructures in the commercial and government arenas. Most recently, Michael has developed and managed enterprise architectures for defense organizations in the Role of Chief Architect and CTO for the US Navy and Marine Corps Intranet (NMCI) and as Chief Architect for the Atlas Consortium providing the Defence Information Infrastructure to the UK Ministry of Defence. Michael holds five US patents in areas ranging from measurement of computer usage to web based customer satisfaction and performance measurement.

John Craig is an Enterprise Architect with EDS with 28 years of experience in the IT industry, architecting and designing solutions for clients in both government and commercial arenas. John has developed and architected strategic solutions for major governmental organizations including defence to align business visions and objectives with enterprise strategies and solutions. Most recently John has developed a number of strategic solutions to assist Canada’s Department of National Defence in envisioning solutions to critical challenges.

Grant Osborne is a Postgraduate Student at the University of South Australia with several years experience in the IT Industry, helping to implement new software development environments and testing systems for a major government defence contractor before returning to UniSA to undertake a PhD for the Defence and Systems Institute.