ATC is an excellent working example of complex event processing.   Radar and GPS provide the basic sensory information to accurately track and trace the position of each aircraft in the area of responsibility (AOR) of a particular control tower/zone.     Naturally,  sensory information is preprocessed and formatted in such a way that the data can be processed upstream by multiple real-time applications.

Before we look at complex ATC scenarios, such as “potential collision” or “aircraft off approach vector” we must trace and trace individual objects, aircraft-objects, accurately with very high confidence.    In addition to tracking aircraft-objects, there is a database of information about the aircraft (ideally), such as make, model, age, range, passengers and other properties about the aircraft-object.      In addition, there is a state-model for each aircraft, for example the aircraft might be “on the ground”, “approaching the runway”, “cleared for takeoff”, “cruising altitude”, “approaching runway”, “final decent” etc.  

Tracking and tracing individual aircraft is what is generally referred to as “object refinement” in our CEP/EP reference architecture.   The reason we call this function “object refinement” is that system engineers are focused on optimizing the situational knowledge about individual objects.     Sometimes we refer to this function as “track and trace” because that is what we are doing to  each object in the model.  In Marc Adler’s recent shoplifting scenario, Marc was interested in tracking and tracing people in a store using imaging processing techniques to estimate their behavioral patterns.  In the same way, before we can process for scenarios such as “potential shoplifter” or “suspicious criminal gang activity” we must be able to accurately process (track and trace) individual object, such as people or merchandise.

Back to aircraft and ATC, the “complex event processing” begins when we are looking about object-object relationships, in this model, aircraft-to-aircraft, but this is an overly simplistic model, as we have not yet added (to our model) ground features (towers, buildings, power lines), weather (storm cells, wind) and other flying objects (known migratory bird paths, swarms of insects) to our simple model.  

Complex event processing occurs when we are processing multiple objects in our model looking for threats in real-time.     Practically speaking, all ATC applications are CEP applications.  This means that vendors and integrators who build ATC applications are also CEP vendors.   

Editorial Note: CEP/EP has been around for a long time and was not recently invented in the past decade as some “inventors” would like for us to believe. 

As you can imagine, there is considerable “complex event processing” that goes on “behind the scenes” to provide air traffic controllers and pilots situational knowledge into the “friendly skies”.   As you might further imagine, the situation is more complex when the skies are “not so friendly”, for example, in air combat situations.   

Processing myriad objects is not the end of the processing “chain”.  For example, decisions are being made constantly about potential damage, alternative airports, and more.    In our reference model, we refer to this, generally speaking, as “impact assessment” because we must take an estimated detected complex event, for example “aircraft collision,” and estimate potential damage based on numerous factors such as, the amount of jet fuel in the aircrafts and the location of the aircrafts (over a large city or rural area, near a hospital and emergency services).   Regardless of the scenario, an impact assessment is normally required before optimal decisions can be made.

This is true, by the way, for our shoplifting example (the impact is different if a piece of gum is stolen versus a $1,000,000 diamond necklace or weapons-grade nuclear material) and other scenarios and models.  Static data (information about objects) is required for accurate decision processing.  

Impact assessment is not the end of the “knowledge chain”.    Decisions are constantly being made that effect resources.  For example, suggestion an alternative route for an aircraft is a resource management decision.    Turning on and off radar or switching to alternative tracking devices is a resource management function.  In our CEP/EP reference model (based on the JDL data fusion model), we call this “resource management”.   This function includes contacting emergency services and directing them to a potential crash location or sending out a message to instruct all aircraft to stay off a certain radio frequency.  Resource management is critical.

Our simple ATC model today is by no means complete, it just scratches the surface.  In fact, I have a very close friend, Mark Secrist, who is a former Marine fighter pilot and currently a senior captain for American Airlines.   I have asked Mark to read this post and help me further refine this crude “laymans” ATC model (Thanks Mark!).

It all started with the loss of a memory stick by a UK Government contractor which contained somewhere around 120,000 records, including the details of 10,000 of our nation's most serious criminals. We then heard about a compromise at global hotel chain Best Western...]]> Wed, 27 Aug 2008 20:00:00 +0000 global hotel chain olympic sport summer vacation pole position data government contractor medals table memory stick nation If there were gold medals for Data Leakage... http://securityratty.com/article/425c10b73ebf6262c2b07d2a4b9edeaa http://securityratty.com/article/425c10b73ebf6262c2b07d2a4b9edeaa I am very excited to announce that I am co-teaching a public software security class with Ken van Wyk, in Minneapolis, the class runs September 30 - October 2. Ken co-wrote a great book called Secure Coding, and has trained folks in software security all across the globe. I am really looking forward to doing this class with Ken, I wanted to make sure we got Ken up here before the weather got too cold! The summary is below, if you would like more info please let me know. More details to follow.

Complicating factors is the impact (or lack thereof) of incidents on stock price.  Many researchers who identify themselves with the New School of Information Security (yours truly included) want to immediately look at stock price as a bell-weather metric for incident impact.  I think this stems from our days of slinging FUD, back when we could scream “Buy a firewall or we’ll have an incident and you’ll be on the front page of the paper and the stock price will go down!”  But these days notable incidents seem to suggest that the impact on stock price for an incident is short lived.  With qualifications, of course.

So what would/should we make of this from Money.co.uk?

£12million ($24m) Wiped off Helphire Stock after Malicious Email Sent to Clients

Car hire firm Helphire have taken Google to court after a malicious email sent from a Gmail account saw their shares plummet £12million in a single day.

The Bath-based business who specialise in providing replacement cars to ‘no-fault’ drivers involved in accidents on behalf of car insurance companies, initiated legal proceedings against the search engine giant as part of their attempt to find out who is responsible for sending the defamatory mailing.

Google are now known to have complied with the court order and have controversially supplied details of the email account and ISP used by the meddler.

Written under the psudoname Peter Franks, the 1200 word email is know to have been sent from a gmail account that was opened specifically for this purpose and closed a few minutes after the damage had been done…

…The misdemeanour couldn’t have come at a worse time for the struggling firm who have undergone a £45million rights issue and seen a 75% drop in the value of their stock already this year.

That last paragraph, for me, explains some of the difficulty in tying reputation damage to stock decreases.  It’s like when you read the headlines from Bloomberg about why the days stocks (or commodity) prices are up or down.  You know, the “Oil closes $3 higher on news that a notable South American dictator has a rather unpleasant boil in a very uncomfortable area” type of headlines.  You really do have to question the causality and correlation.  So in the Helphire case above - is this new drop in stock really because of the email sent?  If so, should we view that $24mil number as an independent data point to describe this sort of attack on reputation, or is the magnitude aggravated due to the long-term trend of stock price?

Even when we have “Objective Data” (an in-joke for Adam S.) like this decline in stock price, it is really difficult to provide any sort of precise estimate or measurement - about the future, present or past.  The best we can do is use ranges, distributions, that are reasonable based on evidence and observation.

So it’s worth filing away this sort of datum for future use - while dutifully acknowledging the qualifiers we might place around it.

So the questions I ask here - what should we make of this new information, and how should we view the $24million drop - they’re not rhetorical.  I am very interested in your views and welcome your comments!

Please withhold all serious and interesting wireless news until after Labor Day, 'kay?

Back to CEP and EPTS, there are folks who appear to believe they may define “CEP” by the current use cases from self-described CEP vendors. Frankly speaking, I am puzzled by the bottom-up approach.

The bottom-up approach is a bit like saying “We have a lot of prototype rockets being built, so let’s define the future of space travel based on the prototypes!”

It really makes little sense, at least to me, to attempt to define CEP based on what the current generation products (self-described CEP products) are capable of doing.   

From my persective, it would be more beneficial to customers to define the types of complex events (and situations) businesses need to detect in real-time and match the technologies and solution architectures to detect those events, in real-time, with high confidence.

A lot of this “top down thinking” has been already done.

IT businesses need to detect operational threats and problems, and be able to pinpoint, with very high accuracy, where the problem is in a complex network, for example.  This problem remains mostly unsolved with a very low signal-to-noise ratio.

Also, most businesses would like to detect fraud and other criminal activity on their network before the activities adversely impacts their business.   This problem remains unsolved for most companies.

Scientific researchers seek models of weather, epidemiology, and so much more; and they need event processing solutions to obtain situational knowledge into current events and predict future ones.  We know how difficult predicting the weather can be!

Folks on the ground need to model urban traffic as events and design better event-driven traffic models and solutions.

The list of important event processing challenges we face go on and on.  

While I see some merit in the bottom-up approach, it is better for users to define what are practical “complex event” related problems and then look for the solutions, vs. define the solution and then look for the problem.

From a strategic perspective,  self-fulfilling CEP use case studies are interesting, but they hould not limit the vision, definition, and future of processing complex events; and be careful of use case fallacies.

One of my favorite banks in Thailand is K-Bank. With K-Bank I can simply walk up to an ATM machine and pay a mobile phone bill, purchase mutual funds, buy insurance, or transact an ever-growing list of services payable at the modern and sleek K-Bank ATM.

For example, tomorrow I fly to Chiang Mai in Northern Thailand and found K-Bank’s service amazingly better than in the US. For example, I booked my flight as usual (over the phone, but could have used the Internet) and told the reservation agent I was going to pay by ATM. He simply gave me a PayCode and told me I had three hours to go to the ATM and enter the PayCode to perfect my reservation.  I also got the PayCode via SMS.  This gave me the time I needed to make sure I had booked the perfect boutique hotel in Chiang Mai, the Fern Paradise.

Then, I went out into the beautiful Thai weather and completely my airplane reservation at the ATM machine; which also printed out a receipt with my flight details and reservation number.

It sometimes amazes me how much further advanced some services are in Thailand compared to the US. To me, it feels more secure not to use an on-line payment center or give out my credit card details over the phone. I can simply book a ticket, take a PayCode, and complete the transaction at a nice modern, shiny, K-Bank ATM machine.

Who knows, maybe soon I can select the perfect window seat at the ATM and the receipt will act as my boarding pass!

I say I am live blogging this, but of course you are not live reading this.  That is because I have no way to upload this to my server.  You see the iPhone 3G for all the coolness, has no Internet sharing that I am aware of. My old windows mobile phone had Internet sharing and if I still had that you would be reading this live right now.  But no, not with the iPhone. 

I was scheduled to connect in Cincinnati right about now.  I am obviously missing that connection.  I was flying from there to Columbus and driving about an hour and half from Columbus.  I have a 9am meeting tomorrow.  So unless I feel like renting a car and driving 4 hours whenever it is I land, I am pretty much missing my meeting tomorrow as well. 

What to do?  a). Should I break out of this plane, run to the terminal and try to get on a flight home to Florida  b). Go postal or c). Grin and bear it and try to remember that I love what I do and that is what flying in the summer is all about (actually that summer thing is full of beans, it is no better in winter with weather either!).

So here is the update, we sat on the runway for 4 hours!  Finally took off and landed in Cincinnati at midnight. I had no connection.  Could not get a flight out in the morning, not rent a car and most hotels sold out. I am writing this from the coffee shop of the lovely (and I do mean lovely) Drawbridge Inn. I will miss my meeting in the morning and am booked on a flight home tomorrow.  Ah, the life of a road warrior!

Last summer, the House of Lords Science and Technology Committee issued a report on "Personal Internet Security." I was invited to give testimony for that report, and one of my recommendations was that software vendors be held liable when they are at fault. Their final report included that recommendation. The government rejected the recommendations in that report last autumn, and last week the committee issued a report on their follow-up inquiry, which still recommends software liabilities. Good for them. I'm not implying that liabilities are easy, or that all the liability for security vulnerabilities should fall on the vendor. But the courts are good at partial liability. Any automobile liability suit has many potential responsible parties: the car, the driver, the road, the weather, possibly another driver and another car, and so on. Similarly, a computer failure has several parties who may be partially responsible: the software vendor, the computer vendor, the network vendor, the user, possibly another hacker, and so on. But we're never going to get there until we start. Software liability is the market force that will incentivise companies to improve their software quality – and everyone's security.