Securing the Perimeter Virtually
Easy-to-use application analyzes site security, models threats.
A software analysis tool allows military and civilian managers of government facilities to evaluate vulnerability to terrorist attacks quickly. Now being installed at all U.S. military installations, the program calculates the risks that a variety of extremist organizations pose to a base or building, taking into account known tactics, methods of attack, preferred weapons and capabilities. This data is converted into graphics and three-dimensional models that can be stored and incorporated into reports.
In the wake of September 11, a renewed emphasis is being placed on protecting facilities from a broad spectrum of conventional and biological threats. The ability to determine a building’s susceptibility to an attack quickly and easily can make a vital difference, not only in lives but also in maintenance costs associated with added security.
A family of site assessment software tools has emerged in recent years to meet government and commercial needs. Often these programs use three-dimensional (3-D) imagery that allows users to study possible targets and determine the best steps against possible attacks. Site Profiler is an example of this growing market in the security software industry. Developed by Digital Sandbox, Reston, Virginia, the program provides military planners with risk management capabilities by drawing inferences from a variety of data sources.
According to Bryan S. Ware, Digital Sandbox’s chief executive officer, Site Profiler was licensed by the U.S. Defense Department in 1999 as part of a program to develop an enterprisewide anti-terrorism risk management system called the Joint Vulnerability Assessment Tool. The effort was in response to the bombing of the U.S. Air Force barracks in Khobar Towers, Saudi Arabia, and U.S. embassies in Africa.
Digital Sandbox took an approach different from other major computer graphics software companies to develop its product, Ware explains. One common aspect of many other computer graphics-based assessment programs are that they are often based on flight simulator systems. Although visual realism and technical performance is necessary for those systems, problems arise when this type of high-power software is used in other applications.
“We got enamored with making things look as perfect as possible on the screen,” Ware says. There is a price for such perfection, he adds. The programs are expensive, use large amounts of code, are time consuming to implement and build terrain, are often tied to proprietary computer systems, and require expert operators to maintain the software’s visual databases.
As government agencies were trying to incorporate visual realism into a number of software systems, they ignored developments in the commercial sector. Federal program developers completely overlooked the graphics revolution taking place in the personal computer games industry, Ware observes. Although he maintains that Digital Sandbox is not a visual simulation company, it does have experience in commercial games design that has influenced Site Profiler’s user interface.
The Defense Department uses three applications in the suite of tools: counterterrorism, site assessment and a theater information management system. The management system collects data from the site planner and assessor systems and stores it in a data warehouse.
The company also licenses the software as an enterprise application. The software creates and analyzes a series of parameters, rules and consequences that define how hardened a site is against a particular type of attack. Ware claims that previous systems could not fully evaluate the spectrum of security threats because the data was scattered among different sources.
Although military personnel are often quite aware of the risk situation, the possibility and parameters of an attack must be determined. “When you have a high population center, there are a huge number of potential casualties. They are popular targets,” Ware says. He adds that the challenge is to define and model specifics such as building geometry, Defense Department chemical and biological dispersion simulations, and blast models. The software plugs into these data sources and provides users with risk components.
Because the intended user for Site Profiler is a mid- to senior-level enlisted soldier, it was also important to look at computer games for user interface ideas. Younger soldiers are familiar with computer-based games and their editing features. The program’s interface was designed with these aspects in mind to allow inexperienced users to understand and use the tool quickly, Ware explains.
A major goal was to develop a tool that could be used by the average soldier with little or no instruction. The software had to be PC-based and easy to use. Ware cites the Turbo Tax program as an inspiration because it is very simple to use. “Most Americans can’t do the algebra to do their taxes. But Turbo Tax walks you through, provides you with the right answers and formats them properly,” he says. Site Profiler also uses a question-and-answer approach to take users through the assessment process.
At the beginning of an assessment, the program asks a series of questions about a site, and users input a response to each question. During this process, the software reacts to the answers and asks additional questions, tailoring the interview. Once it has the data, Site Profiler begins to create different threat models. The program contains a database of all known terrorist attacks. It provides a description of each incident, the type of attack and the groups responsible. Users select information by type of attack or study a terrorist organization’s tactics and means of operation.
This feature is important because military facilities often base their plans on the most recent attack, Ware explains. Users are able to determine the effectiveness of their security situation by comparing it against a number of potential attacks and weapons based on a variety of criteria supported by expert research. This knowledge model is built on top of the software architecture and combines all of the factors the firm has learned from its experience with distributed simulation and computer games systems, he says. The architecture collects information from multiple sources such as the Internet, communications systems, knowledge area experts and physics data.
Site Profiler also generates building and asset descriptions to provide a mission-critical facility assessment. Users can list the structures they deem vital or that are attractive targets for an attack. Ware notes that during the question-and-answer period, as the program begins building an assessment, a novice user may not provide completely accurate answers. However, the program sifts through a combination of variables and assets to provide an accurate assessment against a specific threat. He cites the example of the Khobar Towers incident. Original security assessments indicated that the facility was safe within a 10-meter perimeter—an observation that had disastrous results because it was well within the effective blast area of a truck bomb.
The program rates the confidence level of a particular risk factor and provides a “quick and dirty” assessment of a site for immediate field use. By taking users through a step-by-step guide of the site construction process, a 3-D model of a facility can be created quickly and easily. Although the graphics are not as realistic as other types of assessment software, developing a site map does not require a major effort from the user, Ware says. The software also incorporates computer aided design files and other high-resolution graphics.
Users draw building outlines in the same manner as they would create a PowerPoint diagram with a few mouse clicks. Double-clicking a building image creates a pop-up 3-D model of the structure. The software calculates and reports structural damage, life loss, and loss of mission capability resulting from an attack, and it stores and uses calculated models of specific threats.
Security facilities such as guard towers and checkpoints can be incorporated. The software also calculates these structures’ maintenance costs, countermeasure factors and deterrence capabilities. Variables such as road and traffic patterns also are generated. For example, users can examine all the potential routes that a car or truck bomb may take to a building.
Once the assessment is complete, users generate an anti-terrorism plan. The entire assessment does not have to be run again for late-arriving information about new threats. It can be inserted directly into the report. The document itself is written in Microsoft Word and fully formatted for government use. Soldiers can then e-mail the report directly to their superiors with the attached 3-D mapping.
“Your response to risks is ultimately doing the right thing at the right time,” Ware says. He adds that to do so, the right tools must be placed in users’ hands. The software is capable of receiving updates and alerts.
A commercial version of Site Profiler is also in development. The civilian program uses more generic data, but it can still model buildings and assess threats. The tool allows an evaluation team to input their observations, attach digital photographs, and create links to Web-based data.
Ware notes that many new commercial users do not have data about the different types of terrorist attacks, which is why content is a major part of the software. The application also meets the needs of state and local governments and consultants, he says.
Another application for Site Profiler is during a breaking crisis. Cities and police departments could use the program to map buildings and regions of a community in real time during an emergency or natural disaster, he explains.
Digital Sandbox also is exploring ways to apply the software to assess computer and network threats. The program’s graphics can be changed to represent computer network assets, and the entire application is reconfigurable to client systems, Ware notes. However, even with these modifications, the application’s heart—its data and software—remain the same, he says.
The Defense Department contract for development of the Site Profiler ended in August 2001. The firm finished field analysis in the fall and inserted post-September 11th data into a new version that will begin a limited rollout in early 2002. The commercial version of the same product will be available within the first half of this year, Ware says.
Additional information on Digital Sandbox is available on the World Wide Web at http://www.dsbox.com.