This paper, published in Communications of the ACM (June 2013), presents the Complex Event Modeling, Simulation, and Analysis (CEMSA) system developed for the U.S. Department of Homeland Security Science and Technology Directorate. CEMSA enables analysts to quickly integrate data, models, and expertise to arrive at credible consequence analysis of complex events affecting critical U.S. infrastructure.
The Challenge
DHS analysts face the daunting task of assessing the consequences of coordinated attacks that span multiple infrastructure sectors. Consider a scenario involving a distributed denial of service (DDoS) attack timed with highway explosions releasing toxic chlorine gas upwind of a major political event. Such “complex events” produce concurrent and cascading effects across communications, transportation, emergency services, and healthcare systems.
Key Contributions
The CEMSA system addresses this challenge through several innovative capabilities:
- Planning Engine: Generates analysis plans using hierarchical task networks that compose multiple simulation models based on analyst requirements and time constraints
- Approximation Engine: Enables timely consequence analysis through surrogate models when detailed simulations would take too long
- Semantic Reasoning Engine: Uses ontologies to understand when and how models can be coupled together for larger simulations
- Real-Time Field Data Engine: Integrates live sensor data with simulation models for ongoing incident analysis
- Explanation Engine: Provides provenance tracking and sensitivity analysis to help analysts understand and trust results
Practical Application
The paper demonstrates CEMSA’s capabilities through a detailed scenario involving cyber attacks on 4G LTE networks combined with physical attacks releasing chlorine gas. The system composes models from Idaho National Laboratory’s Critical Infrastructure Analysis and Simulation (CIAS), an agent-based Emergency Services Model, and OpNet communications network simulations to assess impacts on emergency response capabilities.
Significance
This work represents an important advance in infrastructure protection analysis, enabling DHS to move from isolated single-sector assessments to integrated multi-sector consequence analysis. The semantic model composition approach allows analysts to rapidly assemble relevant simulations while the approximation capabilities ensure timely results even under strict deadline constraints.
Download the full paper (PDF, 2.1 MB)
Citation: Adam, N., Stiles, R., Zimdars, A., Timmons, R., Leung, J., Stachnick, G., Merrick, J., Coop, R., Slavin, V., Kruglikov, T., Galmiche, J., and Mehrotra, S. “Consequence Analysis of Complex Events on Critical U.S. Infrastructure.” Communications of the ACM, Vol. 56, No. 6, June 2013, pp. 83-91. DOI: 10.1145/2461256.2461276
