Plugfest is a new phenomenon in the national security technology community, where participants compete in judged evaluations showing how well (and fast) they can create trusted situational awareness in a chaotic/realistic scenario using off the shelf software and existing data sets/streams.
Hands down, one of the coolest things I have seen in months was PLUGFEST 2014, held in conjunction with AFCEA West in San Diego 10-13 Feb 2014.
For context, consider what usually happens when we have a National crisis. In most cases, all the involved agencies spend the first hours forming up their teams and IT capabilities to work together. Precious time is wasted. Some examples: The Tohoku Earthquake and tsunami in Japan in 2011 or last year’s wildfires of Sierra Nevada, California or typhoon Haiyan in the Philippines. Having a plan to immediately gather accurate situational awareness from disparate organizations that do not traditionally work together is key to saving lives.
That’s what the smart folks at PLUGFEST 2014 addressed in their unique competition. By using pre-integrated standards based components, they were able to have a set of tools ready to use in case of a crisis. Having the ability to quickly assemble interoperable capability is critical. COTs tools like Webmethods, Terracotta, and Apama were made available for all the teams.
The scenario that they selected was very challenging: the port of Los Angeles and Long Beach was hacked by someone who wanted to cause havoc. If you think about that possibility, it’s pretty scary. Ships couldn’t be loaded/unloaded. The traffic systems were no longer reliable: a green light no longer indicated it was safe to go. And safety tools, like the emergency alert system, were no longer reliable or available to protect the population.
To make it even more stressful, they injected a chlorine plume into the area. How can you make decisions about where the medical threats are, where the plume will move to, and where you should evacuate? Once the seeds of doubt are injected, it is hard to re-attain trust in the information!
Three teams competed to provide the best integrated IT capability: Industry, Government and Academia. A robust set of agile, open standard, SOA and cloud based tools was available. Using only commercial off-the-shelf capabilities, they were challenged to rapidly integrate these tools together and attain trusted situational awareness.
Source data came from multiple agencies and included bathymetry, cyber attack activity, power, Red Cross shelters, ship locations, traffic, traffic lights, transportation, topography, weather and imagery. Services included alerts, routing, event management, COA development, disaster response preparation and training, cyber security incident response and event impact analysis.
Using these data sources and services, each team developed models of where the fire/chlorine plume was, how it would impact traffic and what the impact of the demographics in that area would impact the threat (heavily populated? English speaking?).
The Industry team used a holistic approach to address the root causes to the problem, vice just being reactive. Early detection was the key. Software AG, AtHoc, VirtualAgility, Kepware, ThreatSTOP, and CloudHelix teamed together to create a common operating picture framework that would enable a real time view of the cyber attacks and their impact. The result was a dashboard that showed very dynamic, in-flight analytics and pattern detection.
Because of competitions like PLUGFEST 2014, we are much closer to having a plug-and-play set of capabilities ready to go when the next crisis occurs. Exercising this this type of innovation and inter-community cooperation is a great step in the right direction! The “Emergency Operating Center in a Box” concept exercised at PLUGFEST 2014 provides an outstanding forum for ensuring that organizations have, in place, systems by which they can adapt rapidly in a crisis. Early detection means a stronger force protection response – something every organization cares greatly about.