In facing the daunting charters of their organizations, it’s safe to say that homeland security authorities, maritime officers, intelligence analysts, and military commanders can never have enough information. But in their endeavors to sponge up every relevant intelligence tidbit, authorities can quickly become overwhelmed by the continuous amount of data flooding in from multiple sources such as messaging systems, tracking systems, and high-volume sensor streams.

Trying to connect these individual data feeds to provide a holistic view and a streamlined workflow to make effective decisions can be a challenging proposition. Many organizations employ robust geospatial tools such as GIS to serve as the information backbone for the myriad data sources that flow in.

Despite the GIS’ prowess in spatial information management and analysis, however, what it can’t seem to provide to users is a simplified way to automatically correlate all the data in real-time to alert users to important changes or events taking place in their areas of interest. Typically, authorities must still manually "check" each individual data source for changes to determine if anything new falls within their particular areas of focus. For example, officers might have to reload a web page or regularly eyeball a vessel-tracking tool. Should something of interest appear, authorities must often manually cross-reference the new data against previously captured information to answer the questions that drive real decisions such as, “Have we seen this ship in this area before?” Or, “Do we have any supporting data from other sources about this enemy “blip” that has appeared in our GIS tool?”

Improving the ability to sense, predict, understand, anticipate, and respond more effectively is what an emerging technology called complex event processing (CEP) aims to provide. A tool that creates situational intelligence from disparate message-based systems, databases, and applications in real or near-real time, CEP software can monitor, correlate, and analyze sources of information on-the-fly and provide contextual alerts that drive action.

CEP technology can detect events such as ships entering certain harbors like the above vessel nearing Iran's Bushehr Harbor and alert users in a variety of ways. In this scenario, the software has detected ship movement and is notifying the user that this ship is of interest and depicting its location on the map. From this alert, the software will also provide other information and offer possible actions that can be taken with this ship of interest: notify others (which can be done automatically) or pull up the shipping manifest for the ship in question. Image courtesy of Agent Logic.

According to Roy Shulte, an analyst and research team leader for application integration and middleware at the analyst firm Gartner Research, CEP software is "the secret sauce of situational awareness.” Coined in the mid-1990s by professor David Luckham at Stanford University, CEP technology is designed to track causality between events and to aggregate complex high-level events from lower-level events to help users determine how those activities will affect their operations and customers. The software simultaneously monitors many different incoming feeds of information, correlates those feeds against historical data or other sources, and applies user-defined rules to identify and to alert users to specific items or scenarios of interest.

In short, CEP is to a spatial information system what the central nervous system is to the body. It simultaneously takes in any and all kinds of information, analyzes it, correlates it, and filters through the layers to provide users with only the most salient nuggets.

At its most basic level, authorities can fill in a simple CEP-based form to specify, "When this kind of event happens, but not of type X, send me an alert.” For example, a CEP product might initially be connected to a sensor feed tracking various aircraft. Based on their own set of rules, users can configure the software to provide alerts on multiple channels when particular targets enter pre-determined areas of interest — geographic areas that can be verified by the user’s GIS. Once user-defined rules have been established, the software can manage the data in two ways, either by actively receiving multiple channels of data or by proactively polling the information sources to detect any changes.

Complicating Matters

As “complex” is its first name, the more complex the IT environment and user rules, the more robust the CEP filter can become, said Michael Appelbaum, chief executive officer and cofounder of Agent Logic, a provider of event detection and response software.

“Maritime authorities monitoring vessel traffic in harbors or specific shipping lanes use many information sources such as automatic identification systems, radar, and GIS tools. Often, every time a new ship enters an area of interest, it is identified by one or more detection systems, and is then plotted to the GIS. In busy ports, it doesn’t take long for the GIS screen to become very hard to read and understand.

“With CEP technology, users can specify a rule that says ‘Only alert me about a ship entering the particular area of interest if the ship originated from country X and is carrying hazardous material according to its shipping manifest, and plot it to the GIS in red,’” said Appelbaum. “Now officers won’t see a thousand points anymore, they’ll see red points for ships carrying hazardous material and blue for those where the ship’s cargo is unknown. That enables analysts to truly drill down to vessels that may be of threat or indicate nefarious activity.”

For military operations such as combat search and rescue, in which spatial awareness is essential and the ability to be decisive is critical, CEP technology can provide the needed personal assistant to commanders to help them plan, execute, and monitor operations. For example, if word comes in that a pilot is down, the software will correlate that information with such critical information as the pilot’s last known position, enemy location, weather data, and the availability of other friendly assets that are able to initiate a rescue. And, if any changes occur to any attribute related to the rescue (for example, the enemy moves or the weather changes), the mission planner will be immediately alerted.

Users also have the ability to set priorities for alerts such as: "Only alert me if the enemy enters Region X or Region Y more than three times over the next 10 days. If the enemy is known to be using weapon type Z, then set the alert priority to three and alert me via GIS; Otherwise, set the priority to one and alert me via a real-time Web browser screen."

With the ability to both define alert rules and set priorities for those rules, officers can manage multiple geospatial events because they can be alerted to the most important events first, said Appelbaum.

Michael Seebold, program manager at Concurrent Technologies Corporation, a non-profit organization that provides applied research and development services, said that his “three-letter” government clients use CEP technology because it’s easy to use and is able to integrate multiple data sources well.

“Department of Defense personnel will use a number of geospatial and information tools simultaneously,” Seebold said. “CEP is a phenomenally easy way to manage and monitor all of that because it enables them to first define what’s of interest to them, to prioritize those interests, and then to instruct the software on how to alert them. Based on pre-defined rules, when a high-priority event occurs, the software can then automatically execute a series of actions such as initiate a rescue or intervention. So it creates an entire workflow for them to make critical decisions efficiently.”

Although CEP is still a relatively new acronym in the world of information technology, Shulte predicts that event-processing technology will be one of the most discussed application integration trends throughout the next five years. Indeed, employing an electronic personal assistant to perform the mundane, yet critical, grunt work to better users’ situational awareness on the border, on the field, in the air, or on the seas would seem to attract a broad audience.

Agent Logic is a trademark of Agent Logic, Inc.