00:01I'll start off here for the mic with a word that Mike doesn't like too much, which is visualizations.

00:04But I do agree that what we need to do is create what I think of as a visual vocabulary...

00:09...taking the information that we have or that we need for a specific case and turning it into information that's worthwhile...

00:15...and make valuable decisions off of.

00:18What I have here is a specific IRND project that we've been working on since last summer...

00:23...that I didn't know was GeoDesign until I started hearing about this particular conference, the summit.

00:30The problem we have that we're trying to solve is the...is the visualizing of the cyber landscape.

00:35We have three areas that we're working on.

00:37Data processing, turning the very large volumes of log files for all the various network devices into worthwhile information.

00:45And that's kind of where the visual vocabulary comes in...

00:48...is you have to create a meaning to tie in the 3D object that gets back to the information.

00:55So data visualization is the second part of it.

00:57And the third part is what we're most interesting...interested in as geospatial people...

01:02...is making that data geolocated or locating it in space somehow.

01:09Now the solution we're working on is, one, we want to have it provide a more intuitive analysis interface.

01:14And this really gets around the whole concept of human preattentive processing.

01:18This is something we all do every day in our work with GIS and mapping.

01:22It's taking information and making it into a...a visual object that people immediately understand.

01:28You...when you look at an icon of a campsite, you know what it is.

01:33We need to do the same thing for any type of 3D visualization...

01:35...and specifically for us with the cyber information and network events that we're trying to get at.

01:41We're also trying to integrate the...the cybersecurity events and information within the geospatial context...

01:46...which most things, most cyber events and objects, are inherently geospatial, even at something as simple as an IP location.

01:56We're also starting to look at the ability to bring supercomputing analysis to the system that we're work...developing.

02:03The technology we're working with is we want to have a Web-based application, to be as platform independent as possible.

02:10We...we use our ArcGIS Desktop and Server for all of our heavy lifting of the geoprocessing required in the background.

02:17For the 3D global view, I'll use the evil word of Google Earth for now...

02:23...until we can see more speed improvements out of some of the stuff that Es...Esri provides us.

02:28On the...the subnet and local view, which is the...the local computer system as well...

02:34...as the local subnet of firewalls and Web servers and all that other stuff, we use Java 3D.

02:42And looking ahead a little bit to a presentation by Ola, we're...

02:45...we're also looking at the use of the massively multiplayer online role-playing game engines...

02:51...for collaboration and...between different analysts and events.

02:57The last point is the NVIDIA Cue...CUDA...

03:01...which is a way of using the graphics and GPU for supercomputer-like processing.

03:09The...there's one GIS company out there called Manifold GIS that has a...a test that they did...

03:16...showing a surface transformation that would normally take 358 seconds, between 5 and 7 minutes...

03:21...that with this process they've gotten down to 11 seconds.

03:24So that type of analysis gets at the...the potential of giving a near real-time analysis of these log files...

03:30...that are hiding in the background.

03:34The virtual environments that we're building are at the very bottom level, the local system view...

03:39...which will be a 3D viewer into your local computer; the subnet view, which is your Web servers;...

03:46This particular one is a firewall.

03:49...and then the global view, which we'll do on some type of 3D geospatial.

03:53Now the types of events that we can...we can portray here and get it to the analyst is...

03:57Like this here one shows, in the center, a...a central server that is ours and all the connections into it...

04:05...and how it is being affected. Green connections are ones that we think are valid and are of...allowed.

04:13Yellow connections are potentially dangerous, and red connections are active attacks.

04:19The whole point of the system is to get this particular interface where all of that other stuff,...

04:24...all the technology, all of the geoprocessing, all of the log file processing, is transparent to the analyst.

04:32They come in, with a single glance, they can look at this image and see exactly what is happening to that central server.