!"#"$"!"%"S !

!'tomated #omm'nications
$hreat !lert %eporting System
A business )lan

!"#$%&' &#)&*+' +"*,*)'*$ -./

012) 341*),5.
Double-click here to
6789:;<9=88=
>7;9?:89=8>: edit text.
6789@><9@=@7 A2B
2-CDE#"1$F,'$F&#C
! G#+."4HI' @==@J 0K3

L#" 4)A#"C2'4#) #)1.J )#' 2 ,#14&4'2'4#)F

 Table of )ontents

Executive Summary 2
About the Author 3
Communications Threat Defined 3
Opportunity 4
Product and Program 5
Security Market Analysis 9
Competition and Market Barriers 10
Conclusion 11

See tab sections for a11en1a2

!Pro forma 5inancial Analysis

!Pro1uct 9escri:tion
!Pro1uct Arc;itecture Mono=ra:;
!Presentation >an1outs
 ACTARS
Alan Wilensky
abm@world.std.com

NOTES
I. Executive Summary

A.C.T.A.R.S.™ This proposal describes a market opportunity concerning the civilian application
of a defense-centric technology.1 The technology, communications threat
Automated warning, has traditionally been the exclusive province of the defense industry.
Communications Fighter aircraft, warships, and fixed based military operations have relied on this
technology as a core element of force protection measures, and the maintenance
Threat of situational awareness.
Alert The time for a civilian application of this discipline is at hand with the federal
Reporting government poised to disburse $40 billion to the states for anti-terror readiness.
Only 0.5% of this spending earmarked for RF threat warning systems like
System ACTARS, represents a potential $200 million in revenues. It should be noted that
this $40 billion is in addition to existing state budgets, and exclusive of federal
contract procurements.

A market focused product The author proposes a line of products based upon an architecture of his own
proposal combining the design, using the latest in cost-effective, off-the-shelf equipment. The system
best elements of would automatically detect, rank, and alert system operators to suspicious and
professional ELINT potentially threatening two-way radio activity in proximity to designated
technology, cost effective security-sensitive areas, while intelligently masking routine and legal
off-the-shelf hardware, communications services.2
and the latest structured
data methods. This GUI-based system, ACTARS, would be scalable from portable field units, to
wide area monitoring systems. ACTARS can be considered complementary to a
security alarm system used to protect physical premises - albeit in the domain of
The author wishes to radio signal activities. Law enforcement authorities agree that criminal use of
thank the many members communications equipment is on the rise, and that such nefarious activities tend
of the professional law to be better planned and executed than other, more opportunistic offenses3.
enforcement and security
industries for their crucial Military ELINT&SIGINT4 technology5 is very expensive, and has never been
input on the design of this considered for civil security augmentation, regardless of the benefits it would
groundbreaking system. provide. The author, however, has succeeded in extracting the essential core of
Many lives will be saved these methods for integration with the latest off-the-shelf technology, i.e.,
because of your selfless next-generation RF sensors and software defined radio systems.
contribution.
The result is a design architecture that will provide 90% of the functionality of
military communications threat warning for 10% of the costs. Such systems will
The author also wishes to be deployed in and around key public infrastructure, government buildings, and
thank the Scientists and other areas of concern to state and local law enforcement, as well as by the
Researchers at the former private and corporate security industry. The use of communications equipment in
Israel Defense Intelligence support of suspicious or criminal activity will be discovered and reported, thus
Agency’s Electronic economizing labor, while providing early warning and a critical increase in
Systems Design situational awareness.
Laboratory; without your
innovations, The author is seeking startup funding for R&D, operational proof-of-concept, and
communications threat integration of the initial systems. An investor with technology startup expertise is
warning technology would
be forever the exclusive
domain of the defense 1
Refer to author’s monograph, “GUI-based Terrestrial RF Threat Warning and
community. Ranking System Using a Multivariate Algorithm and Heuristic Method”
2
(see III, The precise meaning of, ‘Communications Threat’)
3
‘Texas Prison Fugitives Used 2-way Radios..’, Houston Chronicle 2001
4
Electronic Intelligence, Signals Intelligence
5
Examples of this type of equipment are radar warning receivers, electronic
warfare systems, and others types of wide and narrow-band intercept systems
that locate and characterize threats in the radio frequency domain.

2
 ACTARS
Alan Wilensky
abm@world.std.com

desired, as is a hands-on approach by said partner to participate in the management and ultimate growth
of the company. The author foresees several scenarios for harvesting the investment as it progresses in
its maturity to market, such as technology licensing fees, direct sales, and a robust systems integration
business. See section VIII for a proposed equity structure.

II. About the Author

Alan Wilensky has been a high technology professional product manager, technical training director, and
analyst for over 20 years. The creator of the TekDisc multimedia service manual standard, Wilensky is a
respected industry authority in applying advanced tools and techniques to product service discipline.
Before entering the network and multimedia field, Wilensky was a Senior RF engineering aid and service
manager, responsible for the design, installation, and repair of trunked repeater systems and IMTS central
office terminal systems. Wilensky is an advanced radio experimenter, holding license N1SS0.

III. ‘Communications Threat’ Defined

The term ‘communications threat’, as used in the context of this monograph, means the use of any type of
radio communications device (two-way radios, walkie-talkies, mobile radios, cell phones, etc.) employed
in support of criminal activities. Specifically, ACTARS is designed to determine when these two-way
devices are used in proximity to an area that has been designated as ‘secure’, and whether these devices
are being used in a potentially threatening manner.

The criminal use of two-way radio comms is not new; the Texas prison break of 2001 was supported with
stolen walkie-talkies. Post 9/11, we are in the unfortunate position of expecting a more sophisticated
criminal. Even if this criminal activity is not terrorist related, the recent increase in off-the-shelf availability
of fairly sophisticated two-way radios1 makes any crime easier.

Discerning routine comms activity from that which is threatening or minimally unusual is accomplished by
capturing transmission events, executing special tests, and profiling behavior. ACTARS is the first system
designed for civilian comms threat reporting. It is an automated system that graphically depicts potentially
threatening radio activity, while filtering out routine and legal traffic. The system is designed to be
operated by non-specialists, and to be mostly unattended until alerts are detected. Basically, ACTARS
accomplishes this in the following way:
A. ACTARS identity profile:

ACTARS automatically tests for three identifying features of any transmission within its defined
sensor range:
1. Transmission Registration
The FCC registered license parameters are checked for context against the captured event.
2. Transmitter ID2
The transmitter fingerprint is captured and compared to the history database. If there is no match,
it is stored.
3. Voice Spectra3
The Voice spectra is compared to history, and stored if no match.

These three identifying features allow ACTARS to rank/include or exclude from display routine
and/or licensed fleet communications which occur within its secure event boundaries. Even so,
ACTARS continuously tracks the ‘behavioral’ profile of any matched or unmatched emitter, using a
formula developed for this purpose:

B. DPAC ranking (Duration, Proximity, Activity, Context)

1
GMRS and FRS radios, some with voice scramblers built in, are available for as little as $50
2
A transmitter fingerprint is the digitized amplitude vs. time plot of the keying envelope’s leading edge
3
ACTARS voice spectra parameters are configured for best probability / performance ratio

3
 ACTARS
Alan Wilensky
abm@world.std.com

The DPAC variables are continuously ranked and used to rate the potential threat of unknown
emitters, and also to evaluate whether known radios are being used in a manner that is out of the
ordinary. These !ehavioral variables are computed and integrated into a graphical representation
on screen, as well as selectively recorded during an alert session.1

The DPAC algorithm is a continuos time series of events, T, T1, TN - when stored for a particular
Context (the three identifying variables previously discussed), this time series defines a ‘threat
behavior’.

DPAC is derived from a complex four-dimensional function, but is explained in layman’s terms as
follows: ‘an increasing session count of decreasing event duration, coupled with a change in angle
of incidence, is deemed a threat; if this threat occurs within the ROI”. The DPAC algorithm provides
a way to quantify this metric, and to store the event profile in the time series previously described.
Whew!

The resulting system can be likened to a security alarm that protects the perimeter of an area or
building, but in the domain of radio transmission behavior. ACTARS ranks threats only in relation to
its configured geographical security area profiles.

A full product description is contained in the appendix. See a description of an ACTARS session in
the above referenced monograph.
IV. A Genuine Opportunity

Although reference to the events of 9/11/01 is becoming a tiresome repetition when characterizing the
expanding market for anti-terror products and services, there have also been numerous previous
instances of domestic crime involving communications technology2. However, a heightened state of
awareness and the imminent influx of federal funding to state and municipal governments, both products
of the 9/11 event, have created an opportunity to adopt appropriate and applicable defense industry
technology, in service of the civil security market.

Has such a problem been considered before? Who would think that communications would represent a
widespread threat, and even if such a threat did exist (as it does now), how could complex military ELINT
technology be applied to a commercial product environment? This question of how to apply ‘cost is no
object’ technology from the defense sector in a civilian setting is the primary focus of this proposal. The
defense industry giants who currently dominate the ELINT and SIGINT market have shown no interest in
such applications. The author’s research shows the management culture of these companies to be slow,
torpid, and subject to Byzantine R&D hierarchies that work against fast time-to-market and the dynamic of
snaring emerging opportunities. In short, those companies host to the best know-how are worst suited to
capitalizing on new opportunities requiring agile and flexible thinking.

The adoption of extant ELINT technology presents several problems; much of it is classified, it’s too
expensive, and is often burdened with customization requirements for each commercial deployment. If not
for the recently available innovations we are about to discuss, there would be no way whatsoever to
create such a commercial RF security system like ACTARS.
A. Three pieces fall into place

The innovations we are about to discuss are not particularly important from an investors viewpoint,
except that their influence on our product design is unique, and confers upon us a competitive
advantage. When properly integrated through clever software engineering, a powerful signal threat
ranking system is born, without tortuous hardware engineering, or the adoption of costly military
ELINT technology. Here are the three innovations:

1
See the attached monograph, “GUI-based Terrestrial RF Threat Warning and Ranking System Using a
Multivariate Quaternary Term Algorithm and Heuristic Method”
2
Please see appendix for articles on criminal use of communications technology
4
 ACTARS
Alan Wilensky
abm@world.std.com

1. The DPAC multivariate method

This logical formula is the soft part of our three innovations. DPAC is the English moniker for a
piece of statistical research born in the Israeli Government Defense Laboratory program and
dating back to the late 1960’s, though it was submitted as a Ph.D. thesis paper in 1997. The
Technion had listed the student’s work under one of many topics in its technology transfer
program.

In short, DPAC provides a means to rank radio communications threats. When translated into a
software routine, this algorithm processes the output of systems hardware and makes it possible
to display these threats with meaning and within context, eliminating or reducing from our display
the inevitable non-threatening radio activity crowding the spectrum. It is a very elegant piece of
work.

It should be noted that the research on DPAC was purely statistical, and completely hardware
systems neutral. Although the Israeli military has certainly deployed this in the field, the author was
not privy to any of these implementation details.

The technical architecture of the ACTARS system is the author’s design in toto. For a more detailed
look at the DPAC method, see the author’s paper mentioned in the previous footnotes.
2. The Software Defined Radio Specification (SDR)

DSP-based radio hardware has been available for years. In the professional ELINT market, the
move from proprietary, closed systems, is slowly giving way to open systems using standard
operating systems and COTS hardware. A vast array of VME bus1 modules are widely deployed in
newer, open ELINT systems. Even with the benefit of mass production, these VME modules are still
expensive from the standpoint of widespread commercialization.

The software defined radio specification is a new API for DSP-based radios - especially the very
latest PCI bus modules. The advent of these very cost effective building blocks makes it possible
for us to migrate the very expensive professional ELINT and SIGINT technology to PC-compatible
platforms with a wide availability of operating systems, development languages, and peripherals.

Although the author saw the potential of the DPAC research in 1997, the market and hardware
platform problems seemed insurmountable. The SDR specification is a timely step toward
providing an affordable ACTARS solution that is scalable from portable systems to wide area
metropolitan deployments.
3. New Generation ‘Smart’ Sensors

Even the defense industry occasionally goofs. The current generation of shipboard and land
based EW systems are bereft of the latest generation of RF sensors. The impact of designing a
system without these sensors is immense. ELINT systems that rely on central processing of raw
antenna inputs places a great burden on system resources. If more intelligence is placed at the
sensor, the computational resources of the system are freed from the routine duties of noise
rejection, event counting, and initial signal characterization.

Thankfully, we are now availed of a growing catalog of smart RF sensors. The vendors of these
new products are eager to work with OEMs and integrators who will deploy and create a market
for these smart sensors.

Other dynamics contributing to this unique opportunity are as follows:

B. Industry Myopia

1
VME is the DEC originated multibus peripheral interconnect standard that now serves higher end
industrial and laboratory control products.
5
 ACTARS
Alan Wilensky
abm@world.std.com

Certain opportunities are so blatantly attractive, one cannot believe the established players have
left the door wide open. The current case is not unique; the author’s creation of the Tech Disc
CD-ROM Service Manual standard and multi-user authoring system is such a case1. Established
industry giants are sometimes too big to see an opportunity. Or, if they do see this opportunity, they
are too slow or otherwise occupied to capitalize on it.

C. Our New Uncertain Age

There were entrepreneurs who sought funding in order to commercialize the DPAC method in 1997,
a fairly quiet time in Israel. Even so, it was felt that Israel was a likely market for this product.
Institutional investors did not agree at the time; this was during the dotcom era. It should also be
mentioned that these inventors had full access to the systems architecture of the existing systems
that the IDF had deployed. They were ahead of their time.

But times have changed. The media has been rife of late with stories of prison inmates breaking
out with the help of stolen two-way radios. The story of an Egyptian national with a pilots radio,
although later found to be baseless, illustrates the level of concern. The federal government is
legislating that $40 billion be disbursed to the states for anti-terror readiness. If only 0.5% is
earmarked for RF threat warning systems like ACTARS, that is $200 million over the life of the
project. It should be remembered that the 40 billion is in addition to existing state budgets.

D. Public infrastructure protection and manpower limitations

Post World Trade Center, we hear of the problems our State and municipal governments are
having with supplying the manpower and resources needed to secure public infrastructure. Power,
water, industrial, and transportation site security is a critical need that technology must augment.
The agencies that oversee these facilities know that a communications threat may be detected
before the actual criminal deed - sometimes preceding it by hours, days, weeks, or months.

The above points need no further elaboration. Detecting potentially criminal, or at least minimally
unusual communications in proximity to sensitive targets of interest will be an important arrow in
the quiver of law enforcement and security professionals. The opportunity is made clear not only by
current events and the political climate, but also new technology trends, heretofore absent and
occasionally unknown even to established industry players.

V. Product and Program

The full product description and systems architecture is available in the addenda. The program of
development and strategic deployment to the market through partnerships and OEM agreements is a very
important concept in this plan, in addition to direct sales of finished systems.
A. Product Description

ACTARS is the first ‘Discrete Signal Event’ based system to be made available to the civilian
security market. ‘Discrete Signal Event’, means that each transmission captured by ACTARS is
identified, learned, stored in database, and profiled for behavior as each session progresses. As
events are captured, the ACTARS system continually refines its identity and behavior profiles,
allowing the system to distinguish between routine and unusual or potentially threatening
communications activities.

ACTARS will be used to provide security in the RF communications domain. Applicable venues may
include just about any facility, campus, or area. Portable systems are envisioned, as are mobile
and fixed installations. Theoretically, there is no limitation to the size of such systems, although
practicality dictates system and operator segmentation for the largest metro areas.

1
The TekDisc plan was proffered to Macromedia, Microsoft, and others. It found ultimate success at a
small Canadian company. It is now a standard and the only multi-user authoring system.
6
 ACTARS
Alan Wilensky
abm@world.std.com

The system is highly automated, but one or more operators are presumed for configuration,
operation, and alert monitoring. The system will include optional unattended event recording, and
automated alerting via several flexible means, i.e., pagers, PDA’s, remote terminals, and outbound
phone/email.

A graphic display system is at the heart of the ACTARS console. Radio comms threats are depicted
as colored icons superimposed over a map of the ROI (Region of Interest). The threat display
updates the position and threat level of all radio activity in or near the ROI. The operator will
configure the system to selectively suppress legal, routine, and known radio activity. Targets that
are temporarily unknown to the operator can be manually classified, and stored for future
automated reference.

B. Program of Development and Deployment Strategy

The excitement of this program is in the birth of an entirely new product category heretofore
unknown to the mainstream security market. An even more important aspect in connection to this
product is that ACTARS and systems like it can circumvent criminal activity well before bad acts are
executed, often in the planning stages1.

1. Development
For the manifold reasons stated in the previous section, technical product development is largely
an exercise in systems integration and programming. The specter of complex hardware R&D is
obviated due to the availability of COTS sensors and PC-based radio modules. The first prototype
systems will require in-lab development and validation in order to provide a stable platform for
extending the basic system features beyond release 1.0.

In the software domain, pre-built options and ready to build in components abound. The very act of
developing on the PC compatible foundation produces a plethora of cost saving options for
ACTARS. The SDR specification is making numerous plug-and-play modules available.

In the labor domain, a small cadre of ELINT and real-time OS specialists comprise the software
team, while the hardware team will be comprised of one RF engineer and the author of this plan.
Certain key vendors are more than casually interested in providing application engineering
expertise regarding product integration. Where their equipment is concerned, they tend to
contribute.

Looking past development of the actual product, growth of the company may include a systems
installation and integration division; this may or may not require additional funding, depending on
the results of OEM product licensing. It may be determined that such partnership agreements are
sufficiently lucrative, and that the venture should remain R&D centered.

Labor availability for these specialists looks to be promising; it should be possible to recruit senior
ELINT engineers and programmers without paying a premium. The proto team should comprise
four members; if the company grows to include professional services teams, we will see an
additional three members.

Total time to market for first system licenses should be within 9-12 months. Functional prototypes
of the UI and basic features will probably become available sooner, perhaps in month 5. See the
appendix for project timelines and budgets.

2. Market Deployment Program

It would be a fine situation if this venture could be capitalized to include the build out of a robust
marketing and professional services organization, but in the interests of expediency, this level of

1
Ask any EW officer that has seen active duty aboard ship, how many times comms threat detection
saved the bacon.
7
 ACTARS
Alan Wilensky
abm@world.std.com

funding will be unnecessary to realize profits. Revenues are foreseen to be provided by

technology licensing and OEM agreements. Other partnership agreements will see the ACTARS
system resold through existing partner channels. Here is a by-channel breakdown of the potential
revenue streams:

i. Security Systems Channel - Integrated Systems, Closed code licenses

Companies that provide large site security to corporate and government facilities are prime
candidates for turnkey system channel sales. Our team would configure systems to order and
spec., and deliver the components pre-tested to the partner. Although these partners are
technically sophisticated, they are not candidates for modification to our software assets,
hence the closed code license. Modifications may be an ongoing generator of revenues.

This channel is attractive for several reasons:

a. Installations tend to be quite large; this provides great economy of effort for given profit
margins. These partners maintain capable field service arms.
b. We are relieved of operating a full-time sales force. These security sector companies
maintain immense sales organizations
c. Partner representation in the trade will be quite good. These partners have a track
record of successfully channeling new technology and establishing it in the market
ii. Security Equipment Manufacturers - closed and open code licenses

These system vendors, some of whom also maintain integration and Prof. Services staff, are
potential partners. These vendors include those providing CCTV systems. Many are on the
cutting edge of facial recognition development, putting them on the front lines of the anti-terror
technology market. ACTARS would be a strong candidate for collocation of RF-sensors with
CCTV and perimeter points of installation.

The author foresees the potential for various partnerships, including those at the system and
product integration level. This is a powerful combination, as making our ACTARS system
plug-compatible with existing sophisticated CCTV and perimeter protection systems will
expand our market.

Some partners will require open code licenses, allowing the modification of our source to aid
systems integration. These licenses are typically more costly for the partner than closed code
licenses and will require greater oversight by our IP auditors.
iii. Defense Contractors Civil Technology Sectors - OEM agreements

Many large contractors have established directorates and often entire divisions dedicated to
serving the civil sector. One fine example is General Dynamics. The Electric Boat division has
had varying success transferring technologies to the public sector - examples include wireless
network systems design, multimedia, and communications. This is also the case for Harris
Corp. They are in the midst of evaluating market opportunities for communications technology
outside of the company’s defense contracts.

This dynamic is obviously driven by the past decade’s rollback of defense spending. The
current renaissance of same will be good for ACTARS, as the focus is in terrorism prevention
and readiness. The author foresees a potentially receptive market for OEM technology
licenses spanning software, and subsystems.

The key to this channel is that one quality success could lead to revenues out of all proportion
to the startup investment. This partnership category is fertile ground for cultivating a potential
acquisition.
iv. Direct Channel

8
 ACTARS
Alan Wilensky
abm@world.std.com

If all goes well with the above channels, the venture may be able to build a direct channel
through sales and professional services. It may be tempting to keep our margins to ourselves,
but these organizational units are costly to start and operate.

v. Vendor Supplier Reuse

Some of the vendors who supply us with major systems components (SDR, DDF), may be
interested in licensing software sub-components as it relates directly to their components. We
will have to evaluate whether this represents an opportunity or an unacceptable competitive
risk.

This wide range of market channels increases the probability that ACTARS will find a wide audience in
markets that we target, and in markets that our partners specialize in.

VI. Security Market Analysis

If the defense industry is experiencing a partial renaissance due to recent events, then the same can be
said for the security industry in its various manifestations. Manned security patrols, both armed and
unarmed, are on the rise at corporate and public venues. Security system installations for premises
protection are continuing to increase in sales volume, according to the SIA trade industry report.1 This
growth is occurring with ferocious speed in the industrial, federal, and municipal sectors. These large
installations are far more sophisticated and costly than residential and business premises protection
systems. Executive and key person protection is yet another vector driving this growth.

The equipment and technology sub-sector of this multi-billion dollar industry is driven by innovation. The
microprocessor revolution brought new intelligence to systems that previously relied on relays and
flashing lights. New technology helps the sector refresh its up-selling strategies, while also providing
growth avenues into new markets. The former is one of several reasons that the author is optimistic about
OEM agreements as larger source of revenue than direct sales.

The new frontier? According to Mr. David Sadler of the SIA, critical infrastructure protection (power, water,
public areas, etc.) is the key to an entirely new initiative in the security industry. Wide area perimeter
protection and highly automated motion sensing CCTV systems configured with embedded Facial
Recognition technology will be the first to stand before the GSA contract wonks. As time passes, meaning
months not years, highly integrated multi-sensor systems will take increasing hold of these very lucrative
projects.

Will ACTARS and other communications environment threat warning systems have a seat at the table?
This will depend entirely on the stir created by these systems when they are operationally demonstrated
live on the trade show floor.
A. Key Points Extracted from the SIA Industry Overview:
1. High-end systems technology is becoming increasingly integrated
2. These systems will see increasing use in public, corporate, and government spaces
3. New innovations in technology and advanced applications will be applied to these systems
4. There will be a trend to extending existing systems through upgrades
5. Methods and technologies that provide early warning and enhanced SA will see a renaissance

All of the above prognostications favor a market climate supporting the ultimate success of
ACTARS.

1
See addenda: SIA Industry Overview for 2001
9
 ACTARS
Alan Wilensky
abm@world.std.com

VII. Competition and Market Barriers

Every new venture faces hurdles, and ours is no exception. Competition is the less onerous of several
barriers we will face. Ultimately, it will be the unspoken fear lurking in the heart of those in positions of
authority, security directors and managers, who will pen purchase orders for our systems. The budgets
and attitudes of these professionals is our main obstacle.

A. Competitors

A review of the industry shows no overtures by the ELINT community to commercialize current
systems for the private security market. Of the half- dozen industry trade associations catering to
premises security, both industrial and residential, no research papers have been submitted vis. the
discipline of RF threat monitoring. The trade associations allied with professional security
management have also remained quiescent on this topic. These observations are current to the
publication date of this monograph.

Competition from the traditional alarm and premises security sector will not be the problem- real
concern must be directed at the professional ELINT industry. This industry, although not in any way
disclosing intent concerning this product class, has the ability to co-opt our work through brute
force and /or the exploitation of our good-intentioned licensing outreach.

These companies, unlike the professional security equipment and services companies, are adept
at federal channel promotions through entrenched GSA relationships - their potential future efforts
in technology transfer to the civil security sector makes them valuable allies, or formidable
competitors.

Startup companies pioneering innovative technologies walk a fine line between promotion and
losing competitive advantage via this very exposure. The alternative is to keep our own counsel
and build a sales and service organization. This self-contained approach harbors no guaranties of
product IP security.

Potential competitors will weigh the cost/benefit of partnership vs. efforts in reverse engineering our
technology. The current rule of thumb for OEM technology use agreements is that a licensee will
pay a fee equal to what it would cost to bring the technology to market in-house, if such a license
will bring them to market quickly.

B. Market Barriers

The greatest barrier for this venture is that despite positive market research, end-user populations
(customers) for this technology will see investment in comms security as irrelevant past mere
curiosity. Although security professionals have responded positively, the test of an attached price
tag is yet to come.

The task of premises and critical area protection boils down to manpower and technology. CCTV,
perimeter systems, facial recognition, etc., - all of these technologies are being considered in
combination with, and as a substitute for, manned patrol1. ELINT professionals agree that RF threat
detection provides the earliest warning of any comparable technology used in protecting physical
premises.

The first argument is that planning and attack may be carried out without the use of two-way
comms. The second argument is that once it is known that RF comms detection is present, bad
actors will operate without comms.

This is all true. Again we turn to the wisdom of professionals in the ELINT sector for counter
arguments:
1
Manned patrol is the most expensive security option
10
 ACTARS
Alan Wilensky
abm@world.std.com

1. Planning and attack may be carried out without the use of two-way comms -

Many forms of criminal activity are executed without the benefit of radio comms. The problem is
that an increasing number of such sophisticated crimes and acts of terror are on the increase.
Acts of crime that are executed without comms are therefore that much less effective in their threat
level.
2. Once it is known that RF comms detection is in use, bad actors might operate without comms.

It is not necessary to advertise the existence of an ACTARS system installation. If it is known to

exist, this knowledge denies the luxury of 2-way comms activity to bad actors.

3. The creators of the DPAC method and the brightest thinkers on security are unanimous in their
opinion thus: “Crime and terrorism planned and executed with the aid of portable communications
equipment is often far more sophisticated in all of its nefarious aspects”1; such a profile is definitely
on the rise.

It is essential that those charged with the security of our private assets and government infrastructure have
tools to combat this threat.
VIII.Capitalization and Equity
See attached

IX. Financial Analysis - 2yr. pro forma

See attached
X. Conclusion

Whether corporate campus, government building or nuclear power facility, security is a variable
determined by complex vectors. In the not too distant past, the idea that organized terrorist cells would
represent a continuing threat to our nation’s infrastructure was almost ludicrous. The ultimate veracity of
that position is no longer open to debate. With $40 billion on the legislative table now poised for
disbursement to the states, the anti-terror ball is now firmly in economic play.

For the foreseeable future, enhanced security technologies like ACTARS will play a role in protecting vital
security interests. The threat of crime and terror aided by technology and communications is beyond our
control; while the response to these threats is firmly in our hands.

1
IACP Technology Review ‘01

11
 ACTARS 2-year projected startup expenses

Y1-2 expenses are projected with the following assumptions:

Domestic R&D and Marketing only

Sales Limited initially to OEM licensing
Development Hardware NRE costs may be reduced by up to 35% if venture is recognized as a 'strategic partner' by vendors
No Manufacturing other than build to order

Expense Y1 Y2
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Fixed NRE's TOTAL TOTAL
Hardware $125,000 $125,000 $75,000 $75,000 $400,000 $50,000 $50,000 $50,000 $20,000 $170,000
Software $50,000 $50,000 $10,000 $10,000 $120,000 $20,000 $5,000 $2,000 $2,000 $29,000
Systems $50,000 $50,000 $100,000 $50,000 $50,000 $50,000 $150,000
Fixtures $10,000 $5,000 $2,500 $2,000 $19,500 $5,000 $2,000 $1,000 $1,000 $9,000
Presentation equip. $5,000 $10,000 $2,000 $2,500 $19,500 $3,000 $2,500 $2,500 $2,500 $10,500
subtotal $190,000 $190,000 $139,500 $139,500 $659,000 subtotal $78,000 $109,500 $105,500 $75,500 $368,500
Marketing TOTAL TOTAL
Collateral $0 $0 $5,000 $5,000 $10,000 $15,000 $20,000 $20,000 $15,000 $70,000
Advertising $0 $0 $5,000 $10,000 $15,000 $10,000 $10,000 $10,000 $20,000 $50,000
Direct Mail $0 $0 $0 $5,000 $5,000 $5,000 $5,000 $5,000 $5,000 $20,000
OEM Licensing campaig $0 $0 $5,000 $10,000 $15,000 $2,500 $2,500 $5,000 $5,000 $15,000
subtotal $0 $0 $15,000 $30,000 $45,000 subtotal $32,500 $37,500 $40,000 $45,000 $155,000
Labor TOTAL TOTAL
Prod. Mgmt. $30,000 $30,000 $30,000 $30,000 $120,000 $30,000 $30,000 $30,000 $30,000 $20,000
R+D $75,000 $75,000 $75,000 $75,000 $300,000 $75,000 $75,000 $75,000 $75,000 $300,000
Sales $0 $0 $0 $0 $0 $25,000 $25,000 $25,000 $25,000 $100,000
Support $10,000 $10,000 $20,000 $20,000 $20,000 $20,000 $80,000
Admin. $0 $0 $10,000 $10,000 $20,000 $10,000 $10,000 $10,000 $10,000 $40,000
subtotal $105,000 $105,000 $115,000 $125,000 $450,000 subtotal $160,000 $160,000 $160,000 $160,000 $640,000
Supplies $3,000 $2,000 $1,500 $1,500 $8,000 $3,000 $2,000 $1,500 $1,500 $8,000
Postage $500 $500 $1,000 $1,500 $3,500 $1,500 $1,500 $1,500 $1,500 $6,000
Telephone $1,500 $1,500 $2,000 $2,500 $7,500 $1,500 $1,500 $2,000 $2,500 $7,500
Legal1 $2,000 $2,000 $2,000 $2,000 $8,000 $10,000 $10,000 $10,000 $10,000 $40,000
Dues $1,100 $0 $0 $0 $1,100 $1,100 $0 $0 $0 $1,100
Travel $0 $0 $4,000 $6,000 $10,000 $10,000 $10,000 $10,000 $10,000 $40,000
SUBTOTAL $8,100 $6,000 $10,500 $13,500 $38,100 SUBTOTAL $27,100 $25,000 $25,000 $25,500 $102,600
GRANDTOT $303,100 $301,000 $280,000 $308,000 $1,192,100 GRANDTOT $297,600 $332,000 $330,500 $306,000 $1,266,100
ACTARS Projected Revenue Y1-2

Revenue -- Pretax
Assumptions:
OEM Licensing Revenue is collected Quarterly; shown here as realized
Assumes 1 OEM license per quarter in each sector starting Y1Q4

OEM Licensing Y1 Y2
Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4
Security Systems VARS TOTAL Security Systems VARS TOTAL
1yr Provisional License $250,000 $250,000 1yr Provisional License $250,000 $250,000 $250,000 $250,000 $1,000,000
2yr Provisional License $400,000 $400,000 2yr Provisional License $400,000 $400,000 $400,000 $400,000 $1,600,000
Installation License Fee $60,000 $60,000 Installation License Fee $60,000 $120,000 $180,000 $240,000 $600,000
$0
subtotal $710,000 $710,000 subtotal $710,000 $770,000 $830,000 $890,000 $3,200,000
Security Equipment MFRs. TOTAL Security Equipment MFRs. TOTAL
Closed Code 3 yr. w/ support $500,000 $500,000 $500,000 $500,000 $500,000 $500,000 $2,000,000
Open Source Code per year w/support $900,000 $900,000 $900,000 $900,000 $900,000 $900,000 $3,600,000
Installation License Fee $60,000 $60,000 $60,000 $60,000 $60,000 $60,000 $240,000
$0 $0
subtotal $1,460,000 $1,460,000 subtotal $1,460,000 $1,460,000
Defense Technology Transfer TOTAL Defense Technology Transfer TOTAL
Closed Code 3 yr. w/ support $500,000 $500,000 $500,000 $500,000 $500,000 $500,000 $2,000,000
Open Source Code per year w/support $900,000 $900,000 $1,000,000 $1,000,000
Installation License Fee $60,000 $60,000 $60,000 $60,000 $60,000 $60,000 $240,000
subtotal $1,460,000 $1,460,000 subtotal $1,560,000 $3,240,000

Fed-State-Muni Direct $0 Fed-State-Muni Direct

$0 GSA $330,000 $330,000 $660,000 $660,000 $1,980,000
$0 State $330,000 $330,000 $660,000 $660,000 $1,980,000
$0 Muni $660,000 $660,000 $660,000 $660,000 $2,640,000
Training* $0 $0
$0 $0
SUBTOTAL $0 $0 $0 $0 $0 SUBTOTA $1,320,000 $1,320,000 $1,980,000 $1,980,000 $6,600,000
GRANDTOT $0 $0 $0 $3,630,000 $3,630,000 GRANDTO$2,030,000 $2,090,000 $2,810,000 $5,890,000 $12,820,000.00
 %@A%B' CD%B *-D
71&( 9 .: ; <=9>=?;

2002 2003
A%'E !"# !"$ %"& '() *+, -./ 0(+ !1# 2(3 415 %)5 416 !"#

Plant Setup, hire, dev. resources

U=9 U=9>
Design Finalization
U=Y F=U
Design Staff Meetings
U=H? F=H?
Vendor Relations Preliminary
F=F F=;>
Sensors + Telemetry
F=;G 99=H
'(#I.5I 4"J=K(L"J
'(#I.5 7.K D$(+,5M+1$ F=H? 9?=9H
>=9? 9?=99
'(#I.5 7.K 4(+NO
>=99 9?=9<
'(#I.5 75.,.+.$I
>=> 99=9
'(#I.5 A($(L(,56 -(,P.5Q
F=;G 99=H
SDR Rack
F=; 99=;9
'6I,(L @.L).#(#, '($(+,M.#
F=; G=9H
BA*' RB' S#,(&51,M.# A(I,M#&
0'7 ARS0 75.,. F=;Y 9?=>
>=99 99=9G
0'7 T'7S0 75.,.
>=9; 99=;9
DDF Network
>=9? 9;=9U
002 75.,.+.$
>=9? 99=;G
002 4"J=K(L"J
9?=9; 9;=9U
Ops Console
'(IIM.# 0V 99=9F H=>
99=9F 9=;H
WM3 2"#+,M.#I X '(5/M+(I
99=9G 9=;>
AR B(& 0V
9;=9Y ;=;G
ARS0 0V
9;=9G H=>
T'7S0 0V
0MI)$16 WMI, 75.+
9;=H H=;
 %@A%B' CD%B *-D
71&( ; .: ; <=9>=?;

2002 2003
A%'E !"# !"$ %"& '() *+, -./ 0(+ !1# 2(3 415 %)5 416 !"#

System Modules
G=U H=Y
Z"1$M:M(5 75.+(II(I
G=U 9;=>
0MI)1,+N(5 75.+(II(I
G=U 9;=9?
S#,(5)5.+ 4(II1&M#&
9?=> 9;=;9
A.Q(# 01,1 0(:M#M,M.#I
9?=9? 9;=;H
7Z A.Q(# B.",M#&
0V W..Q")I 9?=> 9=;9
9=< ;=;F
07% B1#QM#&
9=< H=;
01,1 TMI"1$M[1,M.# %5516I
9=Y H=Y
UI and Functional
9=U Y=>
*3\(+, V(N1/M.5I
9=U <=U
0MI)$16 2.5L1,
;=9? Y=>
Menu Hierarchy
*)(51,.5 9?=> 9=9<
9?=> 9=>
%KLM#
9?=9; 9=9?
'6I,(L
9?=9; 9=9<
'6I,(L S#,(&51,M.#
U=9; U=;F
'(#I.5 'MLI
9=9 <=9>
D] 'MLI
2M($K A(I,I H=9G Y=H?
<=;> U=;F
D551,1 ^ T(#K.5 I"))$M(5 MII"(I
G=;U 9;=H?
002 A51#I.#K(5 Z".,(I
<=9? Y=>
*)(# S#:.5L1,M.#
U=9; >=<
_W ^ @'% ^ D_ B(&O
Y=;> U=;>
I. ACTARS Product Description

ACTARS is a 'Discrete Signal Event’ system; the first such system designed for the civil security market. All
signal intercepts trapped by ACTARS are identified and analyzed for real time context and historical profile.
ACTARS is self learning, automatically storing unknown signal events for continuos refinement of identity and
behavior profiles.

ACTARS creates unique identity and activity profiles of the radio being monitored. ACTARS captures a great
deal of information about each emitter, and can concurrently capture many emitters in seconds, as it must in an
urban environment where there are many types of radio signals.

ACTARS alerts security personnel to potentially threatening, unknown, or unusual communications within
range of the system’s sensor network. The system is self-learning, and also has the ability to be pre-populated
with known profiles1 and Unique User2 ID’s (UUI).

ACTARS differs from other communications monitoring systems in many ways:

A. Differentiators

A variety of equipment is used for receiving narrow-band two-way communications; ranging from low
end scanning receivers to very high-end spectrum analyzers, this general purpose equipment is often
used for intercepting and decoding communications signals and the information contained therein.
These devices are used to locate hidden transmitters, signal relay stations, and other covert
communications activity. Some are used to locate and track a signal emitter. Scanners are also used by
hobbyists.
Scanners assume previous knowledge of the type and frequency of a suspicious radio, at least
approximately. Spectrum analyzers address this issue, however there is still a need to interpret its
output. All of these methods assume expertise; not likely in a typical security arrangement. An
automated system is needed that prioritizes radio traffic, ignoring the routine, while alerting on the
strange, suspicious, and threatening. Scanning receivers and spectrum analyzers do not profile activity,
nor provide identity or historical context.

Of course, military and federal level SIGINT and ELINT systems will never be used for civil security site
protection3. All of these systems are similar in one respect: they require an operator to interpret their
output. It’s a very esoteric game for specialists, not suited for area protection, and are specifically
unsuited for automated signal security duties manned by non-specialists.

ACTARS is different. ACTARS is a discrete signal event based system. It characterizes the ‘activity
profile’ of each transmission of any signal emitter within its sensor range and learns its identifying
characteristics. ACTARS remembers previously captured emitters, and continuously updates its activity
profile.

When an unknown emitter is ‘trapped’ for the first time, its identity is learned, stored, and monitored in
real time, including location. If the activity is potentially threatening...the operator is alerted by display,
sound, even wireless pagers. The operator may verify the identity of this target, by listening or database
lookup, and can configure system alerts for future reference.

1
Example: there are 22 known radios in use by the on-premises security staff. ACTARS can be
populated with these radio ID’s.

2
Example: This radio goes with this Persons Voice.

3
These multi-million dollar systems used on Warships and Submarines are not even deployed around
embassies due to cost
 B. Features

ACTARS is a 'Discrete Signal Event’ system; this means that all intercepts trapped by ACTARS are
identified and analyzed for real time context and historical profile. ACTARS is a self learning system,
automatically storing unknown signal events for continuos refinement of identity and behavior profiling.
The ACTARS feature set supports all operator activities for configuring, operating, monitoring and alert
functions. Displaying alerts in real time is a central feature, as is recalling alert profiles for historical
analysis and context monitoring.

The following is a preliminary list of standard features, subject to change as prototypes and system
development issues are tested, subjected to end-user focus, and ongoing evolution by the development
and product management team.
1. Default Event Trapping

Any signal event within range of an ACTARS sensor pod is trapped for processing. These events
are then passed for post processing action. Selective configuration modifies how and if these events
are displayed, learned, and stored.
2. Display Format

Discrete signal events are displayed using icons depicting location, identity, threat level, and
configurable supplementary data. The display format is extensible, i.e., icons, alert sounds, and ROI
background images. The tactical GUI can be supplemented by an accompanying data grid for
corresponding event targets. Such supplementary data may be used for the display of extended data
to assist the operator with analysis, or populating the system with known emitter identities.
3. Event Target Functions

Event Target icons are live objects; within the ACTARS GUI, each target depiction can be
manipulated in context, much like an icon on your OS desktop. Some examples of live behavior are :
i. Click1 to monitor (listen)
ii. Shift Click for Context menu - alert sound selection, display preferences
iii. Right-click reveal history
iv. Drag select rectangle for target grouping (CO-transmitter pair marking)
4. Session Features

Sessions are defined as the duration and persistence of ‘start of tracking’ for unknown emitters.
Known emitters are selectively displayed until session time-out. Other session default features
include tally counters, ghost markers for timed out targets, and similar variables defined as
‘temporal’ to the session2
5. Library Features

Library features comprise functions relevant to persistent target (object) storage used across
sessions. An important library feature is off-line population of known transmitters.

C. Standard Functions common to all installations:

1. Track and rank all emissions within sensor range

1
ACTARS in practice will most likely be a touch screen based system

2
Example: from time of acquisition to time out, as defined by operator
 2. Compare TXID, VSPID, and log where unknown
3. Allow operator defined ROI
4. Alert operator to ROI incursions
Simplified Data Flow

FCC DB 5. Log activity to Session database

E

Optional Functions:

WKDB
6. Extended Alert Session storage

Qual
7. Large data set export to allied
systems
TXID DB
8. Remote display on Wireless
terminals
Dispatch VSPID DB 9. Post processing of TXID, VSPID
10.Unique User Profile (UUP) with
SDWRXD
extended meta data
SID+CTOKEN
SID+CTOKEN

D. Hardware Configuration
DDFXD
Pending Qualified
ACTARS hardware, spanning portable
to metro area systems, consist of a
TREXD minimum number of required
components and optional accessories.
A minimum system contains:
1. Operator Console
2. Data Display
DPA loctoken
Display list Proc 3. One remote sensor pack (typically
more)
4. One SDR chassis containing at
least two Receiver Modules
(typically more)
5. One DDF Unit (two or more DDF units required for position fix)

Optional Accessories, appropriate for larger installations may include:

6. Additional Operator Consoles

7. Additional Data display units
8. Additional Sensors
9. Additional SDR Modules
10.Multiple DDF units
11.Operator station for off-line population of TXID, UUP and VSPID
12.Fault tolerant backup, remote network mirroring, and remote access

II. Architecture
 ACTARS architecture is based on sensor dispatched receiver queuing. By putting the intelligence as close to
the signal emitter as possible, ACTARS assigns DSP based receivers to gather other important information. As
each sensor event is triggered, the ACTARS ‘brain’ takes a special profile of the signal source. The frequency,
modulation type, and sector number are captured and sent to the ACTARS Processor. Each event output is
treated as data flow to a post-process, state based time series. In other words:

A. Sensor data is passed to the receiver queue as event token concatenated as (F,C,M,S,D)
1. SDR is assigned from queue
2. A Data token is assembled from the receiver queue output and appended to the Position data (DDF)
3. Qualified emitters are released from queue
4. Pending emitters are tracked and ID refined
5. Subsequent Events are time stamped with P data elements taking priority
6. Display list and background functions process P event stream
B. Emitter identity captured
1. The ID is Compared to a list of stored ID’s
2. A session is started
3. ACTARS tracks and tally’s the key ‘threat profile variables’ during the session
4. If the emitter ID is known, it is displayed as such
5. If the emitter ID is unknown it is stored
6. Unknown ID’s are tracked at higher priority than known, but all are monitored
7. As unknowns are tagged on the display as such, the operator can listen to verify
8. ACTARS continues to trap data, and will automatically search the FCC Database for matches
9. Threat variables are updated for all ID’s in session.
10.If any discrepancies occur (one example, known ID, unknown operator), an alert is generated. Many
types of criteria can be defined as such.

C. Post Process Qualification

When ACTARS captures an Emitter event, the program initiates the post process, including:
1. Voice Spectral Print (VS.) - compared to history DB - if unknown, stored to session DB
2. Transmitter ID1 -compared to history DB - if unknown, stored to session DB
3. FCC Registration DB - looks for match and proper context2

III. Operation

ACTARS is complex internally, but it simplifies the job of security professionals by making the invisible world of
radio communications manifest. This is done all automatically, even unattended. ACTARS uses a clever

1
The TXID is a digital fingerprint of any transmitters time vs. Amplitude envelope characteristic- no two
are alike

2
ACTARS checks any emitter that matches the FCC database is qualified for location and other
characteristics
 formula that takes the output data of many sensors and receivers, and automatically ranks and records what it
‘deems’ is unusual, threatening, or out of the ordinary. Much of this is operator configurable. Discovering an
emitter’s Identity is the key to ACTARS.

A. ACTARS Threat Warning ‘events’ and ‘sessions’

The activity profile of known and unknown emitters is a primary ACTARS metric. When a session is
initiated by the appearance of a known or unknown emitter, ACTARS springs into action, identifying the
ID of transmitter and operator, while also looking up operating frequency and other FCC data for
comparison.
1. ACTARS traps transmitter frequency instantaneously
2. ACTARS displays transmitter activity
3. A target transmitter is represented on screen as an icon
4. color is representative of threat
5. shape denotes know/unknown
6. Flags denote match/mismatch
7. absolute Location is shown in target area
8. All status updated until session cleared by time-out or operator

B. Operator Interface

ACTARS Operator Console is a GUI system; the background image is a depiction of the secured area
and sector sensor ROI. An operator manning the console would see each transmission event as
described previously, using icons of varying shape and colors. Additional extended data relating to each
emitter event would be optionally revealed by attached text captions, tabular grid display, or by selective
pointer access by the operator.

As it may be impractical for every installation to provide a dedicated console operator, ACTARS will
provide for unattended event alerting, paging, and event recording. Each emitter event may be
automatically recorded and recalled. The recalled events will replay all captured parameters, including
time/position progress, voice traffic, TXID, VSPID, and TX Reg. Parameters.

The system operator may set a varying threshold for alerts, electing to suppress based on the entire
ACTARS DPAC profile. Operators electing to monitor the console will also see the entire event stream
of all trapped emitters.

Remote access will be optional via OS RAS options.

IV. Applications

The primary ACTARS application is detection of unauthorized RF transmission activity within the sensor
network ROI. The design of the ACTARS post-process functions allow the display and alert subsystems to
intelligently suppress legal and authorized transmissions, which form the vast majority of RF traffic.

This same architecture also allows for applications other than threat alerting, without additional systems
resources. The following examples are typical auxiliary uses of the system:

A. Enrolled transmitter time / location logging

Any ACTARS system may be host to one or more fleets of indigenous transmitters; security patrols,
maintenance, and other facility communications, both mobile and portable, may be routinely expected to
emit scheduled and unscheduled transmissions. The ACTARS default configuration traps each emitter
 event as it occurs, learning and storing the transmitter parameters for future recall.

ACTARS also may be enrolled with known fleet transmitter ID’s; Populating the ACTARS emitter library
with facility fleet radio ID’s is an off-line process taking only 10 seconds per radio. Radio user VSPID
(voice spectra ID) can also be attached as unique to a particular radio, or TXID and VSPID can be
treated as independent verification pools.

Once these system fleet and user ID’s are populated, it is a simple matter for the ACTARS administrator
to configure time and location logging for each transmitter / user ID. Each time an enrolled transmitter is
keyed, its time and location will be logged to a report file. Voice recording may be optionally enabled for
any and all enrolled transmitters.

Enrollment is not limited to owned fleet radios; visiting and service vendors may also be selectively
added to the verification pool.

B. Emergency Transmitter Location

ACTARS provides, as a standard feature, location and identification of all emitters, known and
unknown. An ACTARS systems providing RF signal security to any area can also be used for
emergency location of fleet radios at no additional costs.

Many popular public service two-way radio systems provide an emergency alert feature on all portable
and mobile radios1. This alarm tone is currently used to alert dispatchers to trouble on route or patrol.
Unfortunately, these systems cannot provide location data. The very latest fleet radio systems that
integrate GPS data via the NEMA protocol currently comprise no more than 1% of all North American
PSERS.

Upgrading older radio systems with GPS location services reveals several significant barriers:
1. New GPS capable portable and mobile radios must be purchased; these can cost up to $2,300 each
for portables and $4,000 for mobile2.
2. Analog systems that use in-band signaling (modat) will either have to sacrifice system radio ID tone
burst, or tolerate an extremely long post-key preamble tone. These long bursts are extremely
frustrating to radio users, as they must wait for the tone to cease before speaking.

Current in-band, ID only preambles are about 0.5 second - addition of NEMA GPS data will add
1.0-1.5 seconds of tone to all transmissions. If the burst is configured as a postfix, this adds the
same amount of delay time to the end of the transmission.

If the GPS data is limited to transmission during the emergency alert burst, then any system busy
activity could potentially block the location data burst.
3. System upgrades to the dispatch center are also very costly, and will almost always exceed a typical
ACTARS installation.

C. Transponder based location

A very cost effective ‘demand transponder’ could be developed very inexpensively. Such a device
would provide no two-way radio services. Rather, the device would be activated remotely by any system
operator or authorized user (potentially via touch tone phone), to activate a low-power transmitter with
enrolled system ID. Upon activation, ACTARS would automatically track and alert position of the
transponder. The applications for such devices have been proven by the Lo-Jack corporation for

1
This feature is provided on all Motorola, Ericsson, and EF Johnson radios via ‘MODAT’ Tone burst

2
Current market pricing for Motorola
locating stolen automobiles using the same DDF technology used by ACTARS.

Cost of manufacturing for these devices would be less than $50.00 USD in quantities of 10,000.
GUI-based Terrestrial RF Threat Warning and Ranking System
Using a Multivariate Quaternary Term Algorithm and Heuristic
Method

Alan Wilensky, abm@world.std.com

Thursday, April 11, 2002

Abstract

An increasing number of general criminal activities and terrorist acts are being perpetrated
with the aid of two-way communications equipment. Recent events bearing witness to this
phenomenon have been widely publicized1; corollary to this increasing use of radio
equipment in support of crime, is the fact that such nefarious activities tend to be better
planned and executed than other, more opportunistic offenses.

This monograph explores the creation and integration of a PC-based, RF signal threat
detection system. Such a system would be GUI-based, use COTS2 sensors and systems,
and be scalable from portable field units, to wide area monitoring systems. The system
would automatically detect, rank, and alert system operators to suspicious and potentially
threatening radio activity in proximity to selected targets, while intelligently masking routine
and legal communications services and users. Such a system can be considered analogous
to a security alarm system used to protect the physical premises - albeit in the domain of
radio signal activities.

The perceived market need for such a system has become acute since 9/11. Local law
enforcement, State Police, and emergency management agencies who heretofore would not
have considered these systems in the past are becoming not only interested in such
systematic deterrence solutions, but will soon enjoy a funding renaissance due to pending
federal legislation slated to disburse 40 billion dollars in support of anti-terror spending. It is
precisely these agencies that are charged with the protection of crucial utilities and public
infrastructure; the addition of cost effective RF threat warning would add a robust layer of
early warning to areas of concern to these agencies.

1
The escape of six Texas prison inmates was supported by two way radio comms.

2
Commercial off-the-shelf

19
I. RF Threat detection overview

RF threat detection is not a new discipline; the defense industry has evolved numerous systems for use in
airborne and terrestrial signal security and intelligence. These systems are extremely costly, specialized,
and maintenance intensive. Radar warning and comms threat receivers for use in fighter aircraft are
integrated with other avionics systems and rely on constantly updated threat profiles. Such RWR modules
cost upwards of $150k in contract quantities. C4I systems for battlefield and theater protection integrate
multispectral sensors and terrestrial radar and counter battery systems; such systems when deployed can
reach into the tens of millions. The technology and engineering repertoire are extant.

Federal SIGINT is another area where detection is an evolved art. Such systems are primarily occupied
with signals intercept, decryption, and message content extraction. These systems, used by the NSA and
other three letter agencies, are most often deployed in situations where the emitter is of know type and
location.

Threat warning and ranking for the purpose of civil security is an unexplored and almost entirely
unexploited application and market. The science of sensor event triggered detection, however, has been
deployed in at least one known instance: the Israeli Defense Intelligence Agency has deployed wide area,
automated RF threat detection and ranking in the occupied territories in the West bank, Gaza, and at
numerous military checkpoints.

This system was innovated in the late 1960’s, as a result of research ongoing by the IDIA ESDL
(electronic systems division laboratory). The ESDL, in cooperation with the Technion, evolved a statistical
model and multivariate algorithm which quantified four key variables of radio comms threat activity. In
addition, a procedural heuristic method lending itself to computer automation was refined and integrated
with the four term multivariate; the resulting ‘system’ was developed, prototyped and proven on VME
systems hardware over a 20 year period. The system is distinguished from typical SIGINT and ELINT
systems by the fact that its raison detre is automated ranking and dispatch, as opposed to message
content extraction.

In 1997, the academic portion of the multivariate algorithm and heuristic method was declassified and
published to the Hebrew language academic community. The author of this paper translated and
explained the method and discipline to Wilensky over a fourteen day period in 1997, shortly after its
publication. ESDL and Technion never disclosed the systems architecture of said method, but according
to the author, did enter the thesis into the university’s technology transfer program CO-administered by the
Israel Ministry of Commerce.1

II. The elegance of the DPAC multivariate and Heuristic method

Ultimately, a commercialized RF threat detection and ranking system comprised of sensors, receivers,
High-Resolution monitors, and computers, will be subject to an RF environment that is dense, spectrum
crowded, and event rich. Such a system needs a means of discerning between legal and ordinary RF
activity, and that which is potentially threatening and/or minimally unusual.

This is addressed with a multivariate algorithm encompassing four terms identified as significant by the
aforementioned research organizations. The computation of this algorithm, interposed between the
dispatching of sensor events, and further augmented by supplemental data provided by DSP post
processing of the decoded signals, reduces the sensor event data stream to include only those deemed
significant. This normalized data event stream is then passed to the display subsystem for depiction to the

1
There are numerous such programs and partnerships between Israeli Universities and government
laboratories. The Ministry of Commerce administers certain of these programs to stimulate foreign investment
in Israel’s High technology sector.

20
 system operator. A graphically rich, multitarget representation of threats, rated appropriately by color and
supplementary icons is the ultimate end product of the system.1

A. The DPAC variables

The four variables were derived from the analysis of ELINT telemetry recordings over a period of
decades. These raw data sources were subjected to an evolving numerical and statistical analysis
protocol -always with an eye to the final deployment in an operating environment, i.e., one using
real sensors and digital receivers.

These ELINT telemetry sources came from a network of sensors placed over the ever changing
security sectors bordering and interpenetrating what are now know as, ‘the occupied territories’.
Many of these sensors were purpose placed for ELINT research, while others were dual use
shared with operational SIGINT. The thesis author stated to Wilensky, “the threat environment
was rich, active and an extreme example of how communications technologies are used in support
of terrorist activities.”

The researcher, as a graduate student, was well aware from his work in government laboratories,
that the mainstream SIGINT community had defined hundreds of variables defining thousands of
signal profile dynamics. The question remained at the time of publishing as to which variables were
most likely to represent threat warning levels with the least complex algorithm. Complex algorithms
are difficult to define in event based systems, procedural programming; further they are difficult to
debug. The decision was ultimately to reduce the multivariate to four terms with a simplified
algorithm, and to supplement this integration with a heuristic method that is suited to sequential
logic programming - as well as available and cost effective technology.

The DPAC variables:

1. D is for Duration
The scale of duration is ranked from 0.5 second to 3.5 seconds. This encompasses
monosyllabic commands (go, fire, shoot, stop, wait, etc.) To short command sentences.
Transmissions less than 0.5 seconds are removed from the x axis plot as noise products or
pulse emissions. Those longer than 3.5 are deemed as ‘unhidden, monitor at leisure’. This
domain is represented as two’s complement numbers distributed along the x axis, though not
zero aligned. The window range is shifted according to a cumulative average of all
transmissions in the current session, defined by the A variable, until terminated by the operator.
2. P is for Proximity.
Proximity is defined as the angle of incidence of two or more CO-transmitters. The range is
defined as 2 degrees to a maximum of 22 degrees. CO-transmitters are defined as two or more
mobile emitters that are in communication with each other. This determination is defined
recursively through the A variable. Angles of less than 2 are deemed not in communication,
those greater than 22 are deemed conditionally improbable, as these distances are not
generally achievable without repeater support. The constraint is non-binding, and can be
defined as needed. P domain is represented on the Z axis.
3. A is for Activity
Activity is defined as the session event count. As the session transmit count is incremented for
each emitter, the algorithm shifts D to right of graph. Session transmit count for each identified
emitter is resolved according to percentage of transmission overlap - any pair overlap of greater
than 30% recursively resets the pair count, A2. Activity is plotted on the Y axis.
4. C is for context
Context is defined as the occurrence of the event within an area of interest, supplemented by

1
Section III describes the proposed system functions more fully, including digital data and voice logging, voice
printing, and transmitter identification and location.

21
 three binary sub variables delegated to the heuristic post processor1. The definition, though
complex, can be simplified for the sake of discussion as follows:
i. C prime is true for any event in the ROI (region of interest) that has a non-zero A count
ii. C1 is true for any C event with a known TXID (transmitter ID fingerprint)
iii. C2 is true for any C event with a known VXID (voice spectra print)
iv. C3 is true for any C event matched against the FCC registered transmitter data set

The four C variables are assembled as a token and sent to the Qualifier function in the
heuristic post processor described below. Therefore the composite C token is appended to
the multivariate DPA plot as binary data.

B. The Heuristic Post processor

Post processing was, at publication of the original thesis, done completely on the host system,
typically a DEC PDP-11 VME bus system. Today, contemporary sensors employ DSP filters and
preselectors that greatly reduce host processing loads. Event counts, noise rejection, etc., can be
accomplished at the input to the Qualifier process. This leaves us with a greatly simplified post
process, depicted in diagram #1.:

This data flow diagram is not a system block functional diagram, yet there are parallels, as many
functions are now encapsulated within this new generation of sensors. Even with efficient post
processing, thousands of events must be processed in an urban environment that probably
exceeds the processing load of the original test systems deployed in the Israeli security areas.

Data flow explanation:

1. E - Event Sensor Block
Although these sensors did not exist at the time of original deployment, an intelligent, cost
effective sensor pack includes the following off the shelf:
i. Near field receiver
ii. Programmable preselector
iii. Directional antenna mux.

The output of the E block is a data word comprising the implied sector ID, frequency, count,
antenna ID (rough bearing), and modulation type. This is raw data, not to be confused with
post processed data.

2. Qualifier
Receives data from X number of E blocks. Performs the following matching tests:
iv. Compares F+M subword from E with FCC data set. Sets C3 bit.
v. Compares F+M subword with session working Database (non-persistent)
vi. Compares PTXID (pre-trans ID) with session TXID database. Sets C1 bit
vii. Compares PVSP (pre-Voice Spectrum print) with VSP session database. Sets C2 bit.
viii. Writes unknowns to working database
ix. Passes full matches to Q (qualified) data stream
x. Passes partial matches to P (partial) data stream

T3ID6s and VSP6s are not derived from the E block, but are routed from the SDWR (software
defined wide band radio) bus.

1
See sec. B, Heuristic Post processing

22
 3. PQ Dispatcher
The Dispatch process receives Q data words with match token appended, and P data words
with sector ID appended. Two temp tables are instantiated for the P+Q streams respectively.
The dispatch process maintains these tables identically, save for the following distinctions:
xi. The Q table is read by the DDFXD (Doppler direction function executive) for the purpose of
tracking Q ID positions and option status (Record activity, log activity, hide from display). Q is
also read by the display list processor at lower priority than the P table.
xii. The P table is refined continuously as the Qualifier process updates the working database
with sensor inputs. This provides a partial input to the display list processor, after TREXD
ranking.

4. DDFXD - Doppler Direction Finder Executive Process

DDF is a key technology in this system, as raw sensor data cannot resolve trends in emitter
movement throughout the ROI. As the system’s commercial product is based on a rich
graphical depiction of threat warnings, accurate position data is key not only to this key
element, but is also used internally by the Post processor to separate emitters in close
proximity. Most important, the P variable is derived from the DDF data in a later process. P+Q
data table entries are appended to a Location token, and sent to the working session database.

5. SDWRXD - Software defined wide band radio executive process.

The Dispatch process selects and controls a bank of SDR radio receivers. Raw sensor
frequency event data is routed to the SDWR executive to service the Qualifier PTXID and
PVSP comparators. A small system may have as few as two SDR’s, a large system may have
as many as 20-50 SDR’s.

The SDWRXD is also used by the options executive1 to delegate radios to recording and utility
duties. Many post capture and post ranking tests utilize the DSP blocks on the SDR modules
to populate the VSP and TXID databases off-line.

6. TREXD - Threat Ranking Executive

The Threat Ranking Executive process is the last to process the P+Q tables before display list
processing.

DPA posting and trend plotting is computed in the central processor by reading dispatched
events from the P+Q tables and the corresponding outputs from the SDR+DDF equipment.
The Duration, Proximity, and Activity are plotted X,Y, and Z, the individual event data points are
appended to C, and its sub variables.

This Imaginary 4D plot is the ‘sister’ plot that accompanies the display list data. An operating
application would map this threat data against a visual depiction of the security zone in which
the sensors reside. The 4D threat warning might be data reduced to colors, and icons to depict
threat levels.

The E-Sensor datastream is asynchronous to PQ Dispatch and Display List processing.

III. Typical Proposed Systems Use Scenarios

A. Each system, from a minimal portable ‘lunch box’, to a metro area deployment, consists of a
minimum number of required components and optional accessories. A minimum system contains:
1. Operator Console
2. Data Display
3. One remote sensor pack

1
The options executive is a product feature, and as such is not included in this monograph

23
 4. One SDR chassis containing at least two Receiver Modules
5. One DDF Unit

Optional Accessories, appropriate for larger installations may include:

6. Additional Operator Consoles

7. Additional Data display units
8. Additional Sensors
9. Additional SDR Modules
10.Multiple DDF units
11.Post processing workstations for off-line study of TXID and VSPID analysis
12.Fault tolerant backup, remote network mirroring, and remote access

B. Standard Functions common to all installations:

1. Track and rank all emissions within sensor range
2. Compare TXID, VSPID, and log where unknown
3. Allow operator defined ROI
4. Alert operator to ROI incursions
5. Log activity to Session database

Optional Functions:
6. Extended Alert Session storage
7. Large data set export to allied systems
8. Remote display on Wireless terminals
9. Post processing of TXID, VSPID
10.Unique User Profile (UUP) with extended meta data

C. Use Case: Municipal Court

The campus area is approximately one city block encompassing 3 buildings - The Courthouse
proper, Admin. Offices, and a municipal services building. The contractee wishes to cover
approaches to the campus, as well as the key interior public access spaces within the buildings.

The Physical system deployment is as follows per the customer’s request:

1. Sensor network to cover the exterior public approaches to the campus to a distance of .5 mile.
This will require a minimum of one sensor pod to cover each corner of the block. Each pod will
have two corner reflector directional antennas switched by multiplex, and one omni-directional
antenna for initial acquisition.

The external sensor data will be transmitted via campus LAN, leased line, wireless telemetry,
or dial-up phone line1.

1
Sensor event data is asynchronous, so the short delay in dial up transmission is permissible

24
 2. Building Sensor Network
As many sensors as necessary will be deployed interior to the buildings to ensure coverage. As
the DDF may not provide granular position data close in, extra sensor pods with tightly focused
directional arrays may be used to provide interior location data.

Internal sensor data is transmitted back to the operations center via hard-line, or telemetry, or
building LAN if available.

3. Operations Center

The client has requested a fully configured operations console with two operator stations,
remote access, and post processing of Unique User ID’s.
i. The ops console will have two stations, with each station having two 21” inch graphic displays.
The primary displays will be used for Threat warning and tracking, operator designation of
target actions, and primary system functions; the secondary display will be used for
configuration, post process work, and report analysis and generation. Either user station can
be set flexibly for 2 monitor threat display if so desired.
ii. Equipment rack
As described in III,A. This system will be additionally configured with :
a. 8 SDR Modules
b. A SAN RAID Array providing fault tolerant storage and backup to tape or
MO disc
c. An NT Citrix Secure RAS server for remote access of the operator console
over dial-up or Internet
d. Duplicate TXID and VSPID hardware for off-line analysis. Appropriate input
systems hardware for importation of off-line sources.
e. UPS system
f. Paging module for unattended operator alerts

4. Sample Session

A typical session may play out as follows, with one true alert, one cleared alert, and several
post proc. tasks. In actual metro-environment use, the system would probably be quite busy.
iii. Manned Shift #1 - Cleared Alert

The operator console is manned from 7:00AM to 10:00PM. During this session, the operator
was alerted to an ‘orange level’ threat pop-up on the display. The location was indicated
graphically as the admin. bldg. Parking garage. The system logged and compared the emitter
as it tracked its position, in this case leaving the garage. A single 2.9 second event, matched
to the FCC database, not paired with any CO-transmitter - this resulted in a cleared alert
tagged on the display as, “known, lone, ID=True = Essex county Sheriffs unit TXID 220, user
unknown”. The meta data was then logged to the persistent database, pending update of the
VSPID. The threat was downgraded to Green, and removed when the session timed out, or
at the operators option.

iv. Manned Shift #2 - Post Process Population Session

The 2nd shift of 4PM - 11:00pm has the operator training the TXID database with the police
dept. Portable and mobile radios as they are mustered for their shifts. These TXID’s will now
be on file for future identification, aiding the system in recognizing friendly units. Voice ID’s

25
 can be logged if desired on the air or off-line by appointment, tape, or phone.

v. Unattended Shift - True Alert

The console is routinely unattended from 11:00PM - 7:00AM. The set configuration for this
shift is operator paging on high alert status.

The system logged numerous cleared transmissions throughout the night; these were stored
for 1st shift review. Several near alerts were deferred due to their being external to the ROI,
never having approached the perimeter. These were also logged for prominent review.

The true alert came at 2:30 AM. The system detected a CO-transmitter pair at the outer edge
of the campus. Although the duration of the successive transmissions were +3.0 sec., the A
count was steadily increasing with no session reset, and the P angle of incidence was
decreasing along with the incrementing A count.

Sensor data was post processed and found no matches in the TXID, VSPID, or FCC
database; however the band plan did match the 2 meter Amateur band, CTCSS was found in
the TX demod data stream, and the pair progressed past the ROI boundary within 5 minutes.

The operator on call was paged at the 1st event detected. She immediately logged onto the
remote terminal and observed the Red TX pair traveling across the outer campus edge. As
the system automatically logged the unknown TXID, and VSPID’s into the working session
database, the operator called the municipal police for dispatch.

On the second event the system showed the probable transmitter type as Amateur radio
operators working through a repeater. The system tagged the threats as such, and found the
repeater registry entry in the FCC database. As the operator became aware of the TX-pairs
progress past the campus, and the probable identity of the threat, she updated the police with
this information and current positions.

The system logged all activity and the operators log-in and log-out. Further review of the post
threat report on the next shift conformed that the repeater was licensed, and the operators
were indeed legitimate.

IV. Conclusion

Obviously the higher the stakes, the more important it is to preempt criminal activity. This proposed
product has the potential to circumvent crime in high value areas, when the crime or its planning are
committed with the aid of two-way communications equipment.

The current market leaders in ELINT have, for the moment, focused only on federal and defense
applications; and if any mention is made at all of RF security in the civil applications arena, it is proffered
as custom services.

The author believes that the current state of the COTS market makes this project a question of integration,
rather than engineering - with the software processing and GUI display adding the real value.

26
 Simplified *ata Flow

&'' )*
!

+,)*

"ual

-.I) )*

)is:atc= 0SPI) )*

S)+E.)

SI)?'-@,!A SI)?'-@,!A

))&.)
Pen6in8 "uali4ie6

-E!.)

)P> loctoken
)is:laB list Proc
 antsel
Sensor Event Sensor Event Sensor Event
PSCsel
Block1 Block2 Block3
command-data

Display

Sensor Demux CPU

Storage

SDR BUS DDF Bus

TCID Proc VSP Fff-line

capture

System Functional Block

 A.C.T.A.R.S.
!"#$%&#'( *$%%"+,-&#,$+. /01'&#
!2'1# 3'4$1#,+5 67.#'%

81'.'+#'( 97:
!2&+ ;,2'+.<7
&9%=>$12(?.#(?-$%

ACTARS Facts:

Provides Signal Security

Logs Fleet Time-Location

Provides Emergency Location

 Markets

Federal State

!nfrastructure Venues

Corporate Municipal

Strategic Security Market Channels

6'-"1,#7 @!3 -0&++'2

6'-"1,#7 AB",4%'+# C&+"D&-#"1'1 EAC
F'D'+.' 6'-#$1 *,G,2,&+ /'-0+$2$57 /1&+.D'1
F,1'-# H'( *0&++'2 IFEJK HAC!K L3*M
!22 L'> H1$+#,'1. ,+ !+#,N/'11$1 *&%4&,5+
New Money

H'('1&2 O'5,.2&#,$+ F,.9"1.'. PQR 9,22,$+ #$ .#&#'.

&+( %"+,-,4&2,#,'.
/0,. ,+ &((,#,$+ #$ 6#&#' &+( 2$-&2 9"(5'#.
F'D'+.' -$%4&+,'. .4'-,&2,S,+5 ,+ %,2,#&17 AOTL/
+$# ,+#'1'.#'(
6#&#' &+( 2$-&2 4$2,-' ,+ 9"7,+5 .41'' D$1 +'>
-$%%"+,-&#,$+. &+( ,+#'22,5'+-' "451&('. &D#'1
UVWW

Key Issues

Key drivers Infrastructure

Crime supported with communications
Port Authorities (airports, terminals)
equipment on the rise

Manned patrol of public infrastructure

US Borders
expensive

Large increase in CCTV systems

Power Generation
installs / upgrades

New vigilance focused on Federal

Water supplies
venues
ACTARS Architecture
F,.-1'#' 6,5+&2 AG'+# X&.'( 67.#'%
H,1.# AG'1 D$1 *,G,2 C&1<'#
*E/6 'B",4%'+# 9&.'(
L'> Y'+'1&#,$+ 6'+.$1. I.2,(,+5 1&#,$ >,+($>M
L'> Z36 N 6$D#>&1' F'D,+'( 3&(,$ 64'- D$1 8*

ACTARS Alternatives ?????

Method Feature Drawbacks

Very Expensive, expert

EW TOA based systems High speed / wide band
operator needed

Panoramic Spectrum Lacks ID, Location, and

Spectrum Analysis
View, flexible activity profile

Unacceptable busy time

Scanners Low cost
no ID or profile
 ACTARS Unique ID Profile
T+.#&+# #1&+.%,..,$+ 'G'+# -&4#"1'V+$ .-&++,+5
*$%41'0'+.,G' 1'5,.#1&#,$+ (&#&9&.' 2$$<"4
/ZTF G,& '+G'2$4' D,+5'141,+#
@68TF G,& F68 F'%$( .#1'&%

/0'.' #01'' [\[ 4&1&%'#'1. ,('+#,D7

'&-0 'G'+# &. "+,B"'K B"&2,D,'(K $1
4'+(,+5?

Behavior vs. Time (DPA) Profile

F,.-1'#' /,%' 6'1,'. $D /1&+.%,##'1V4&,1 9'0&G,$1
@&1,&92'.:
F"1&#,$+ ] O'+5#0 $D '&-0 .'..,$+ #1&+.%,..,$+
81$^,%,#7 ] F'2#& !+52' $D *EN4&,1 ,+-,('+-'
!-#,G,#7 ] AG'+# *$"+# $D '&-0 _ *EN4&,1
H1$% D,1.# &44'&1&+-' $D "+,B"' TFK .'..,$+ .#&1#. &+(
#0' F8!I*M .'1,'. ,. .#$1'( &. /WK /`K /+?
Output
!2'1#.: YaT (,.42&7K .$"+(.K 4&5'1.K 40$+'K 'N%&,2
T-$+. 1'41'.'+# &-#,G,#7 &+( #01'&# G,& -$2$1K
.0&4'
!*/!36 #1&-<. 2$-&#,$+ $D &22 '%,##'1.
C&7 &"#$%&#,-&227 1'-$1( ('%$( .#1'&%
E4'1&#$1 0&. 1,-0 ,+#'1&-#,G,#7K $4#,$+.

Additional Functions
A+1$22'( #1&+.%,##'1 #,%' V 2$-&#,$+ 2$55,+5
A%'15'+-7 /1&+.%,##'1 O$-&#,$+
/1&+.4$+('1 9&.'( 2$-&#,$+
Needed:
F'G'2$4%'+# 9"(5'# ] UbR< N W?`b%
3cF 6#&DD ] W 3H A+5,+''1K W F68 '+5,+''1K W
3/E6 81$51&%%'1K W 41$("-# %&+&5'1 I%'M
L3A ] W.# 7'&1 ddR< I'B",4%'+#K #$$2.K D,^#"1'.M

W.# 7'&1 5$&2 ,. #$ %&1<'# 1'&(7 ,+#'51&#'( .7.#'%.

#01$"50 '.#&92,.0'( .'-"1,#7 4&1#+'1 -0&++'2.K &+(
2,-'+.' #'-0+$2$57 &+( -$(' #$ %D1? &+( Y6!VF'D'+.'
-,G,2 #'-0+$2$57 .'-#$1?