1. Short Description
The
warning message generation module provides users with a mechanism to quickly
construct a standardised message using selection of pre-prepared fields to
support the rapid sharing of information via social media or other electronic
media (e.g., SMS, email, notification, etc.). Each warning message is built
from the following template that contains mandatory and optional fields. The
user may also override certain fields and replace them with free text.
[SEVERITY] [TYPE] for [CATEGORY] {active from [START-TIME]} {until [END-TIME]} {at [LOCATION]}.
{[AUDIENCE] should [INSTRUCTIONS]}. {[EVENT-DESCRIPTION].}
{[ORGANISATION] is [RESPONDING].}
{Update expected at [UPDATE-TIME]}
{Visit [URL]
for more information.} {Contact us on [CONTACT-DETAILS].}
The
pre-loaded options for each field were based on existing research in public
alerting and warning while the actions are customized as far as possible to the
7SHIELD domain and use cases.
The demo
version of the tool is accessible from within ENGAGE while the standalone
version can be accessed from https://wmg.dev.centric.shu.ac.uk/
2. Main Purpose and Benefits
The main
purpose of the tool is to quickly put together a single standardised warning or
alert message that can be shared with citizens, customers, employees or
visitors to the site or in the local area to inform them about an incident, the
level of severity, actions being taken and actions that should be taken by
them.
The
purpose of the tool is to support departments such as the PR, media or social
media teams or security and emergency
response teams to quickly share pre-approved messages whilst retaining a degree
of customisation that is flexible to the current scenario.
3. Main Functions
The main
purpose of the tool is to allow the user to generate a standardised warning
message the conforms to best practices in terms of the type and format of the
information included. Each message has the following elements
[SEVERITY] [TYPE] for [CATEGORY] {active
from [START-TIME]} {until [END-TIME]} {at [LOCATION]}.
[AUDIENCE] should [INSTRUCTIONS]. {[EVENT-DESCRIPTION].}
{[ORGANISATION] is [RESPONDING].}
{Update expected at [UPDATE-TIME]}
{Visit [URL]
for more information.} {Contact us on [CONTACT-DETAILS].}
The
initial message covering severity, type and category are mandatory along with
the time periods and the receiver (audience) actions. Each other portion of the
message, denoted inside {brackets} is optional, that appears only when the user
provides information in that component. The following describes the
pre-prepared options available for each field.
3.1 Severity, Type and Category
The
severity, type and category elements are the three core elements of every
warning message. The severity indicates the seriousness of the message, the
type indicates the type of information being provided and the category
describes the incident itself. All three elements must be present to create a
valid alerting message.
- Red – to be associated with danger and used to notify people to take
action immediately
- Yellow – to be associated with caution and used to notify people of an ‘at
risk’ situation and that they should be prepared to take action
- Green – to be associated with safety and that no action is required.
- Alert: to be used when an event is already occurring, imminent or very
likely to occur and there is a need to take some form of immediate
action
- Warning: to be used when an event is already occurring, imminent or very
likely to occur
- Advisory: to be used when an event is occurring, imminent or very likely to
occur but is less serious than a warning alert type
- Caution: to be used when an event may happen and there is a need to
potentially take defensive or preparedness action
- Update: to provide an update on previous information
- All
Clear: to signify that the event or incident has
passed and that normal operations can resume
- Information: is not related to a
specific incident but where a service update may need to be provided
- Unauthorised
entry – a person evades security checks to enter
the perimeter of the site
- Trespasser
on site (single person) – a single person enters
the site (can be malicious or careless)
- Trespasser
on site (multiple people) – multiple people enter
the ground segment site (e.g., for a protest or with an intention to cause
disruption)
- Unauthorised
UAV – an unmanned aerial vehicle is sighted in the
vicinity of the ground segment
- Unauthorised
entry to building – a person gains unauthorised
access to a building
- Unauthorised
system access (remote) – a person has gained
unauthorised access to the computer systems
- System
unavailability - the system is unavailable for an
unspecified reason
- Cyber-attack – the systems are under an unspecified cyber attack
- DDoS
attack – services are unavailable due to a denial
of service attack
- Jamming
attack – services are unavailable due to a jamming
incident
- Ransomware
- data has
been rendered inaccessible due to a ransomware attack
- Data
breach – a breach of data within the system
(non-personal)
- Personal
data breach – the personal data within the system
has been identified
- Natural
disaster – a natural disaster has affected services
- Severe
weather – a severe weather incident has disrupted
services / made the site inaccessible
- Earthquake
– an earthquake has disrupted services / requires
an evacuation
- Wildfire – a wildfire has spread close to the facility
- Terrorist
attack – a terrorist attack has taken place
- Serious
incident – a generic serious incident is underway
- Datacentre
malfunction – the datacentre is offline or has
suffered damage in some form
- Service
offline – the service is offline for an unspecified
reasons
- Threat
detected – a generic threat has been detected
This
field can also be overridden a free-text entry can be entered.
3.2 Timing and location
Timings are an optional element and
can be used to highlight when the incident started, will (or is expected to)
end and when the next update should be provided. The time is pre-filled with
the current time, a specific time can be selected or the field can be
overridden to provide information such as[MA1]
If the incident relates to specific
location or area this can also be added to the message.
3.3 Audience and instructions
One of the best practices for
public alerting is to make it clear who the message is targeted at and what
action is expected of them. This is an optional element of the message. In
7SHIELD we have identified four main audience types that could be present in
the testing.
- Citizens
- Visitors
- Employees
- Users
A
free text option is also available if more specific targeting is
required.
There are also several standardised
instructions that informs the audience of the behaviour expected of them to
avert or mitigate against the crisis. These are:
- evacuate
immediately
- shelter
in place
- return to
building
- continue
as normal
- alert
physical security team
- alert
cyber security team
- log out
of all systems
- shut down
your personal computer or laptop
- change
password
- log into
system
- wait for
updates
- avoid
making system requests
- enable
MFA
As with the above a custom text
option is also available, two additional recommendations for use in the custom
text field is for the user to make use of the two following instruction types
- go to
[location]
- avoid
[location]
3.4 Event Description
The Event Description field
provides a space for the organisation to add any further relevant information
that is important for them to communicate directly with the public, service
users, customers or employees as necessary. This is an optional and standalone
field.
3.5 Organisation and response
As important as letting your
audience know what is expected of them, it is also of paramount importance to
inform the audience about what action the organisation or responders are taking
to deal with the incident. As it is not possible to cover all possible actions,
a free text option is included alongside the following standard options:
- Investigating
the cause
- Resetting
services
- Updating
service
- Recovering
data from backups
- Coming
back online
- Informing
perimeter security team
- Informing
incident response team
- Searching
for the perpetrators
- Sending
help
- Referred
to [police/civil protection / etc.]
3.6 Further information and contact details
Finally, the message can also
include a link to further information or contact details (such as a phone
number, email address) to contact. This can link to a web page with more
detailed information about the incident or to specific information as required.
4. Integrations with other Tools
The
Message Generation System is integrated within the service layer via the ENGAGE
platform. The messages are generated through a user interface that allows users
to select from pre-selected fields and extract the generated message which can
then be sent through any available channels are desired. The tool itself does
not send or receive data from other modules.
5. Infrastructure Requirements
The MSG tool is a standalone web
application that is integrated into the 7SHIELD system through the ENGAGE platform or separately through https://wmg.dev.centric.shu.ac.uk/
6. Operation Manual
6.1 Set-up
The tool is currently hosted and
accessible through ENGAGE or through the URL https://wmg.dev.centric.shu.ac.uk/
. If a future need arose for a local installation the tool can also be packaged
inside a docker container and deployed.
6.2 Getting Started
There is no set up require the MSG
is direct running continuously.
No
notifications are sent
No data is
received by the component
The tool
operates fully through user input to provide information for each field.
The user
can copy the generated warning message to disseminate it through any available
service (social media, email, etc.)
7. User Interface
The interface of the
message generation tool opens as in Figure 7‑1.
Figure 7‑1: Message Generation –
empty interface
The Fields highlighted with
the RED box denote the minimum mandatory fields to create a complete message.
The remaining fields are optional.
For example, a simple
message could assign the following values to create the message:
- Severity: RED
- Message Type: ALERT
- Category: UNAUTHORISED UAV
- Audience: WAIT FOR UPDATES
- Start: NOW
- End: FURTHER UPDATES
- Update: 22:45
Figure 7‑2: Example simple message
In the case above the
‘override’ options are selected to add specific text to the timings.
The message can keep being
extended in the following manner.
Location: PENTELI OBSERVATORY
Figure 7‑3 Simple message plus
location
Organisation: NOA security
team
Response:
investigating
Figure 7‑4: Simple message plus
organisation and response
Additional contact
information can also be included such as a URL to find further information or a
contact point to call.
Figure 7‑5: Simple message plus more
info and contact information
Users can then simply
select the copy button to copy the text from the autogenerated message and
paste it into their desired service for message transmission.
Figure 7‑6: Generated message
interface and copy mechanism