1. There are three scenarios under consideration that would trigger the NEO. We will call them A, B, and C.

Scenario A involves a coup attempt.

Scenario B involves hostilities commencing against a neighboring US ally.

Scenario C involves internal terrorism directed against US nationals.

We have tentatively assigned each of these "trigger" scenarios the following probabilities.

P(A) = .3

P(B) = .2

P(C) = .5

We believe that a network attack (N) against the JTF might be part of the scenarios. Based on preliminary analysis, the chance of a network attack depends on the scenario. We have the following probabilities:

P(N|A)=.3

P(N|B)=.9

P(N|C)=.1

We have two friendly courses of action (COA), I and II. The following table depicts expected friendly losses for each course of action and scenario. A, B , and C respectively

COA 1 30 150 25

COA 2 40 100 30

We use failed log-in attempts on our non-classified PAO server as an (unclassified) intensity indicator of the likelihood of attacks on the secure systems. The time between failed log-in episodes (one episode might include several attempts by the same user until he/she is locked out) is well modeled by the exponential distribution with a mean of forty minutes.

a. Devise a rule based on failed log-in episodes that would indicate that we are experiencing a network attack. The rule should have a false alarm rate of only 1%.

b. Given that your rule has indicated a network attack, revise the probabilities for the different scenarios.

c. Using those revised probabilities, calculate the expected number of casualties for COA I and II.

d. Using the revised probabilities, draw the CDF for the number of casualties under COA I and II on the same graph.

e. In your professional opinion, which COA do you recommend? Why? Justify your decision in writing.