CRITICAL AVIATION INFRASTRUCTURES VULNERABILITY ASSESSMENT TO TERRORIST THREATS



Similar documents
An important observation in supply chain management, known as the bullwhip effect,

Drinking water systems are vulnerable to

F inding the optimal, or value-maximizing, capital

MASTER EXTREME RISK MANAGEMENT TOOL IN AVIATION SECURITY SYSTEMS

A Simple Model of Pricing, Markups and Market. Power Under Demand Fluctuations

An inventory control system for spare parts at a refinery: An empirical comparison of different reorder point methods

The fast Fourier transform method for the valuation of European style options in-the-money (ITM), at-the-money (ATM) and out-of-the-money (OTM)

COST CALCULATION IN COMPLEX TRANSPORT SYSTEMS

STATISTICAL CHARACTERIZATION OF THE RAILROAD SATELLITE CHANNEL AT KU-BAND

IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 29, NO. 4, APRIL Load-Balancing Spectrum Decision for Cognitive Radio Networks

Monitoring Frequency of Change By Li Qin

Web Inv. Web Invoicing & Electronic Payments. What s Inside. Strategic Impact of AP Automation. Inefficiencies in Current State

Risk in Revenue Management and Dynamic Pricing

Managing specific risk in property portfolios

Load Balancing Mechanism in Agent-based Grid

Corporate Compliance Policy

Project Management and. Scheduling CHAPTER CONTENTS

Local Connectivity Tests to Identify Wormholes in Wireless Networks

Comparing Dissimilarity Measures for Symbolic Data Analysis

TOWARDS REAL-TIME METADATA FOR SENSOR-BASED NETWORKS AND GEOGRAPHIC DATABASES

Service Network Design with Asset Management: Formulations and Comparative Analyzes

construction eal estate health onstruction hospitality energyy healthcare infra PRACTICE AREAS IMPARTIAL. THOROUGH. EXPERIENCED.

Stochastic Derivation of an Integral Equation for Probability Generating Functions

Adequate fixed asset records provide the information necessary to: 1) Report the cost or other basis of valuation

THE RELATIONSHIP BETWEEN EMPLOYEE PERFORMANCE AND THEIR EFFICIENCY EVALUATION SYSTEM IN THE YOTH AND SPORT OFFICES IN NORTH WEST OF IRAN

Failure Behavior Analysis for Reliable Distributed Embedded Systems

17609: Continuous Data Protection Transforms the Game

Title: Stochastic models of resource allocation for services

Design of A Knowledge Based Trouble Call System with Colored Petri Net Models

Risk and Return. Sample chapter. e r t u i o p a s d f CHAPTER CONTENTS LEARNING OBJECTIVES. Chapter 7

Concurrent Program Synthesis Based on Supervisory Control

FDA CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES

Joint Production and Financing Decisions: Modeling and Analysis

OVERVIEW OF THE CAAMPL EARLY WARNING SYSTEM IN ROMANIAN BANKING

IEEM 101: Inventory control

DAY-AHEAD ELECTRICITY PRICE FORECASTING BASED ON TIME SERIES MODELS: A COMPARISON

An optimal batch size for a JIT manufacturing system

Sage HRMS I Planning Guide. The HR Software Buyer s Guide and Checklist

Rummage Web Server Tuning Evaluation through Benchmark

On Software Piracy when Piracy is Costly

Interbank Market and Central Bank Policy

Implementation of Statistic Process Control in a Painting Sector of a Automotive Manufacturer

Machine Learning with Operational Costs

Simulink Implementation of a CDMA Smart Antenna System

Electronic Commerce Research and Applications

Asymmetric Information, Transaction Cost, and. Externalities in Competitive Insurance Markets *

Automatic Search for Correlated Alarms

Branch-and-Price for Service Network Design with Asset Management Constraints

Time-Cost Trade-Offs in Resource-Constraint Project Scheduling Problems with Overlapping Modes

Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation

Synopsys RURAL ELECTRICATION PLANNING SOFTWARE (LAPER) Rainer Fronius Marc Gratton Electricité de France Research and Development FRANCE

The risk of using the Q heterogeneity estimator for software engineering experiments

On the predictive content of the PPI on CPI inflation: the case of Mexico

Buffer Capacity Allocation: A method to QoS support on MPLS networks**

Two-resource stochastic capacity planning employing a Bayesian methodology

Rejuvenating the Supply Chain by Benchmarking using Fuzzy Cross-Boundary Performance Evaluation Approach


Evaluating a Web-Based Information System for Managing Master of Science Summer Projects

Forensic Science International

An Empirical Analysis of the Effect of Credit Rating on Trade Credit

Pressure Drop in Air Piping Systems Series of Technical White Papers from Ohio Medical Corporation

Multiperiod Portfolio Optimization with General Transaction Costs

A MOST PROBABLE POINT-BASED METHOD FOR RELIABILITY ANALYSIS, SENSITIVITY ANALYSIS AND DESIGN OPTIMIZATION

C-Bus Voltage Calculation

A Virtual Machine Dynamic Migration Scheduling Model Based on MBFD Algorithm

A Novel Architecture Style: Diffused Cloud for Virtual Computing Lab

Service Network Design with Asset Management: Formulations and Comparative Analyzes

An Efficient Method for Improving Backfill Job Scheduling Algorithm in Cluster Computing Systems

A Brief Overview of Intermodal Transportation

Storage Basics Architecting the Storage Supplemental Handout

An Associative Memory Readout in ESN for Neural Action Potential Detection

Secure Step Life Insurance gives you peace of mind and provides lifetime financial protection for your loved ones.

What Makes an Effective Coalition?

Partial-Order Planning Algorithms todomainfeatures. Information Sciences Institute University ofwaterloo

Web Application Scalability: A Model-Based Approach

INFERRING APP DEMAND FROM PUBLICLY AVAILABLE DATA 1

RETAIL INDUSTRY. Shaping the Customer s Experience: How Humans Drive Retail Sales in a Ferocious Economy

The Economics of the Cloud: Price Competition and Congestion

The impact of metadata implementation on webpage visibility in search engine results (Part II) q

CFRI 3,4. Zhengwei Wang PBC School of Finance, Tsinghua University, Beijing, China and SEBA, Beijing Normal University, Beijing, China

Effect Sizes Based on Means

Outsourcing and Technological Innovations: A Firm-Level Analysis

Sage HRMS I Planning Guide. The Complete Buyer s Guide for Payroll Software

Piracy and Network Externality An Analysis for the Monopolized Software Industry

Participation in Farm Markets in Rural Northwest Pakistan: A Regression Analysis

X How to Schedule a Cascade in an Arbitrary Graph

Penalty Interest Rates, Universal Default, and the Common Pool Problem of Credit Card Debt

Analysis of Effectiveness of Web based E- Learning Through Information Technology

ANALYSING THE OVERHEAD IN MOBILE AD-HOC NETWORK WITH A HIERARCHICAL ROUTING STRUCTURE

CANADIAN WATER SECURITY ASSESSMENT FRAMEWORK: TOOLS FOR ASSESSING WATER SECURITY AND IMPROVING WATERSHED GOVERNANCE

European Journal of Operational Research

An actuarial approach to pricing Mortgage Insurance considering simultaneously mortgage default and prepayment

Softmax Model as Generalization upon Logistic Discrimination Suffers from Overfitting

Situation Based Strategic Positioning for Coordinating a Team of Homogeneous Agents

Sage Document Management. User's Guide Version 12.1

Migration to Object Oriented Platforms: A State Transformation Approach

Secure synthesis and activation of protocol translation agents

Estimating the Degree of Expert s Agency Problem: The Case of Medical Malpractice Lawyers

THE WELFARE IMPLICATIONS OF COSTLY MONITORING IN THE CREDIT MARKET: A NOTE

Fundamental Concepts for Workflow Automation in Practice

Transcription:

Review of the Air Force Academy No (23) 203 CRITICAL AVIATION INFRASTRUCTURES VULNERABILITY ASSESSMENT TO TERRORIST THREATS Cătălin CIOACĂ Henri Coandă Air Force Academy, Braşov, Romania Abstract: The main urose of risk assessment methods is to identify the breaches of the system, to estimate the likelihood of a threat and to roose solutions for risk mitigation. One of the critical comonents of the risk assessment rocess is to determine the vulnerability of critical infrastructure/system based on ossible risk scenarios. The solutions resented by the vulnerability assessment are divided into two categories: a quantitative model built on the basis of the theory of multi-arameter values and adated to comlex systems by using morhological analysis and a model based on robability theory of assumtions. Keywords: vulnerability assessment, terrorism, aviation infrastructure. INTRODUCTION The airort, as a main infrastructure of aviation system, is a favorite target of terrorist attacks first because of the human losses and material damage, but also because of the owerful sychological imact in case of a success. Any disturbance to the stability of the whole air transort systems will have a leverage effect: decrease the safety of assengers and reduce the demand of air transort services, losses in the aviation industry and ultimately disturbing economic stability (Patriot Act, 200). Predictive models for assessing the risk of terrorism are articularly useful, but they have limitations in case of events of unknown tyology or events which haen once. A ossible solution could be to identify a causal link between the initial events (movement of eole considered susicious, transfers of money in their accounts, trying to urchase some dangerous substances, etc.), frequent and observable enough in terms of consequences, and extreme event (terrorist attack), so that the results can be extraolated (JASON, 2009). Frequency-magnitude distribution model, originally develoed for natural disasters (Newman, 2005), has been adoted and for terrorist events (Clauset et al., 2008). The morhological model (Ritchey, 997; Zwicky, 969) is another descritive analysis model of the comlex situations by dividing the roblem into the arameters/ variables/ comonents and identification all of those relationshis. The use of reetitive cycles of analysis and synthesis, as well as building an internal structure as matrix tye, is the main advantage of this method. The U.S. Deartment of Homeland Security used for terrorist risk assessment a model built on events tree architecture, in terms of annual frequency of occurrence, the robability of successful attack and failure of countermeasures, and consequences (Cheesebrough and Wise; 202). Quantitative assessment aroach of the level of vulnerability, identifying hysical characteristics and oerational attributes that exose critical aviation infrastructure to terrorist threat (DHS, 2008), become essential in achieving security and safety. 73

Critical Aviation Infrastructures Vulnerability Assessment to Terrorist Threats 74 Fig.. The architecture of terrorism risk evaluation In order to release the risk analysis by external ressures in setting the levels of threat, esecially to assess vulnerability and consequences of ossible attacks, we use a quantitative aroach. Alication of quantitative techniques to evaluate the risk of terrorism can bring the following advantages: reduction of attack risk for some targets, by converting them into less attractive targets for terrorists; increasing resilience of system; reduction of recovery time after the attack; reventing the sread of cascading effects. The rocess of terrorism risk assessment can be thought in the context of a general framework, in which the level of vulnerability determines the effectiveness of the system (Fig. ). Stages of evaluation of the threat, vulnerabilities and consequences are articularly imortant in risk quantification aroach because it requires, on the one hand, the availability of secialists in intelligence structures and to interact and rovide timely information needed for further tests, and on the other hand, the definition of normality. We can talk about such a rocess of risk management in order to increase the level of understanding of the issue of risk. Better understanding of the threat, vulnerability and consequences of an attack by using quantitative and qualitative assessments allow decision factors to initiate mechanisms of revention and detection before becoming a reality the otential consequences (Morar and Stefan, 202). 2. DEFINING A SYSTEM IN TERMS OF VULNERABILITY The main arts of the aer will be introduced by numbered titles with Arabic figures and rinted in caitals, font 2t, bold, centered. A free sace will be left above the text and another one below it. Paragrahs will be 6mm indented. The security risk is viewed as a function of the nature of the threat (T), vulnerabilities to attack of a system (V) and the consequences (C) associated with a ossible attack scenario (Willis et al., 2005). In risk analysis, vulnerability is assessed in robability known or erceived of a breakthroughs existence or a malfunction in the system/infrastructure review for a certain eriod of time in the context of a threat scenario tye. Vulnerability Probability (successful attack) Vulnerability assessment refers to the ability of the system to detect the initial event (IE), to delay it in order to reare the answer and to act in such a way as to interrut the sread of the system To assess the vulnerability of aviation critical infrastructures, the following construct which defines the five functions of survival of a system is considered: detection, evaluation, resonse, recovery, revention (DERRP).

Review of the Air Force Academy No (23) 203 Detection is the likelihood of establishing that an IE has been or will be held on the basis of the warnings. Evaluation is given by the robability of the occurrence of false alarms. The resonse is defined by the reaction time of the system necessary to limit or eliminate the effects of roagation. Recovery is the time to return the system to the normality. Prevention is exressed through the totality of measures taken to reduce the vulnerabilities of the system, erceived by adversary as being very difficult to ass. Since the vulnerability is the likelihood of success of an event, once it has been initiated (V success/ie), then it can be calculated as: ( det IE ) ( eval IE ) ( res IE ) ( rec IE ) ( rev IE ) V () An event is initially combated if all stages are comleted, or it becomes a failure if any of the hases fail. 3. DETERMINATION OF VULNERABILITY BASED ON PROBABILITA ASSUMPTIONS 3. The robability of future events. The assumtions theorem does not rovide the ossibility of determining the robability of events occurrence, but their distribution. Thus, in terms of the air transort system, whether within a time interval Δt occurred N events (attacks), K times that being controlled (when one or more combination of several survival functions), the question arises of determining the robability of k times controlled the next n events. The number of ossible variants to occur is C k, and the robability of k times from n n ossible event is k q n-k. The connection between the known data (N, K) and those meant to be calculated (the robability of any variants) is attested in equation (2). k q n k q K q K + k N + n ( K + k ) N K (2) The occurrence robability is calculated by integrating the distribution densities ( K k N n ( K k ) + + + K q, K q N ) of the robability for a single variant in range of values from 0 to. The most likely value of the robability of an occurrence variant of k times of event n is given in equation (3). K + k q N + n ( K + k ) K + k 0 0 K N K 0 q d d 0 ( ) K ( ) N + n ( K + k ) N K d d (3) Thus it can determine the occurrence robability of any variant, as the roduct of the number of variants and the occurrence robability of the variant (eq. 4). P k K k Cn C N ( N + ) Cn (4) K k C ( N + + ) + N + n n The sum of all robabilities of ossible cases should be equal to. 3.2 Case study: Assessing the vulnerability of the air transort system to a terrorist attack. The case study is based on data about terrorist attacks on aviation infrastructure in Euroe and North America during 990-2009. The scenario considered is bomb attack. Statistical data are resented in Fig. 2. Of the total of 34 attacks launched, 29 have been controlled (with no loss of life or injuries). The question is to determine the robability of combat and the following four ossible attacks. Under these conditions, the roblem data are as follows: N 34; K 29; n k 4 Then: P 4 2 9 C 4 C 3 4 35 33 C 39 4 3 8 0, 5 75

Critical Aviation Infrastructures Vulnerability Assessment to Terrorist Threats Fig. 2. Bomb terrorist attacks over aviation infrastructure in North America and Euroe during 990-2009 Source: RAND Database of Worldwide Terrorism Incidents The result can be interreted in terms of vulnerability, as follows: the next four attacks can be controlled entirely with a robability of 50%, which denotes a vulnerability of the system by 50%. Similarly it can determine robabilities for other ossible variants (no attack controlled in the following 4, controlled, 2 or 3 attacks). 4. DETERMINATION OF VULNERABILITY BASED ON THE THEORY OF MULTI-PARAMETER VALUES 4. I-VAM model alication. The vulnerability is a state of the system/ infrastructure and can be quantified by using the model for assessing the vulnerability of the infrastructure I-VAM (Ezell, 2007). The model is quantitatively, based on the theory of multiarameter values and adated for comlex systems by using morhological analysis. Model s architecture is rojected onto five functions that measure the level of rotection of each subsystem/comonent. To each of these functions (detection, assessment, resonse, recovery, and revention) values are assigned, in a scale of to 00 based on exerience or oinion of the exerts. The data acquisition rocess from exerts (NUREG 50, 990) takes lace in six stages:. identification and selection of exerts; 2. lecture about robability theory; 3. resentation of the risk scenarios and system architecture; 4. collection and analysis of data (software suort); 5. resentation and discussion of results; 6. develoment of risk lan. The DERRP model is constructed so that each stage contributes to changing the ercetion of the attacker, in the sense of transmitting the feeling unable to ass. The aggregate value of the function is exressed in relation (5), where m is the size of the assessment, x m the level of m measurement, v m (x m ) value of the function at x m level, and w m is the roduct of the weights for each hierarchical level above the calculated (Parnell, 998). V ) n m w m v m m ) (5) The initial data required for the model, reresented by the relative imortance score and weight of comonents, are rovided by exerts and obtained on the basis of an assigning rocedure. Fig. 3. Triangular distribution 76

Review of the Air Force Academy No (23) 203 The calculation of the exected conditional value is made using triangular distribution (Haimes, 2004). Considering the minimum (m), maximum (M) and robable () values rovided by exerts as reresenting values of a triangular distribution, resulting robability density function f(x) deending on the random variable x (Fig. 3). The calculation of the exected value E[x] for a triangular distribution is made using the equation (6). E[ x] x xf(x) dx (6) To create the structure of the value model, a functional decomosition of the system into subsystems and comonents is required. For examle, it is considered the airort infrastructure as a comlex system whose functional structure is shown in Fig. 4 (Nisalke, 2009). On the basis of functional architecture, the I-VAM model can be build. Thus, considering the aircraft (..) as being made u of the fuselage (...), engines (...2), flight control equiment (...3), you can calculate the value of this comonent according to the equation (7). v w.....3.. ) w...3......3 )...... ) + w...2...2...2 ) + (7) The vulnerability of the aircraft (Ω.. ) is calculated (eq. 8) according to the value of the maximum ossible score (v*) and the calculated value (v.. ). Ω.. v ) v.. ( x) (8) The score value of air oerations subsystem (.) is the sum of the roducts of all the associated comonents and weight associated. For this case, the subsystem value is given by equation (9). v w. ) w..4..4.. ).. ) + w..2..2 ) + w..3..3 ) + ( 9 ) Calculate the subsystem vulnerability (Ω. ). Similarly to all other subsystems, resulting in final the vulnerability of the system, exressed in the relation (0). * Ω V ( X ) V ( X ) (0) where V * (X) reresents the maximum value (00) and V(X) is the total value of the system (eq. ). V (...2. 2 x X ) w ) + w ( ) () The following assessment is used to verify the model: - on every hierarchically level, the sum of the weights must be equal to (eq. 2); m w m i (2) - the sum of values roducts at comonent level has to be equal to the sum of the roducts at the subsystem level (eq. 3), and arameters are ositive (eq. 4). Fig. 4. Simlified functional architecture model of an airort 77

Critical Aviation Infrastructures Vulnerability Assessment to Terrorist Threats.2 wm m m ) wm m m ). i.. (3) i.2.3 - x, v(x), w 0 (4) I-VAM model carries out the vulnerability assessment of a critical infrastructure/system according to ossible scenarios, which realize in fact the link between vulnerability and risk. In the examle shown, we have demonstrated that the vulnerability can be quantified through measures contained in the management of extreme events, and the omega value of vulnerability can be easily comared to the system score. 4.2 Case Study: Assessing vulnerability of an airort to a terrorist attack. The initial data required for the model, reresented by relative imortance score and weights of comonents, were sulied by three exerts in the field of airort security, on the basis of an assigning rocedure. Determination of submitted scores weight was carried out according to the secialty and exerience in the security field. In the shown examle was considered, as a measure of rotection for each comonent in the system, the function of detection. The scenario considered is a terrorist bomb attack on an international airort. Vulnerability assessment stages are:. The functional architecture of the attacked system (theoretical model) (Fig. 4). 2. Assigning relative imortance and the calculation of weights for detection function (Table ). Comonent Aircraft (..) Terminal (..2) Air Traffic Control (..3) Technical Suort (..4) Access Point (.2.) Table. Assigning relative imortance Relative imortance Weight 0 0.33 9 0,30 6 0,20 5 0,7 7 0,39 3. System analysis - data rovided by the 3 evaluators were modeled after a triangular distribution (Table 2). Comonent Aircraft (..) Terminal (..2) Air Traffic Control (..3) Technical Suort (..4) Access Point (.2.) Registration area (.2.2) Public facilities (.2.3) Table 2. Assigning values for each comonent Assessor (0,3) Min Prob. Max 0,0 0, 0,3 0,2 0,5 0,7 2 0 20 5 5 20 45 90 0 30 45 5 35 60 78

Review of the Air Force Academy No (23) 203 4. Calculation of exected value (Table 3). Table 3. Determine the exected value of vulnerability Comonent Weight v(x) Ω (..) 0.33 0,6 0,4 (..2) 0,30 0,46 0,24 (..3) 0,20 3,0 6,5 (..4) 0,7 6,96 5,94 (.2.) 0,39 46,0 32,0 (.2.2) 0,33 30, 9,4 (.2.3) 0,28 39,8 29,2 The value of vulnerability for entire system is 82.89%. The model highlighted a very large system vulnerability (the airort) to the threat (bomb attack) for two reasons:. only the detection function was taken into account; 2. identification of the fact that the land side induces a significant vulnerability in the system, with all the security measures taken so far. 5. CONCLUSIONS Quantifying the vulnerability of critical infrastructure according to the threat scenario and the measures of rotection that can be alied (detection, evaluation, resonse, recovery, revention) is the great reward of the study. The aim of this study is to define the most aroriate model for the analysis of the vulnerability of the aviation system from the risk of terrorism, allowing an imrovement in security and safety. Quantification does not mean certainty, but the adequate surrise growth rocesses, allowing an understanding of the mechanisms of risk assessment of terrorism in aviation. Vulnerability assessment challenges come from: reduced number of terrorist attacks and the diversity of strategies used, the fact that one cannot extraolate the data to estimate the risk of terrorism in the future; the danger of underestimation (to avoid criticism), or overrating (to justify security investments); the call to the community of information (some data collected cannot be used due to the classified nature). BIBLIOGRAPHY. Cheesebrough, T., Wise, R. (202). Alying Modeling and Simulation to Estimate Risk Reduction Benefits for Regulatory Benefit-Cost Analysis, Conference Proceedings Assessing the Benefits of U.S. Customs and Border Protection Regulatory Actions to Reduce Terrorism Risks, Santa Monica, CA: RAND Cororation. 2. Clauset, A., Young, M., Gledistch, K. S. (2007). On the Frequency of Severe Terrorist Events, Journal of Conflict Resolution, 5(), 58-88. 3. Ezell, B. C., (2007). Infrastructure Vulnerability Assessment Model (I-VAM), Risk Analysis, 27(3), 57 83. 4. Haimes, Y.Y. (2004). Risk Modeling, Assessment, and Management, Second Edition, John Wiley & Sons, New Jersey, U.S.A., 276-294. 5. JASON, (2009). Rare Events, Reort no. JSR-09-08, The MITRE Cororation, JASON Program Office, Virginia, 2-3. 6. Morar, R., Ştefan, C.E. (202). On Some Security Measures to Prevent and Fight Aircraft Terrorism. In Review of the Air Force Academy, Vol. IX, No. (20), 6-65. 7. Newman, M.E.J. (2005). Power Laws, Pareto distribution and Zif s law, Contemorary Physics, No.5, 323-35. 8. Nissalke Jr., T.E., (2009). The Air Transortation System in the 2 st Century, Sustainable Built Environment, vol. II, EOLSS Publishing House, 365-385. 9. NUREG, (990). Severe Accident Risks: An Assessment for Five U.S. Nuclear Power Plants, U.S. Nuclear Regulatory Commission: 79

Critical Aviation Infrastructures Vulnerability Assessment to Terrorist Threats Final Summary Reort, Vol., Washington, DC, 52-54. 0. Parnell, G.S., Jackson, J.A., Jones, B.L., Lehmkuhl, L.J., Conley, H.W., Andrew, J.M. (998): Foundations 2025: A Value Model for Evaluating Future Air and Sace Forces, Management Sciences, 44:0,.336-350.. Ritchey, T., (997). Scenario develoment and risk management using morhological field analysis, Proceedings of the 5th Euroean Conference on Information Systems, 053 059, 2. U.S. Congress (200). U.S. Patriot Act of 200, P.L. 07-56, Sec. 06(e), The Library of Congress, 200. 3. Willis, H., Morral, A., Kelly, T., Medby, J. (2005). Estimating Terrorism Risk, MG-388, RAND Cororation, 5-. 4. Zwicky, F., (969), Discovery, Invention, Research - Through the Morhological Aroach, Toronto: The Macmillan Comany, 73-84. 80

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information