Berto Jongman: Activity Based Intelligence — with NSA-NGA Merger Coming Along Nicely

Advanced Cyber/IO
0Shares
Berto Jongman
Berto Jongman

Activity-Based Intelligence Uses Metadata to Map Adversary Networks

Gabriel Miller

Defense News, 8 July 2013

Few outside the intelligence community had heard of activity-based intelligence until December, when the National Geospatial Intelligence Agency awarded BAE Systems $60 million to develop products based on this newish methodology. But ABI, which focuses not on specific targets but on events, movements and transactions in a given area, is rapidly emerging as a powerful tool for understanding adversary networks and solving quandaries presented by asymmetrical warfare and big data.

Indeed, ABI is the type of intelligence tool that could be applied to the vast wash of metadata and internet transactions gathered by the NSA programs that were disclosed in June by a whistle-blower.

Full story below the line.

In May, the U.S. Geospatial Intelligence Foundation’s Activity-Based Intelligence Working Group hosted a top-secret forum on ABI that drew representatives from the “big five” U.S. intelligence agencies.

At the SPIE 2013 Defense, Security + Sensing Symposium on May 1, NGA Director Letitia Long said the agency is using ABI to “identify patterns, trends, networks and relationships hidden within large data collections from multiple sources: full-motion video, multispectral imagery, infrared, radar, foundation data, as well as SIGINT, HUMINT and MASINT information.”

The technique appears to have emerged when special operators in Iraq and Afghanistan reached back to NGA analysts for help plugging gaps in tactical intelligence with information from national-level agencies. These analysts began compiling information from other intelligence disciplines — everything from signals intelligence and human intelligence to open sources and political reporting — and geotagging it all. The resulting database could be queried with new information and used to connect locations and establish a network.

This experience led to a series of seminal white papers published in 2010 and 2011 by the Office of the Undersecretary of Defense for Intelligence. The papers call ABI “a discipline of intelligence where the analysis and subsequent collection is focused on the activity and transactions associated with an entity, population, or area of interest.”

This focus on interactions is the fundamental difference between ABI and previous efforts to integrate different types of intelligence, which were often confined to a single agency and aimed at a specific target.

“When we are target-based, we focus on collecting the target and, too often, we are biased toward what we know and not looking for the unknown,” NGA’s Dave Gauthier said last year at GEOINT 2012. Gauthier, who handles strategic capabilities in the agency’s Office of Special Programs, called ABI “a rich new data source for observing the world and the connectedness between objects and entities in the world.”

ABI attempts to meet two challenges with traditional intelligence-gathering. First, there are no clear signatures for and no doctrine governing the activities of nonstate actors and insurgents who have emerged as the most important threats to U.S. national security. Second, the volume of big data has become “staggering,” in Gauthier’s words. Take, for example, the recent bombing in Boston: There was a massive amount of surveillance imagery available, but analysts initially had no idea whom they were looking for, and moreover, the suspects turned out to look little different from thousands of other spectators on hand.

“ABI came out of the realization that the scheduled, targeted, one-thing-at-a-time, stove-piped analysis and collection paradigm was not relevant to non-nation-state and emergent threats,” said Patrick Biltgen, a senior engineer in the intelligence and security sector at BAE Systems. “We are breaking this one-thing-after-another paradigm because information is flowing … all the time and we don’t know what to do with it because if you’ve stopped to try and collect it, you’ve missed everything else that’s coming.”

NEW METHODOLOGY

Though the USD(I) white papers call ABI a new discipline, many prefer to think of it more as a methodology with several components.

The first is the constant collection of data on activities in a given area, then storing it in a database for later metadata searches. The NGA’s Long recently said the agency is working to create a “model that allows us to ‘georeference’ all of the data we collect persistently — over a long period of time,” one that allows “analysts to identify and evaluate data down to the smallest available object or entity.”

The second is the concept of “sequence neutrality,” also called “integration before analysis.”

“We collect stuff without knowing whether it’s going to be relevant or not. We may find the answer before we know the question,” said Gregory Treverton, who directs the Rand Center for Global Risk and Security. “It’s also not so driven by collection; the collection is just going to be there.”

The third is data neutrality — the idea that open-source information may be just as valuable as HUMINT or classified intelligence.

“Humans, unlike other entities, are inherently self-documenting. Simply being born or going to school, being employed, or traveling creates a vast amount of potentially useful data about an individual,” the white papers say. This tendency has exploded on the Internet, “where individuals and groups willingly provide volumes of data about themselves in real time — Twitter and social network forums like Facebook and LinkedIn are only a few examples of the massive amounts of unclassified data that is routinely indexed and discoverable.”

Finally, there is knowledge management, which covers everything from the technical architecture that makes integrated intelligence and information-sharing possible to the metadata tagging that allows analysts to discover data that may be important, but not linked spatially or temporally.

USAGE EXAMPLES

ABI products take the form of customizable Web-based interfaces that allow analysts to locate associations among data sets using metadata.

“You could call them Web services, apps, widgets, but they help analysts sift through large volumes of data,” said BAE Systems’ Biltgen.

These do not compete with giant systems like the armed services’ Distributed Common Ground Systems, end-to-end databases that connect thousands of users with intelligence information. Rather, they are generally designed to plug into DCGS, then help smaller working groups deal with specific problems.

“Really, what we’re doing is working with the metadata — the dots and the indexes and extracted ‘ABI things’ — to get those on the screen, whereas the large systems really manage streams of imagery for exploration,” Biltgen said. “We go, ‘Let’s take clip marks and the tags that come from exploited video streams and look at all of them at the same time without ever having to touch a frame of video.’ ”

He said the goal is to “precondition the data and make it easier for the analyst to correlate them, apply their cultural awareness and knowledge to them, and really put the thought muscle on the data after it’s been well conditioned.”

So what does ABI actually produce? One common format is activity layer plots. An analyst might, for example, place all available intelligence about an explosion of an improvised explosive device atop information about a kidnapping in the same area, then lay in data about the local bus line, the fruit market at the corner, or the local timber-smuggling operation.Once displayed, the information may overlap or intersect in interesting ways.

To date, ABI has primarily been used in the kinds of operations that have defined Iraq and Afghanistan: manhunting and uncovering insurgent networks. But because ABI is more a methodology than a discipline, and because the products that enable ABI are customizable, the intelligence community sees ABI applied to a broad range of problems.

“The immediate question is, can we expand it beyond counterterrorism and manhunting and the fight against terror?” Treverton said.

He suggested applications such as maritime domain awareness, in which signatures exist for Chinese frigates but not junks.

ABI can theoretically be brought to bear on any problem that might be aided by a “pattern of life” analysis, a prominent phrase in the white papers. In finance, for example, ABI might identify patterns left by a particular kind of criminal.

“You could use this in the insurance industry to try and understand the patterns of life of individuals that steal things from you and make false claims. We do some of that work today,” Biltgen said.

While ABI can help anticipate patterns, advocates don’t claim it can predict future behavior.

“I wouldn’t call it predictive,” Treverton said. “I wouldn’t call anything predictive. That’s asking way too much.”

Still, it may help officials anticipate threats by building a deep understanding of the networks that give rise to specific incidents.

POTENTIAL ROADBLOCKS

Two things could hinder ABI — one technical, one cultural.

It sounds relatively uncomplicated to develop a visual network, say, by tracing all of the tire tracks captured by wide-area motion video in a given area over a period of time. Origins and destinations become nodes, and hundreds or even thousands of tire tracks describe a network from which analysts can extract meaning. But the devil is in the details. For example, it is difficult to define a “vehicle stop” in an algorithm, much less assign meaning to it. Does a “stop” last five seconds or one minute?

“It sounds easy, until you touch the data. You realize that every proposition in that value chain has hidden complexity,” said Gary Condon, an intelligence expert at MIT’s Lincoln Lab, at GEOINT 2012.

The second set of issues are cultural. Even in the post-9/11 era, legal boundaries and security clearances can prevent the kind of data-sharing that makes ABI work. The quantity of publicly available information swells by the day, but the intelligence community still often prizes classified over open-source information. And just as complex: Some of that open-source intelligence raises privacy concerns when U.S. persons are involved.

That’s been at the heart of the outcry over the NSA’s Prism program and phone-record collection.

Still, top-level intelligence officials see ABI as a valuable new tool. Several senior officials from the Office of the Director of National Intelligence remarked on its growing importance at the U.S. Geospatial Intelligence Foundation forum in early May.

“The defense and intelligence worlds have undergone, and are still undergoing, a radical transformation since the events of 9/11. The Department of Defense and the Director of National Intelligence have made information sharing and efficiency priorities,” the spokesman said. “This will increase collaboration and coordination, which will have a multiplying effect on approaches such as ABI.”

Phi Beta Iota:  This is useful, and also troubling.  It is useful, as the first sign that someone in the US intelligence community is actually thinking creatively and in an integrated manner.  It is troubling in that it suggests:

01  NSA and NGA are on a path to a merger — we would prefer to merge NGA and USGS.

02  Now we understand the NRO body at CIA's OSC.  We would not be at all surprised to learn that a duplicate of the OSC's take on its 100+ T-1 lines is going to NGA and stuff is happening there that is well beyond CIA's ken and not shared with the OSC.

03  What is troubling is the loss of perspective.  Activity-based intelligence makes so many assumptions, not least of which are a) that the US needs to be able to watch everything always and b) that the US cultural mind-set steeped in cultural, historical, and linguistic ignorance will somehow define the correct interpretation of the activity — kind of like the CIA drones killing truck drivers taking a crap by the side of the road because some genius decided that was a “signature” for planting IEDs.

Financial Liberty at Risk-728x90




liberty-risk-dark