Network Intelligence: An Emerging Discipline - IEEE Xplore

4 downloads 0 Views 119KB Size Report
LTC (Ret) David E.A. Johnson. The Center for Advanced Defense Studies (CADS). Washington, D.C, USA david.johnson@c4ads.org. Newton Howard, PhD.
2012 European Intelligence and Security Informatics Conference

Network Intelligence An Emerging Discipline LTC (Ret) David E.A. Johnson

Newton Howard, PhD

The Center for Advanced Defense Studies (CADS) Washington, D.C, USA [email protected]

Massachusetts Institute of Technology Cambridge, MA, USA [email protected]

I. INTRODUCTION Prior to 9/11, the intelligence process and tools used by our government were primarily directed at known threats with well understood functions and activities. However, with the rising importance of non-state actors and asymmetric threats, threat-focused processes and tools are now directed at known threats whose functions and activities are not well understood [1]. Today’s intelligence environment is characterized by data overload, with the information age exponentially increasing the volume, variety, and velocity of available data [9]. This environment has spawned the development of an entirely new intelligence discipline, Network Intelligence (NETINT).

during the Vietnam War, Network Intelligence addresses many of the challenges inherent in identifying mechanisms and measuring effectiveness to support Effects Based Operations [CJCS, 2007; Davis, 2002]. The network intelligence analysis process starts with a systems perspective and establishes the status, behavior and linkages of nodes within and between chosen modes. For example, analysis may model relationships between nodes representing individuals and geographic or conceptual modes. Multi-modal analysis can enable the development of a network model for human behavior, while tool-based approaches do not go this far.

The objective of an intelligence discipline is to apply sources, sensors, and analysis to provide a decision advantage or to enhance decision confidence. The current intelligence disciplines each arose out of a change in environment and technology to provide a unique perspective on the threat [Finley, 1995]. Like the tale of three blind men examining an elephant, each is focused on an object, not directly on a relationship. Combined by a talented analyst, they can provide great insight. Current recognized intelligence disciplines include: Open-Source (OSINT), Human (HUMINT), Signals (SIGINT), Geographic (GEOINT), Measurements (MASINT), Technical (TECHINT), and Counter Intelligence (CI) [CJCS, 2007]. All of the current disciplines demand requirements officers, collectors and analysts with unique capabilities.

Network Intelligence consists of three layers and six components requiring specialized training and education.

 

  



          

  

  

 

    

II. LAYERED NETWORK INTELLIGENCE Today, these disciplines leverage network analysis tools to add value to analytical products and enhance analytical capacity to spot non-intuitive linkages. However, Network Intelligence is a discipline, not a tool set. NETINT provides insight into relationships to build a representation of threat functions and describe the behavior of a system of systems. Data sources include other intelligence domains, as well as the ubiquitous computing environment and social media. Unique sensors can produce population indexing, sentiment analysis, and models of human intent [Howard and Guidere, 2011; Blair-Goldensohn, S. et al, 2010]. Rooted in US Air Force targeting processes during World War II and Army Special Operations targeting processes established

978-0-7695-4782-4/12 $26.00 © 2012 IEEE DOI 10.1109/EISIC.2012.52



Figure 1. Network Intelligence Layers and Components

The data layer contains specialized tools and environments that handle raw inputs. The open-source CASOS/ORA environment contains tools that replicate most of the more expensive vendor-tailored solutions [Carley et al, 2011]. A data management system must be capable of populating node attributes from vast amounts of dynamic written, audio, video, structured, and unstructured data, including data from other intelligence domains. While 287

answers to the questions of a single non-expert customer. These products do not produce a systemic view that can address the needs of many customers. They can, however, provide data to support network analysis. A broader view of NETINT can add relevance to the Human Terrain System effort, shape strategy development, and enhance operational assessment.

several commercial vendors handle “big” data, the real challenge is to sort the data to reliably identify attribute, relational, and ideational data that lead to belief, desire and intent modeling [Scott, 2000]. State-of-the-art data management tools enable analysts to discover non-obvious relationships between discrete nodes in a network. However, these tools are only as useful as the data is reliable and complete. Uncertain environments require qualitative analysis and intuitive inference to evaluate potential threats. A comprehensive NETINT toolkit will allow for quantitative probabilistic analysis while using qualitative detail on individual and group processes, human intent, and the meaning of observed phenomena to supplement incomplete data.

III. CONCLUSION To develop analysts capable of establishing a networks perspective and making the proper choices at requirement and analysis layers requires significant training. At present, there is no Agency specializing in NETINT, though several have programs that deal with analysis of human and computer networks. A number of projects at the Defense Advanced Research Projects Agency (DARPA) and the Intelligence Advanced Research Projects Agency (IARPA) seek to improve our understanding of the behavior and influence of social networks. The Center for Advanced Defense Studies has developed and implemented a NETINT analyst training program that combines OSINT research and data with open source tools [CADS, 2012]. Research interns graduating from this program are currently serving as analysts with the Secret Service and Defense Intelligence Agency.

The analysis layer contains tailored analytics and metadata decisions that respond to the intelligence requirements. Meta-data and data mining methodology decisions determine the attributes of nodes and linkages that will feed appropriate analytic tools. The analyst must also understand the constraints and limitations inherent in the analytic products. Thus, a trained analyst could describe the concepts of “centrality” or “density” and their potential usages, as well as where they would be inappropriate measurements [Wasserman and Faust, 1994; Scott, 2000]. Finally the analyst must integrate analytic output into an analytic product that addresses operational requirements in a useful way.

REFERENCES [1] [2]

The requirements layer contains the systems engineering and mode selections that fulfill the requirements of an intelligence question. This question is answered by creating a useful representation of threat functions (a threat process model) that may be queried any number of times and provide a coherent context for responses. The requirements officer must identify the appropriate systems approach. A DIMEP or PMESII model at the grand-strategic or strategic level of analysis, or a faction, tribe, or organizational model at the operational and tactical levels of analysis would provide the basic requirements framework [CJCS, 2007]. The nature of subsystems will drive mode choices and integration for dynamic, multi-modal social network analysis. Some intelligence questions may find insight in relationships between individuals or objects, but multi-modal approaches link nodes to concepts, ideas and other abstract values as well [Carley, 2008].

[3]

[4]

[5] [6]

[7]

[8]

[9]

The ability to produce all six components requires a view of NETINT as more than a set of tools. The Human Terrain System attempt to provide cultural and social science insight to field commanders is limited by the requirement for embedding with deployed forces and narrowly-defined data sources due to sampling techniques [Hamilton, 2011]. The effort focuses on scientifically defendable approaches and meta-data decisions. Without addressing higher-level requirements tasks, the analytics produced provide specific

[10] [11]

[12] [13]

288

Z. Baird et al, Protecting America’s Freedom in the Information Age. New York: The Markle Foundation, 2002. S. Blair-Goldensohn, et al . “Building a Sentiment Summarizer for Local Service Reviews.” New York: Google, Inc., 2010, http://www.ryanmmcd.com/papers/local_service_summ.pdf K. Carley, “Computational Modeling for Reasoning about the Social Behavior of Humans,” Computational & Mathematical Organization Theory, Vol.15, No. 1, 2008, 47-59. K. Carley, J. Reminga, J. Storrick & D. Columbus, ORA User’s Guide 2011. Carnegie Mellon University, School of Computer Science, Institute for Software Research, Technical Report, 2011, CMU-ISR-11-107., [pdf] Center for Advanced Defense Studies, Analyst Training Program. Washington, DC: CADS Press, 2012. Chairman Joint Chiefs of Staff,. JP 2-0, Joint Intelligence. Washington DC: GPO., 2007, http://www.fas.org/irp/doddir/dod/ip2_0.pdf P. K. Davis, Effects-Based Operations: A Grand Challenge for the Analytical Community. Rand Corporation, 2002, http://www.rand.org/pubs/monograph_reports/MR1477.html J.P. Finley. (Ed.), US Army Military Intelligence History: A Source Book. Ft Hauchuca: USAIS. 1995, http://huachucawww.army.mil/sites/History/PDFS/reader.pdf R.Z. George and J. B. Bruce, (Eds.) Analyzing Intelligence: Origins, Obstacles, and Innovations. Washington, DC: Georgetown University Press, 2008 S. Hamilton, Keynote: Special Operations Summmit, 12-14 December 2011. Tampa, FL: IDGA, 2011 N. Howard and M. Guidere, “LXIO: The Mood Detection Robopsych,” The Brain Sciences Journal, vol.1, Issue 1, 98-109, 2012. J. Scott. Social Network Analysis, 2nd Ed. London: Sage, 2000 S. Wasserman and K. Faust, Social Network Analysis: Methods and Applications. New York: Cambridge University Press