Thursday, December 08, 2005

Data Mining, Kevin Bacon, and Able Danger

The National Journal's Shane Harris provides a remarkably complete account of ABLE DANGER and its predecessor programs. (As I would guess most readers of this blog already know, ABLE DANGER was an Army intelligence program, based around data-mining methods, that reportedly identified Mohammed Atta as early as winter 2000.)

As it happens, ABLE DANGER was not part of the "mainstream" IC, but was actually a military project run out of one of the Army's intelligence support organizations, the Information Dominance Center (itself a part of the Army's Intelligence and Security Command). Harris describes the IDC's data-mining program as something of a "maverick" project that managed to attract serious skeptics from traditional IC players at the FBI and CIA (and even the DoD's own DIA). Eventually, at the end of 1999, the IDC was tasked by USSOCOM to look at al Qaeda; this program was given the code name "ABLE DANGER." When one of the ABLE DANGER "searches" began turning up names of U.S. citizens (raising a whole host of serious legal issues, since the program remained a military intelligence initiative), the entire project was shut down and its 2.5-terabyte database deleted.

From a process perspective, ABLE DANGER was on the cutting edge of data-mining for the late 1990s:

The harvest "was a mile wide and an inch deep," Kleinsmith said. It included more than two terabytes of information, too vast an amount to provide specific targets. The IDC analysts could see the broad outlines of Al Qaeda, particularly its transformation from an idealistic movement into an operational network that could possibly inflict damage. Names, locations, and capabilities, and even the group's financial sources, were "coming together," Kleinsmith said. But the data set was still too big.

That didn't stop the analysts from trying to pare the information down. The former IDC employee said analysts played what they called "the Kevin Bacon game," referring to the popular notion that the prolific film actor can be linked to any other actor through no more than five people. (The game is based on the "six degrees of separation" theory that anyone on Earth can be linked to anyone else through five intermediaries.)

Skeptical insiders point out that vague "links" of this sort barely constitute indications of anything, and certainly don't amount to "warning." This sounds right; one should take any claims that ABLE DANGER could have prevented the 9/11 attacks with a large grain of salt. But methodologies for warning intelligence are by their nature controversial, and, quite frankly, have always divided the intelligence community. (Cynthia Grabo, in her illuminating text on strategic warning, describes in great detail the culture clash between traditionalist "order-of-battle" people and warning analysts throughout the Cold War.) This should not detract from the more important point: ABLE DANGER (and IDC projects like it) represented the creative application of new methods and technologies to a problem that had proven resistant to traditional approaches. Today, five years later, one hopes that the same sort of creative spirit is being cultivated within the intelligence community.

Sidenote: Recently I've been re-reading A Short Course in the Secret War by "Christopher Felix" (now known to be James McCargar). The tension between the traditional components of the IC and the military's various intelligence organizations seems to have a long history. (McCargar, of course, worked for one such organization ("The Pond") during the Hungarian operation.)

[Hat tip: The Strata-Sphere]

Click here to read the rest . . .

Wednesday, December 07, 2005

Short Attention Spans and the Public Safety

Christopher Bellavita at the Naval Postgraduate School pens a short article (PDF link) on homeland security and the "issue attention cycle," a public policy phenomenon that will be instantly familiar to anyone engaged in long-term crisis management:

More than 30 years ago, Anthony Downs wrote about a cycle that affects many domestic public policy problems. Downs argued that certain issues follow a predictable five stage process: pre-problem, alarmed discovery, awareness of the costs of making significant progress, gradual decline of intense public interest, and the post problem stage. Before the [July 2005] London attacks, homeland security was on the cusp of Stage Five. After the attacks, it revisited Stage Two. Before too many months pass, it is likely to recall the difficulties of Stage Three, make a brief return trip through Stage Four, and – if there are no more attacks – settle into Stage Five.

Stage Five, of course, is when the whole business is left to the professionals, and leaves the center stage of public discourse. As frustrating as this may be for those professionals, Bellavita argues that this "diminished public interest in homeland security" actually may not be a serious problem. True, one imagines, if the proper resources have been allocated and the necessary specialists deployed, freeing the general public to focus on other things. But can we really say that we're there yet?

Click here to read the rest . . .

Monday, December 05, 2005

Hype, Crime, and Terror

Security maven Bruce Schneier believes that an emphasis on "cyberterrorism" (presumably, cyber-based threats to critical infrastructure for the purpose of direct terrorism) is diverting resources from "ordinary" cybercrime:

"I think that the terrorist threat is overhyped, and the criminal threat is underhyped," Schneier said Tuesday. "I hear people talk about the risks to critical infrastructure from cyberterrorism, but the risks come primarily from criminals. It's just criminals at the moment aren't as 'sexy' as terrorists."

Fair enough; the emphasis in the United States on "critical infrastructures" to the exclusion of what are presumably less-important information targets has always been a persistent policy issue. But while the technical preventive mechanisms for each of the foregoing categories may differ, one wonders whether the practical extent to which resources are really being diluted, given that "information security is information security" from an awareness point of view. And if there really is a developing trend where terrorism blurs into organized crime, we might be talking about the same people after all -- which, at least from a top-level resourcing standpoint, kind of brings us full-circle.

[Hat tip: IATAC Digest]

Click here to read the rest . . .

Tinfoil and Counterterrorism

Intrepid reader G notes that group of MIT researchers have released the results of their empirical study of the effects of aluminum foil headgear, long favored by the paranoid community as a protective mechanism against government mind-control rays. Their conclusions are startling!

The helmets amplify frequency bands that coincide with those allocated to the US government between 1.2 Ghz and 1.4 Ghz. According to the FCC, These bands are supposedly reserved for ''radio location'' (ie, GPS), and other communications with satellites (see, for example, [3]). The 2.6 Ghz band coincides with mobile phone technology. Though not affiliated by government, these bands are at the hands of multinational corporations.

It requires no stretch of the imagination to conclude that the current helmet craze is likely to have been propagated by the Government, possibly with the involvement of the FCC. We hope this report will encourage the paranoid community to develop improved helmet designs to avoid falling prey to these shortcomings.

Surely there are any number of potential communications and surveillance applications for tinfoil head coverings in the current global endeavor against practitioners of terror.

(Hey, it's Monday, what do you want?)

Click here to read the rest . . .

Wednesday, November 30, 2005

Open Source Exploitation

Rep. Pete Hoekstra (R-MI), chairman of the House Select Committee on Intelligence, has proposed a novel approach to the translation backlog for the mountains of Saddam-era official documents seized in Iraq: declassify the entire lot and make it available on the Internet for translation by non-government resources.
Hoekstra said he would like to see the documents posted online, where people would be able to access copies and offer translations and interpretations of the material. He envisions it working like Wikipedia or open-source code on the Internet, where people are able to take original information and review and analyze it. In much the same way, he said the government could then draw from the public review to determine which documents contained important information and which were trivial.

Hoekstra's argument is that given the scarcity of government translation resources, the choice is between his solution and never seeing what's in those documents at all. There is something intuitively persuasive about this; our intelligence exploitation process should not evoke the final scene of Raiders of the Lost Ark.

Yet there are valid and perhaps equally persuasive concerns about essentially doing the enemy's damage assessment for him, in public, on the Internet. Admittedly, these kinds of document caches may not be the best place to start for a fully open kind of approach (as opposed to, say, some kind of public-private initiative where the participating resources are subject to some screening short of a full security clearance). But certainly one could imagine the existence of a lesser-grade mass of foreign language material of interest that could be made available publicly without raising the same degree of concern.

Click here to read the rest . . .

Tuesday, November 29, 2005

al-Godfather's David Kaplan reports on an emerging pattern for terrorist-financing, now that the state sponsorship of decades past is on the decline. The solution for a growing number of groups: self-funding through organized crime.

Back at home, U.S. officials are looking warily at the growing rackets of terrorist groups overseas and voice concern that the trend will grow here. "We see a lot of individual pockets of it in the United States," says Joseph Billy, deputy chief of the FBI's counterterrorism division. "Left unchecked, it's very worrisome--this is one we have to be aggressive on." Federal investigators have uncovered repeated scams here largely involving supporters of Hamas and Hezbollah, and they have traced tens of thousands of dollars back to those groups in the Middle East. "There's a direct tie," says Billy. The list of crimes includes credit card fraud, identity theft, the sale of unlicensed T-shirts--even the theft and resale of infant formula. Most of these U.S. rackets have been low level, but some, involving cigarette smuggling and counterfeit products, have earned their organizers millions of dollars.

[Hat tip: Winds of Change]

Click here to read the rest . . .

Saturday, November 26, 2005

DNI Open Source Center Established

In case you missed the press release from earlier this month, the IC has opened the doors of the new national OSINT center:
Based at the CIA, the Center will advance the Intelligence Community’s exploitation of openly available information to include the Internet, databases, press, radio, television, video, geospatial data, photos and commercial imagery. The Center’s functions will include collection, analysis and research, training and information technology management to facilitate government-wide access and use. The Center will build on the established expertise of the CIA’s Foreign Broadcast Information Service (FBIS), which has provided the U.S. Government a broad range of highly valued products and services since 1941. The Director of the CIA will administer the Center on behalf of the DNI.

Click here to read the rest . . .

Tuesday, August 16, 2005

Folsom Prison Plot

The local ABC affiliate is reporting on a foiled prison jihadist plot to conduct terror attacks in Southern California on the coming anniversary of 9/11. The targets, in Santa Monica, California, were to be a number of local synagogues in addition to a military recruitment center.
The plot, which called for dozens of casualties as part of a holy war against the United States, was foiled after Levar Washington, a former inmate at the Folsom Prison, and his accomplice were arrested for a string of gas station robberies.
The prison "cell" was apparently masterminded by two inmates who remain in state custody, and have since been transferred to "special confinement." (Coincidentally, this is the second Santa Monica terrorism story this week.)

Click here to read the rest . . .


Yesterday's coordinated series of prison riots in Guatemala, which involved rival criminal gangs Mara Salvatrucha/MS-13 and Mara 18 and left thirty-one dead, apparently were orchestrated by cell phone.

"The gangs maintain constant communication," [Guatemalan Interior Minister Carlos Vielmann] said. "They have a Web page and not only synchronize in Guatemala, they synchronize with El Salvador, Honduras and with the United States."

He said cellular phones and messages passed by prison visitors helped maintain contact among the gang members.
If there's a common attribute of all of the transnational bad guys that have emerged since the end of the Cold War, it's that they know how to talk.

Click here to read the rest . . .

Monday, August 15, 2005

Camera-Shy Tourists

The City of Santa Monica is enhancing security measures at the Santa Monica Pier after receiving a series of photographs taken over the July 4 weekend by an observant private citizen:

The photographs show three men videotaping around the pier, [Santa Monica Police Chief James] Butts said. The photographer snapped the pictures after noticing that the men -- who were of “Middle Eastern descent” -- were not posing in their own videos.

“Ordinarily when you are vacationing and videotaping to document a vacation you have one or more of the subjects in the picture,” Butts said.

The photographs were not submitted to the police until three weeks later; however, security officials believe that these same individuals were later stopped for suspicious behavior in another nearby area, and a videotape was confiscated. [Hat tip: Winds of Change]

Click here to read the rest . . .

Sunday, August 14, 2005

On Boxes, Thinking Outside of the

The failure to prevent the 9/11 attacks was due not to their being unimaginable -- for they were imaginable and imagined -- but to the fact that the imaginable covers too broad a surface, which is one reason for focusing on things that have happened before; the set of bad things that have never happened but may happen in the future is well-nigh infinite. And the more information, including imaginative conjectures covering the full range of the possible, that is clamoring for the mind's attention, the harder it is for the analyst to sift the information for clues.

-- Judge Richard A. Posner,

Click here to read the rest . . .

7/7 and 7/21 Operations Unrelated?

Via the Counterterrorism Blog, the (London) Independent is reporting that British counterterrorism authorities have so far concluded that there is no common operational link between the terrorist cells that executed the 7/7 and 7/21 bombings, respectively.
The alleged plotters behind the July 21 bomb incidents in London are thought to have been "copycats", targeting Tube trains and a bus.
A "copycat" operation in two weeks? Surely this is a misleading way to describe it -- with respect to timing, perhaps, but at a minimum there had to have been a separate training and logistical infrastructure for the 7/21 operation that predated the first attacks. "Independent" is probably the better word.

Click here to read the rest . . .

Think Globally, Act Locally: Variations on a Theme

An article by Jose Docobo in the inaugural issue of the Naval Postgraduate School's Homeland Security Affairs examines the application of "community policing" principles to homeland security. The argument is interesting -- typically, when it comes to counterterrorism at the state and local level, one thinks of "response" rather than "prevention." But it's not clear that it has to be that way.

Click here to read the rest . . .

Saturday, August 13, 2005

Trifle Not With a Litigator

The home of what a "senior counter-terrorism official at the FBI" described as "the best database on Islamic terrorism in the world" is not in a government intelligence fusion center or a federally-funded thinktank. It's in the offices of an American plaintiff's lawyer.
The database is the pivotal tool in what those involved say will be the biggest class action in history: a $1 trillion lawsuit on behalf of the families of 1,431 of the people killed on 9/11 and 1,325 of the injured.
An article in the Sunday Times describes the remarkable discovery efforts of the law firm in question, Motley Rice. The investigative effort reportedly has benefited from "government help in 19 countries, from Afghanistan to Syria," and has personnel on the ground in some out-of-the-way places, as the Times reporter discovered:
I first got an idea of the scale of the operation last year when I ran into two Americans in the home of an Afghan warlord. The sunglasses and bulging briefcases made me think CIA. But it emerged that they were a retired FBI agent and a former special forces officer, working as investigators for Motley.
It is a stretch, of course, to call something like this an OSINT effort. But it illustrates the changing character of where "intelligence" can be found in this modern age.

Click here to read the rest . . .

Electric Security

The federal government will begin enforcing security standards against electric utilities and independent service operators, under a new bill signed into law at the beginning of the month.
Under the new law, the Federal Energy Regulatory Commission (FERC) has the authority to establish a national electric reliability organization with the power to oversee and audit reliability standards. Instead of developing its own standards, the FERC plans to adopt those set by the North American Electric Reliability Council (NERC), said Ellen Vancko, a spokeswoman for the organization.
NERC's proposed cybersecurity standards reach broadly, touching areas from critical asset accounting to personnel security, and have been the subject of some controversy. As far as government regulation of security standards go, however, there are worse approaches; NERC's standards are the product of a voluntary private-sector initiative, whose participants have been wrestling with the problems of "private-sector critical infrastructure protection" long before the phrase became fashionable.

Click here to read the rest . . .

Friday, August 12, 2005

Seven Steps to a Caliphate

Reader "blueland" sends along an article published in this morning's Der Spiegel, describing Jordanian journalist Fouad Hussein's new book on al Qaeda. Hussein has the unique distinction of having served time in prison with al-Zarqawi and has interviewed several individuals described as being in "al Qaeda's inner circle."

Hussein's book outlines a seven-phase plan that allegedly forms the doctrinal basis of al-Qaeda's strategy through 2020, culminating in the establishment of a global Islamic caliphate. From the article:
  • The First Phase. Known as "the awakening" -- this has already been carried out and was supposed to have lasted from 2000 to 2003, or more precisely from the terrorist attacks of September 11, 2001 in New York and Washington to the fall of Baghdad in 2003. The aim of the attacks of 9/11 was to provoke the US into declaring war on the Islamic world and thereby "awakening" Muslims. "The first phase was judged by the strategists and masterminds behind al-Qaida as very successful," writes Hussein. "The battle field was opened up and the Americans and their allies became a closer and easier target." The terrorist network is also reported as being satisfied that its message can now be heard "everywhere."

  • The Second Phase. "Opening Eyes" is, according to Hussein's definition, the period we are now in and should last until 2006. Hussein says the terrorists hope to make the western conspiracy aware of the "Islamic community." Hussein believes this is a phase in which al-Qaida wants an organization to develop into a movement. The network is banking on recruiting young men during this period. Iraq should become the center for all global operations, with an "army" set up there and bases established in other Arabic states.

  • The Third Phase. This is described as "Arising and Standing Up" and should last from 2007 to 2010. "There will be a focus on Syria," prophesies Hussein, based on what his sources told him. The fighting cadres are supposedly already prepared and some are in Iraq. Attacks on Turkey and -- even more explosive -- in Israel are predicted. Al-Qaida's masterminds hope that attacks on Israel will help the terrorist group become a recognized organization. The author also believes that countries neighboring Iraq, such as Jordan, are also in danger.

  • The Fourth Phase. Between 2010 and 2013, Hussein writes that al-Qaida will aim to bring about the collapse of the hated Arabic governments. The estimate is that "the creeping loss of the regimes' power will lead to a steady growth in strength within al-Qaida." At the same time attacks will be carried out against oil suppliers and the US economy will be targeted using cyber terrorism.

  • The Fifth Phase. This will be the point at which an Islamic state, or caliphate, can be declared. The plan is that by this time, between 2013 and 2016, Western influence in the Islamic world will be so reduced and Israel weakened so much, that resistance will not be feared. Al-Qaida hopes that by then the Islamic state will be able to bring about a new world order.

  • The Sixth Phase. Hussein believes that from 2016 onwards there will be a period of "total confrontation." As soon as the caliphate has been declared the "Islamic army" it will instigate the "fight between the believers and the non-believers" which has so often been predicted by Osama bin Laden.

  • The Seventh Phase. This final stage is described as "definitive victory." Hussein writes that in the terrorists' eyes, because the rest of the world will be so beaten down by the "one-and-a-half million Muslims," the caliphate will undoubtedly succeed. This phase should be completed by 2020, although the war shouldn't last longer than two years.
Interestingly, the Der Spiegel article observes that "major attacks against the West are not even mentioned" as part of the doctrine -- a "means to an end," rather than an end in itself. The whole thing is worth a read.

If anyone discovers where an English edition of the Hussein book ("al-Zarqawi: al-Qaeda's Second Generation") might be obtained, I'd be grateful for a link.

Click here to read the rest . . .

Wednesday, August 10, 2005

Suicide Bomber in China

Internet Haganah has a report of (and images from) a suicide bombing on a bus in Fujian province, China, two days ago. More here from China Daily.

Click here to read the rest . . .

Of Cats and Bags

The Australian Nuclear Science and Technology Organisation recently became concerned about overhead imagery of the Lucas Heights HIFAR reactor on Google Earth, and on Sunday called upon Google to censor the imagery. (This is something that Google has already done for certain sensitive sites, such as the White House.) Curiously, a few days later, presumably after consultations with Australian security intelligence agencies (who reportedly have responsibility for monitoring open-source intelligence about critical sites) ANSTO dropped the demand. "Aerial photographs of the site have been available to the public on a cost basis for some years and Google Earth does not add to the publicly available data," it explained. "ANSTO does not believe the pictures pose a security risk." [Hat tip: IATAC]

This episode highlights a growing concern over the availability of relatively high-grade geospatial information through convenient web-based interfaces like Google Earth or Microsoft Virtual Earth. Perhaps more interesting than the mere availability of such data, however, is ANSTO's public zig-zag, which suggests that security agencies themselves are still the process of figuring out how to respond. "Although the buildings are clearly visible," explained ANSTO somewhat cryptically, "critical infrastructure is not." One wonders exactly what criteria is being applied here. Certainly those who have responsibility for securing other critical sites that may be the subjects of web-based overhead photography should be asking themselves some very similar questions.

Ultimately, this all raises two interesting things to consider: (a) to what extent is a critical site's public information signature unalterable after a certain amount of exposure; and (b) if a particular signature cannot be effectively reduced, is there anything that can be done to address the resulting vulnerability?

Click here to read the rest . . .

Tuesday, August 09, 2005

Watchflags for August 9

This morning's items:

Click here to read the rest . . .

Friday, August 05, 2005

Watchflags for August 5

Only have time to post a grab-bag of links this morning, rather than a more fully-formed post.
  • More bumps in the information-sharing road, this time involving local police chiefs expressing frustration with what they're getting from the federal agencies and vowing to form their own parallel network for real-time, raw intelligence. This is consistent with the trend of intelligence consumers increasingly becoming their own analysts. [Hat tip: Internet Haganah]
  • Speaking of Internet Haganah, they maintain a database of identified jihadist websites, including hosting data and soforth. Their focus is on shutting down the websites wherever they find them; the costs and benefits of that approach are open to debate, but in any event their database is very interesting.
  • Lt. Col. Timothy Thomas, a longtime analyst at the Army's FMSO, published an article in Parameters entitled "Al Qaeda and the Internet." Although dating back to 2003, it's still a compact and informative survey of the topic.
  • And, of course, the regular Thursday "Winds of War" posting on Winds of Change, detailing the latest developments in the GWOT this week.
Incidentally, I've read the RAND study on learning among terrorist groups, which has some quite interesting insights, but at this point is perhaps more of a exploration of potential "active" counterterrorism strategies than something of immediate defensive tactical value (though I'm still thinking about possible applications in the defensive mode). Part I of the study is short and is worth the read for anyone thinking about the "grand tactical" dimension.

Have to be up in less than five hours, so that's it for now. Happy reading.

Click here to read the rest . . .

Thursday, August 04, 2005

Watchflags for August 4

An assortment of interesting items this morning:
Housekeeping note: I'm on an early flight Friday morning, so tomorrow's entry may be delayed.

Click here to read the rest . . .

Wednesday, August 03, 2005

The Case for OSINT, Revisited

The latest unclassified edition of Studies in Intelligence contains another thoughtful article by Stephen Mercado on the subject of open-source intelligence (OSINT), which is worth a read. OSINT, put simply, is "non-secret intelligence" drawn from open or "gray" sources, such as media reports, conference proceedings, commercial literature, press releases, and the like. Although "secrets" remain the focus of the Intelligence Community, observers both inside and out have long argued the importance of OSINT to the overall analysis process.

Mercado's general arguments are familiar to those who have followed the debate. He highlights a few particularly illuminating points in assessing the unique value of OSINT:
There are far more bloggers, journalists, pundits, television reporters, and think-tankers in the world than there are case officers. While two or three of the latter may, with good agents, beat the legions of open reporters by their access to secrets, the odds are good that the composite bits of information assembled from the many can often approach, match, or even surpass the classified reporting of the few.
To this point, he observes an advantage not only in the volume of collection, but in the breadth of data to be collected:
I would maintain that OSINT often equals or surpasses secrets in addressing such intelligence challenges of our day as proliferation, terrorism, and counterintelligence. When a nation develops a weapon of mass destruction, for example, hundreds or even thousands of engineers, scientists, and manufacturers may join the program. Bureaucrats and traders may sell the weapons abroad. The OSINT target is immense. Engineers attend conferences; scientists publish scholarly articles; manufacturers build production lines; bureaucrats issue guidelines; and traders print brochures for prospective clients. Many paper trails wind around the world beyond whatever may surface in the media.
Plus, there are some serious practical advantages to OSINT:

Secrets, hidden behind classifications, compartments, and special access programs, are difficult to share with policymakers and even fellow intelligence officers. All officials may read OSINT.
To this last issue, I would add that the unrestricted identification of sourcing is a benefit not only from a handling perspective, but also from an analytical one. Given the flood of information of questionable reliability that is available today, any meaningful analysis must focus as much on the source as it does the substance. The other point is that we are rapidly passing into an age where government policymakers are not the only consumers of intelligence. If the front lines of homeland security are largely manned by the private sector, they are also largely manned by the "uncleared" (and who themselves are operating almost entirely on the basis of OSINT).

Mercado is a science & technology analyst, which may color his views somewhat (after all, OSINT has long been a key component of technical espionage, particularly as practiced against the United States). But the point stands. The question is what, if anything, a traditionally secrets-based community will do to harness the power of open sources.

Click here to read the rest . . .

DoD Looks Outside

The Defense Department's Information Assurance Technology Analysis Center (IATAC) is the DoD's "central authoritative source for Information Assurance vulnerability data, information, methodologies, models, and analyses of emerging technologies relating to the survivability, authenticity, and continuity of information systems critical to the nation's defense." IATAC publishes a valuable quarterly print newsletter, along with a semi-weekly news digest on topics relevant to information security.

What is perhaps most interesting, however, is what they call the "SME Program":
IATAC’s Subject Matter Expert (SME) Program is comprised of a diverse group of Information Assurance (IA)/Information Operations (IO) professionals from academia, Department of Defense (DoD), Government Agencies, research and development (R&D) institutions, and industry. The SME Program is a voluntary effort that requires a nominal time commitment. SMEs are an essential resource to IATAC’s core operations and the DoD Research and Engineering (R&E) community.
These kinds of institutionalized efforts to tap specialized security expertise residing not only outside a specific agency or department, but also outside the government entirely, certainly represent steps in the right direction.

Click here to read the rest . . .

Tuesday, August 02, 2005


Two short items this morning:
As always, foreign language translation resources are worth their weight in gold.

Click here to read the rest . . .

Monday, August 01, 2005

Public Information Signatures for Critical Targets

"Geospatial intelligence" is the security neologism for satellite imagery, topographical surveys, environmental data, and other similar geographical information that traditionally has been of critical military value. Today, much of this information (including private-sector high-resolution satellite imagery) is conveniently available to the public through the web.

RAND, under contract with the National Geospatial-Intelligence Agency, produced a study examining the extent to which publicly-available geospatial intelligence is likely to provide both "useful" and "unique" information for the planning of terrorist attacks. The notion was to produce a decisionmaking model which government officials could use to decide what government information to release and what to withhold.

Their conclusions are interesting, and perhaps somewhat surprising. RAND discovered that "very few of the publicly accessible federal geospatial sources appear useful to meeting a potential attacker’s information needs," and that "most publicly accessible federal geospatial information is unlikely to provide significant (i.e., useful and unique) information for satisfying attackers’ information needs." However, this comes with a significant caveat:

In many cases, diverse alternative geospatial and nongeospatial information sources exist for meeting the information needs of potential attackers. In our sampling of more than 300 publicly available nonfederal geospatial information alternative sources, we found that the same, similar, or more useful geospatial information on U.S. critical sites is available from a diverse set of nonfederal sources. These sources include industry and commercial businesses, academic institutions, NGOs, state and local governments, international sources, and even private citizens who publish relevant materials on the World Wide Web. Some geospatial data and information that these nonfederal sources distribute are derived from federal sources that are publicly accessible. Similarly, these nonfederal organizations are increasingly becoming sources of geospatial data and information for various federal agencies. . . . In addition, relevant information is often obtainable via direct access or direct observation of the U.S. critical site.

It is likely a surprise to no one that a great deal of information resides in open/gray sources that would be useful to planning attacks on major critical infrastructure sites. (Witness, for instance, the recent debate over the publication of the "milk terrorism" study prepared by Stanford's Lawrence Wein and Yifan Liu.) The question has always been what, if anything, can realistically be done about it.

Certainly it would be impracticable to deny potential attackers access to all "useful" information about a target site (though the Soviets, in their day, tried classifying virtually all maps). But it does not automatically follow that all information denial efforts would be fruitless; at a minimum, a thoughtful information denial plan may lower the target site's vulnerability profile or at least channelize the likely avenues of attack.

In light of all this, it may be worthwhile for critical site operators to consider performing a systematic assessment of the site's "public information signature." This would not necessarily require the commitment of significant resources, but would shed some light on the question of whether some kind of information denial plan would yield any appreciable security benefits.

Click here to read the rest . . .

An Observation at the National Level

American intelligence as it emerged from the Cold War defined its business as secrets where collection, primarily with regard to the Soviet Union, was the supreme task. In the world looking to 2010 and beyond, its business will be information defined as a high-quality understanding of the world using all sources, where secrets matter much less and where selection is the critical challenge.

-Gregory F. Treverton, former vice-chair, National Intelligence Council,
in Reshaping National Intelligence for an Age of Information

Perhaps pertinent to a different context, but nonetheless an interesting observation on the changing nature of how traditionally-closed, national-security-grade problems are being viewed.

Click here to read the rest . . .


Back online. Expect regular updates to commence over the next 48 hours.

Click here to read the rest . . .

Tuesday, November 16, 2004

The C3 War

DARPA's Information Exploitation Office announced an interesting RFI last week, seeking input from the general public on "Tools to Identify an Enemy's Command Organization and Manage Its Disruption." The targeted command organizations "range from the more structured command systems of a conventional military to the less structured and fluid leadership of guerillas and other irregular combatant forces." The RFI poses the four following problems:
1. Identify the enemy command organization. By exploiting limited, sparse observables, such as observations of enemy movements, attacks, communications (often non-electronic and/or encoded) between some of the command nodes, determine the most likely topology, characteristics, relations and decision-making processes of the enemy command organization. Account for rapid adaptations and changes (often on a scale of hours and even minutes) that are likely to be occurring in that organization and processes.

2. Plan a coordinated course of actions against the enemy command organization. Given the available (usually constrained) means of physical and informational impacts on the enemy command, devise an effective combination and sequence of actions. Provide for probing. Leverage dynamic system effects. Account for significant uncertainty in the friendly knowledge of the enemy command organization, as well as its time-dependency and adaptability.

3. Predict the impact of the planned actions. Given the knowledge of the enemy command organization (such as obtained in the identification process, above) and the proposed friendly course of action, determine the likely impact these actions would have on the enemy command decision-making, particularly on its timeliness and accuracy. Time and effort involved in such modeling and prediction should be consistent with its use in real-time. Address the issue of validating a predictive model with respect to the real world.

4. Control the unfolding execution of the selected course of action. In real-time, exploit the available observables (generally sparse and partially inaccurate), assess the state of the unfolding operation and suggest corrective adjustments.
Responses are to be no more than 2,500 words, to be presented at an unclassified conference (time and location TBA). The call for papers closes on December 10.

The doctrines and technologies of information warfare continue to evolve at a rapid pace, pushed forward not only by Ph.Ds in DARPA's cloistered hallways but also by infantry platoons in the dusty alleyways of Fallujah -- and by security intelligence officers who stalk the hydra in the dark places of the world.

Click here to read the rest . . .

Sunday, November 14, 2004

Back Online

Apologies for the lack of activity over the last month or so. Regular posting resumes tomorrow morning.

Update: Make that "tomorrow evening."

Click here to read the rest . . .

Wednesday, October 06, 2004

Deep Interdiction

A global terrorist network's logistical center-of-gravity subsists not in the traditional military form of munitions stockpiles and POL depots, but rather in its financial infrastructure. Financial investigators have been at the forefront of interdiction operations in the global war on terrorism, tracking the covert money flows upon which incubating terror cells rely for nourishment.

This task is becoming more difficult, as terror groups continue to adopt stealthier methods. This AFP report describes the evolving problem, citing a diverse range of sources in Asia that include "proceeds from crime, legitimate investments, non-government groups, as well as the sale of extremist literature and audio-visual products." Charitable front organizations are a common source; yesterday, the Saudi government shut down the Al-Haramain Foundation, a Muslim charity with offices in ten countries that had been added to the U.S. Treasury Department's list of terrorist-supporting entities last month.

In addition, the member institutions of the Treasury-sponsored Financial Crimes Enforcement Network (FinCEN) signed an agreement last week to bolster money-laundering reporting cooperation, while European enforcement authorities convened in Vienna for a conference on current challenges. Among them:
  • The use by organised crime groups of professional accountants and lawyers as "gatekeepers" to structure their operations and lend an appearance of respectability. "Increasingly, money launderers seek out the advice or services of specialised professionals to help facilitate their financial operations," the Paris-based inter-government Financial Action Task Force said in a report published earlier this year.
  • Offshore tax havens. Banking secrecy laws may make it impossible for investigators to discover the ultimate owners of businesses, who are represented by local 'figureheads'. "It may happen that even these nominees no longer know who is authorised to take the decisions in a such a company. In such cases, orders are given by means of agreed-upon code words," said Josef Mahr, head of Austria's Financial Intelligence Unit which investigates money laundering and terrorist financing. He cited the U.S. state of Delaware as one jurisdiction where "we have some problems to find real beneficial owners".
  • Hawala, a traditional remittance system widely used in the Islamic world, where a person can deposit cash with an agent and a recipient can pick up the equivalent sum, sometimes within minutes, from the agent's personal counterpart in another country. The method is entirely legal, but authorities say it is open to abuse by criminals and terrorists. "We know more of the manner in which it's occurring, but not enough to give us a comfort level that we can detect terrorist financing" via this channel, said Barry Sabin, chief of the counter-terrorism section at the U.S. Justice Department's criminal division.
  • Physical smuggling of cash. For example, $1 million (560 million pounds) in $20 bills weighs a hefty 52 kg (114 lb); the same sum weighs 10 kg in $100 bills, the largest dollar note in current use, but just 1.6 kg (3.5 lb) if converted into widely available 500-euro notes. "Drug cartels were very happy to see the euro," said Michael McDonald, a former U.S. tax investigator who now heads an anti-money laundering consultancy. "Euros are not traceable back to any particular country. It makes it easier to transport and smuggle and move currencies around the world."
  • Stored value cards. McDonald also highlighted the use of such cards, which can be bought from household-name financial companies and used to pay for goods or withdraw money from machines until the sum loaded on the card runs out. The cards can store up to $10,000 and are designed as a safe, cashless way in which parents, for example, can give their children money but set limits on spending and prevent them going overdrawn.
Obviously a huge problem, but one that needs to be meaningfully addressed if advances are to be made in the war on terrorism.

Click here to read the rest . . .

Monday, October 04, 2004

Private Technologies and the Public Menace

Been having a string of very long days (and nights) at the office, and so between grabbing snatches of sleep here and there it's been hard to post very regularly. I did get to shut down a bit early tonight, however, and thought that I'd share a few links on counterterrorism technologies:

This is no longer the exclusive realm of large defense contractors (if it ever really was), and commercial off-the-shelf technologies play an increasingly important role in a defensive line that consists mostly of privately-owned infrastructure.

Click here to read the rest . . .

Friday, October 01, 2004

Alive, But a Little Distracted

Still stuck in high-frequency crisis mode (hence my presence in the office at ~4am), so I apologize for the low frequency of posting this week. In the meantime, read this piece on bioterrorism and the food supply.

Click here to read the rest . . .

Monday, September 27, 2004

The OSAC Before ISACs

In 1985, at the height of the decade's terror attacks on Americans, the U.S. State Department sponsored the formation of the Overseas Security Advisory Council, a public-private partnership for the sharing of information related to security abroad. Among OSAC's many useful information products is a running two-week calendar of dates of potential terrorist significance, which is user-searchable.

Those who today are engaged in building public-private cooperation models for homeland security may find some useful lessons to be learned from OSAC's example twenty years ago.

Click here to read the rest . . .

Sunday, September 26, 2004

A Terrorist Targeting Model

The Journal of Homeland Security has an article by George Stungis and Thomas Schori entitled "A Terrorist Selection and Prioritization Model," wherein they hypothesize the following al-Qaeda decision model for identifying targets:

  • Qaeda al Egyptian Jihad’s inner circle selects mission objectives
  • As ideas for targets (plus some intelligence) flow in from the field groups, the filtration process starts
  • Knowledgeable area-specific and target-specific teams make the project cuts
  • When a target area of interest needs more intelligence, the teams send out requests
  • The iterative process continues until there is reasonable justification to send the data up to the next higher decision level
They go on to detail a mathematical model for target selection, and note that they have developed a computer program for the purpose. A better understanding of the threat decisionmaking process would obviously be of critical importance to homeland security and counterterrorism planners.

As a side note, the Journal of Homeland Security is an extremely valuable resource published by the Homeland Security Institute, a federally-funded research and development center chartered by DHS, and is seeking submissions.

Click here to read the rest . . .

Saturday, September 25, 2004

Catch of the Day

Just a handful of interesting reference links to share before the weekend begins:

MIPT Terrorism Knowledge Base. "[T]he one-stop resource for comprehensive research and information on domestic and international terrorism, terrorist incidents, terrorism-related legal documents, and terrorist groups. In addition to content and raw data, the Terrorism Knowledge Base offers several analytical tools, including a GIS-powered interactive map, statistical reports, and user-defined graphing utility." [Hat tip: Belmont Club]

TouchGraph GoogleBrowser. Enter a URL and see a manipulable visual map of its surrounding links (based on Google's "related links" engine). Also has a sister application for [Hat tip: The Politburo Diktat]

Annual Reports to Congress on Foreign Economic Collection and Industrial Espionage. Prepared by the Office of the National Counterintelligence Executive; reports for 1995-2003 are online in PDF format.

Click here to read the rest . . .