The events that occurred on September 11 are the primary reason so many of us – the law enforcement and intelligence communities in particular – work so hard to enhance our security capabilities in preventing another attack.

As CEO of i2, I am always humbled by the commitment and dedication of our police officers, intelligence analysts and the men and women serving in uniform around the world.  Their sacrifices to make the world more secure never go unnoticed. I’m often asked if we’re safer today than we were on September 11. As a nation, we have come a long way in fixing some of the problems the 9/11 Commission highlighted in its report. For example:

• It is estimated that the amount of sensor level data has increased by as much as 1600 percent since 9/11.  At the same time, the capacity to capture and assimilate that data and make connections from non-obvious relationships has gotten much better.
• The notion of information sharing has migrated from an anomalistic approach to where it’s now the table stakes for any successful intelligence gathering endeavor.  Success has happened within agencies and has begun to take place across agencies and is beginning to take shape across borders.  It’s an evolutionary process.  Clearly, the OBL mission success on May 1 would not have been as seamless without information sharing.
• Part of what’s really helped is the umbrella of DHS which has enabled more sharing between ATF, Customs, Border Security and across to DoJ/FBI and the intelligence agencies.  At the state and local level, Joint Terrorism Task Forces and fusion centers, there are federal agents working off of state databases.
• Analysts have never been better trained.  The analysts of today grew up with technology.  As a result, they are able to take advantage of tools that analysts in earlier generations were not able to.  That along with the proliferation of data and data sources, and the need to assimilate all of it in one place to quickly create actionable intelligence has made the responsibility of the intelligence analyst role increase in responsibility and prominence.  Analysis – once perceived as a back room effort – has become central to intelligence operations.

As James Clapper, director of National Intelligence said recently in a Wall Street Journal op/ed, “We now collaborate on intelligence collection and analysis in ways that were unheard of 10 years ago. We’ve made significant progress in reducing the cultural, information technology and policy barriers to sharing information among agencies, and we continue to explore new strategies for integrating our intelligence efforts.”

So when people inevitably continue to ask my colleagues and me, “are we safer today?” I can undoubtedly say, yes. The strides the intelligence community has made – from technology advancements to the capture of key terrorists throughout the world – have been nothing short of remarkable – milestones for which we can be proud.

At the same time, there are still many challenges to face before information sharing becomes de riguer across local, state, national and international boundaries. To better understand and communicate these issues, i2 hosted an information sharing panel at its Americas User Conference earlier this month.

Panelists included Kathleen O’Toole, the Chief Inspector of the Garda Síochána Inspectorate in Ireland, who was previously the Boston, Mass., Police Commissioner. During her time in Boston, she was critical to the founding of the Boston Regional Intelligence Center (BRIC), one of the nation’s first fusion centers. Deputy Chief Troy Smith of the Grand Junction Police Department in Colorado also offered up his expertise gleaned from his department’s organization  in getting Colorado to be one of the states that has successfully established information sharing state-wide. Tim Riley, a current i2 SVP and former CIO for the Los Angeles Police Department, played a large role in establishing information sharing agreements between the LAPD, the Los Angeles Sheriff’s Department and Orange County.  Chriss Knisley, the i2 Assistant Vice President for the COPLINK product line was also in attendance to discuss the technological standpoint of information sharing. i2’s Director of Corporate Communications Mitch Derman moderated the session.

While discussing the solutions to the major pain points in information sharing, the panellists touched on one basic requirement at all levels: the critical need for collaboration. Whether it be between operations and analysts or the federal government and local police departments, it is imperative that the primary goal must be to create a safe environment for citizens and law enforcement officers alike. Deputy Chief Smith and Riley agreed that the inroads that have already been taken toward information sharing are light years ahead of where things used to be earlier in their careers.  However until collaboration and a willingness to share becomes the norm, there are still challenges to tackle.

Perhaps one of the most important aspects of collaboration is the need to build relationships.  Chief Inspector O’Toole heartily stressed the importance of uniting operational sworn police officers with the more traditional back-office analysts. Regardless of the environment in which they interact, it is important to train analysts and sworn officers to work together, ask the right questions, and understand the value of using analysis in investigations. She believes that the best way to solve this problem is to bring the two sides together. O’Toole expressed that,  “At the end of the day, it’s all about relationships and co-locating people to the greatest extent possible in some of these centers to work on different operations together… the more time analysts spend with operations people the stronger the relationship and the more valuable the relationship becomes. The BRIC was my pet project, and I spent a lot of time there, and walking through it, one wouldn’t know who was sworn and who wasn’t sworn because analysts were valued as much as the sworn personnel.”

Deputy Chief Smith also emphasized the importance of communication, particularly within and across communities and organizations, to combat the stigma against sharing private information. The recent tragic shootings in Arizona provided a prime example of small pieces of information located in disparate sources that prevented the experts  from being able to access all the puzzle pieces to see the broader picture.  Deputy Chief Smith recognized this as an ongoing issue and organized a forum in Grand Junction, Colo., with public and private organizations to discuss how they could combat such a complicated scenario.  By instigating a collaboration of various members of the community, it not only brought awareness to both law enforcement officials but others such as schools and health center officials who are normally unable or unwilling to share information. Already Grand Junction has seen  noticeable results from their forum. Deputy Chief Smith remarked that “we’ve had some people at a mental health hospital notice certain behaviors, and they were capable of sharing that information in a way that didn’t violate their agreements. Previously they may not have known to call or that we would have been interested in that information.”

Fear of widespread access to private information is one of the largest inhibitors against the adoption of information sharing. Fortunately, through the creation of extensive audit trails and security protocols, Riley and Knisley believe this can be overcome. Records exist for every attempted access to private information to know who is accessing it and what exactly they are looking at. Knisley added that, “In regards to the effective use of information, people are going to think a little bit more about accessing information system that they know is logged. People are not going to log in and search for someone they might get in trouble for later if they know their name is attached to it.”

Your insights are welcome on this important topic.

It is with utmost graciousness that on behalf of the employees at i2, I extend our gratitude to the men and women across the Intelligence and Counterterrorism communities in the U.S., and abroad who have worked tirelessly to make the capture of bin Laden a reality. And let’s remember the many who gave the ultimate sacrifice.　

I also want to commend the employees of i2 for their ongoing commitment to ensuring our customers have the best analytical and intelligence tools available. While we cannot confirm for certain that our tools were used in this manhunt, we do know that all the military and intelligence agencies involved in the mission rely on i2 daily to capture and share actionable intelligence that saves lives and enhances our security.　　　

Today is a day when we can all be proud of supporting the mission.

In 2003, Saddam Hussein was on the run. With his chain of command eliminated, traditional intelligence efforts to track him down were failing. Col. James Hickey, U.S. Army, heading the intelligence operation to find Saddam, determined that the reclusive Iraqi dictator only trusted and communicated with family members of his own tribal group. As Hickey said, “We built a fairly elaborate estimate of who Saddam’s supporters were in the area; though it did provide security, it also worked against them. Once we learnt who did what, it allowed us to work against them.”¹

Hickey and his team were using a nascent form of Social Network Analysis (SNA). In its purest form, SNA relies on examining the linkages between people and places within a defined group or locality in order to deduce the key decision makers or vulnerable links and where they are located. In this case, it was the pinpointing of Saddam’s chauffeurs that led to his historic capture.

Figure 1

Social Network Analysis

Social Network, or Link, Analysis distinguishes between the friendly, hostile and neutral players who populate the ‘human terrain’ where modern counter-insurgency operations take place. Formerly a paper-driven exercise involving considerable resources, it was largely confined to headquarters’ intelligence staffs rather than front line units. By automating the process it is now possible to map linkages between thousands of intelligence sources simultaneously from routine patrol contacts, electronic warfare intercepts, aerial surveillance and other sources.

Analysts can then identify key nodal points in the decision-making or communications network (Figure 1) in near real time. A recent trial of SNA² demonstrated that it can now be used by front line units to cope with a complex human terrain consisting of multiple actors with differing agendas. “Counter-insurgency operations are complex to say the least; gone is the conventional red and blue intelligence picture. [With SNA] we can operate in a complex human terrain comprising multiple actors and a constant stream of intelligence.”³

Using only a standalone SNA solution, the unit concerned was able quickly to build up a comprehensive ‘Who’s Who’ of people populating their tactical area of responsibility, establish linkages between people and places, pinpoint key decision makers and predict potential firing points – all in near real time.

Linking this capability with compatible databases and geospatial systems makes it even more effective. And the increasing reach and bandwidth of the Afghan Mission Network (AMN) now offers the prospect of networking this capability to operational headquarters, achieving a common intelligence platform operating from tactical to strategic levels with SNA as a key element. Information superiority is at last becoming a realistic and achievable goal in the war against terrorism.

Network Defence

As military systems and civilian society become more networked, they become more vulnerable to exploitation and attack. In World War II Hitler sought to undermine the UK’s Critical National Infrastructure (CNI) by kinetic aerial attacks on its cities and industrial bases. The modern equivalent would be a cyber attack on our computer networks or exploitation of the Internet. We don’t have far to look for a military example. In July 2008 Ossetian rebels provoked a conflict with Georgia; and Georgia countered with its own air strikes and a ground invasion.

The Russian army responded in force, ejecting the Georgian army from South Ossetia. An integral part of this response was cyber warriors striking on the virtual battlefield, using denial-of-service attacks to shut down Georgian government websites, disrupt Georgian financial institutions and block Georgian access to the outside world.

Recognising that Cyber is becoming the fifth dimension of warfare (after Land, Sea, Air and Space) the UK Government has committed more than £600M to Cyber Security. While it was one of the few growth areas in the Strategic Defence and Security Review (SDSR), details have yet to emerge about precisely where those funds will be invested. Identifying specific cyber threats is not as clear-cut as kinetic warfare because of anonymity. Identifying who is initiating the attack, and where it is coming from, will be the key challenge. This is where SNA and link analysis techniques can come to the forefront, identifying key linkages and the source of the attack.

Sources:

¹ “I am Saddam Hussein the President of Iraq and I am willing to negotiate,” The Guardian, 16 December 2003.

² Ist Battalion Royal Gurkha Rifles (1 RGR) used off-the-shelf stand-alone Analyst’s Notebooks from i2 on their recent deployment in Helmand Province, Afghanistan.

³ Major Shaun W Chandler, 1 RGR.

As the former CIO of the Los Angeles Police Department, I’ve had the privilege of being part of the security infrastructure for many large gatherings – the Academy Awards and the NBA Finals at Staples Center to name a few. The planning and coordination among many law enforcement agencies is critical to the success of securing any event of this scope.

The Texas fusion centers play a centralization function by coordinating all the intelligence about localized incidents and suspicious activities. Fusion Centers can coordinate all the various organizations that will be providing security and information. It’s critical to not only prepare for any scenario and have all the tools in place should something occur, but also ensure the safety of those in attendance. Sophisticated analytical tools that can make non-obvious relationships among a deluge of data bring tremendous value to the intelligence analysts who are monitoring for any potential threat and can be acted on if necessary.

Lt. Todd Thomasson of the Dallas Police Department puts it best in describing the Fusion Center as a resource that “will give us situational awareness if crowds are getting big, getting out of hand or if there’s a fight and we need to apply additional resources.”(1)

The Fusion Center will be looking at a variety of sources — confidential, public, open source, and more. My bet is that they will monitor and analyze any threats that may be coming in and reviewing security measures in place.

Consistent with the security operations infrastructure now common to all major sporting events, that being put in place leading up to Super Bowl is a massive, collaborative, behind-the-scenes undertaking involving dozens of law enforcement agencies and the most advanced intelligence technology. The planning began more than a year ago. Fusion Center analysts are in close cooperation with their colleagues at the Dallas Police Department, the Arlington Emergency Operations Center, as well as the Department of Homeland Security and the FBI. Working together, they will play a pivotal role in sifting through copious amounts of data in monitoring for and taking action to deter potentially disruptive scenarios.

My prediction for the game itself …. one team will win.

(1) “Fusion Center gives Dallas officers bird’s eye views during Super Bowl,” WFAA.com, January 27, 2011.

The article reads as if law enforcement agencies are now privy to entire new categories of information on citizens.  It seems like there is a deliberate assault on civil liberties.  In actuality, the only thing new is the speed and ease with which disparate pieces of potentially related data can be aggregated and fused.  Technology has enabled this to happen.  Simply put, law enforcement is more efficient.  This is not an issue of information access or gathering, but an issue of technology advancement and speed.

Case in point: the article describes how automatic license plate readers can lead to instant information at the fingertips of a cop on patrol.  But license plates are public information and police have always noted tag numbers.  At the same time, information linking the vehicle registrant to that plate number is available in a database.  And information on the vehicle registrant also resides in a database containing outstanding warrants.  All of this information has always been there.  With technology, police are now able to tie it all together instantly.  That’s effective and efficient law enforcement.  And the patrolman’s behavior is governed by strict requirements designed to protect civil liberties.  Cops, fusion center directors, and the FBI aren’t out to deprive citizens of their constitutional liberties.  They’re out to do their job – protecting citizens – which their bosses, policy makers, and communities all expect them to do well.   

Suspicious Activity Reporting can be considered in the same light.  SAR is another label for “tips” and “leads”.  As a concept there’s nothing really new about it.  Someone sees suspicious behavior and reports it to authorities (this happens all the time).  Sometimes the tip pans out and a crime is prevented.  And often the police have to contend with erroneous tips, false alarms and dead ends.  What has changed is the ease with which analysts and officers can discern fact from fiction.  Again, this is technology-enabled efficiency in law enforcement.  Relevant evidence is connected more easily, accurate leads are generated more quickly, and comprehensive information is funneled faster to the right analysts for further investigation. 

Law enforcement and intelligence personnel take an oath to support and defend the Constitution; this includes the protection of privacy and preservation of civil rights.  At the same time, these men and women are also entrusted with an obligation to protect American citizens – a job that increasingly involves complicated, multijurisdictional investigations and data-heavy analysis.  The ability to process the greatest amount of information and share it with the right people is critical to ensuring the pin-point accuracy that preserves the liberties of the innocent – and the protection of the public.

The Intelligence and National Security Alliance (INSA)  today named i2 CEO Robert Griffin to its Board of Directors.  Griffin joins industry and government leaders from Booz Allen Hamilton, CACI, Lockheed Martin, ManTech, Microsoft, QinetiQ North America, Raytheon Intelligence and Information Systems, SAIC and the Office of the Director of National Intelligence.  In this role, he will work with the Board to help drive INSA’s agenda across the Intelligence and National Security Communities.

Established in 1979, INSA is a non-profit, non-ideological, professional association created by intelligence professionals as a non-partisan, unbiased forum to develop new solutions that improve our nation’s security.  Through member-driven Councils and Task Forces, INSA is engaging the broader public to help find solutions, and is working to create the workforce from which the leaders of the next generation will rise.

“Robert Griffin brings tremendous knowledge and insights about how national security, defense and law enforcement organizations can rely on technology in enhancing information sharing and managing the deluge of data coming from multiple sources,” said Frances Fragos Townsend, INSA Board Chairwoman. “We are pleased to have him join our Board.”

“As the Intelligence Community faces ongoing terror, cyber and criminal threats, the importance of an effective public private partnership is paramount in enhancing public policy, processes and best practices as these threats evolve,” said Griffin.  “INSA has made tremendous strides in bringing together the right mix of perspectives from industry, academia and government.  I look forward to working with the Board in identifying and creating new approaches to solve our national security challenges.”

Griffin leads a global workforce of about 400 employees.  He became i2 CEO after the 2009 merger of i2 and Knowledge Computing Corporation (KCC), where Griffin served as President and CEO.  While there, he successfully transformed KCC from a small technology company to become the leading provider of technology-based crime-fighting solutions. Prior to KCC, Griffin co-founded eMotion Inc., a leader in digital media management technology and services. Under his leadership eMotion achieved the Deloitte and Touche Fast 50 and Fast 500 for each of his years there.

As an INSA Board member, Griffin will serve a three-year term through September 30, 2013.

“We cannot do it without industry support, and industry can’t do it without our support,” he said. “But by the time a company reaches out to DHS after an attack, the damage is already done.”

Discussions about the importance of a Public Private Partnership – widely recognized as P3 in policy circles and by cyber practitioners – are happening on an almost daily basis.  In light of Gen. Alexander’s statements to Congress, there needs to be an honest discussion about the role of the private sector and how involved they should be with the government in developing processes and solutions.  Discussions about how real the threat is are useless unless it leads to action.  P3 efforts in other areas important to our country’s interest like healthcare and education have been challenging.  While hurdles exist in cyber, collectively, we have an opportunity to get this right. 

However, no one has settled on a viable process or standard for what P3 looks like or how it works. For example, Cyber Command, US-CERT, NSA and DHS all will have a role in working with “critical infrastructure” companies but that has yet to be sorted out regarding where responsibilities lie and exactly what they are going to do. The omnibus answer seems to be coming under the Einstein protective umbrella but not everyone is going to want to do that, and it is not ready yet anyway. 

The central issue revolves around trust.  While the technology is strong and getting better every day at identifying and isolating cyber threats, success with P3 initiatives relies on neutrality and a willingness to share information in a way that can lead to quantifiable results.  Organizations like the National Cyber-Forensics and Training Alliance (NCFTA) and InfraGard – which provide protective security advice to businesses and organizations across the national infrastructure – are building cooperation, collaboration and information sharing models between government and the private sector. 

“Information sharing and collaboration are crucial in attaining cyber threat identification and mitigation,” said Ron Plesco, CEO of the NCFTA.

And just recently, the GAO and DHS issued a report on critical infrastructure protection.   The GAO found that “private sector stakeholders…expect their federal partners to provide usable, timely, and actionable cyber threat information and alerts; access to sensitive or classified information; a secure mechanism for sharing information; security clearances; and a single centralized government cybersecurity organization to coordinate government efforts. However, according to private sector stakeholders, federal partners are not consistently meeting these expectations.”  

At the same time, private companies cannot wait for government action to protect their infrastructure.  They should all have cyber plans in place as part of their business continuity planning.  This involves data preservation, Plan B options to stay in touch with customers and vulnerability assessments to determine what is needed to protect them.

Since that day, the world’s military, national security and law enforcement infrastructures have fundamentally changed the way that they operate and interoperate so that the chance of an attack like this ever happening again is reduced or eliminated. Concepts like cross-border information sharing and cross-organizational collaboration are driving innovation and creative thinking. We’ve seen the emergence of breaking down silos within organizations by integrating geospatial data, statistical data, associative, temporal data and human sensor data into a single working environment. We’ve also seen that, no matter how good all of our digital sensor data capture is, the Human Sensor is still an extremely powerful weapon in our arsenal. The integration of human sensor data and digital sensor data gained through collaboration with you and your teams has helped us, collectively, to take consistent steps forward.

This is all still a work in progress and every organization is tackling this at a different pace, but we are tackling it and we are making progress. At i2, we see this progress every day with our customers worldwide and it makes waking up in the morning and going to work not only easy, but extremely energizing and fulfilling.

I want to ask you to take a moment to give your thoughts to the personnel in military, public safety, national security and ordinary citizens across the globe who have risked their lives, given their lives or just worked their asses off to make a difference in this effort to improve global security. If you are one of those people, I want to thank you personally and on behalf of i2’s global team.

Bob Griffin

CEO

i2