i2 CEO Bob Griffin receives Queen's Award from HM Lord-Lieutenant of Cambridgeshire, Hugh Duberly Esq CBE

Dressed in his traditional royal garb, HM Lord-Lieutenant of Cambridgeshire, Hugh Duberly Esq CBE bestowed the Queen’s Award to i2 for the second year in a row. The Chief Executive of Cambridgeshire County Council, Mark Lloyd, read from the official royal scroll at a ceremony attended by hundreds of i2 employees at the company’s Cambridge, UK headquarters on 15 July. 

The event marked a positive milestone in the company’s two decade history providing solutions for law enforcement, national security, defence and the private sector.

The Chief Executive of Cambridgeshire County Council, Mark Lloyd, reads from the the official royal scroll

“Winning this award for the second year running is a fitting tribute to the continuing achievements of the company and our employees,” said i2 CEO Robert Griffin. “The successes of our products in helping our customers collaborate and share information, investigate, predict, prevent and defeat the world’s most sophisticated criminal and terrorist threats has been an instrumental factor in this achievement.”

A day prior, Mr. Griffin and i2 employee Tracey Ellis attended a private ceremony at Buckingham Palace for all the Queen’s Award winners.

At the same time, there are still many challenges to face before information sharing becomes de riguer across local, state, national and international boundaries. To better understand and communicate these issues, i2 hosted an information sharing panel at its Americas User Conference earlier this month.

Panelists included Kathleen O’Toole, the Chief Inspector of the Garda Síochána Inspectorate in Ireland, who was previously the Boston, Mass., Police Commissioner. During her time in Boston, she was critical to the founding of the Boston Regional Intelligence Center (BRIC), one of the nation’s first fusion centers. Deputy Chief Troy Smith of the Grand Junction Police Department in Colorado also offered up his expertise gleaned from his department’s organization  in getting Colorado to be one of the states that has successfully established information sharing state-wide. Tim Riley, a current i2 SVP and former CIO for the Los Angeles Police Department, played a large role in establishing information sharing agreements between the LAPD, the Los Angeles Sheriff’s Department and Orange County.  Chriss Knisley, the i2 Assistant Vice President for the COPLINK product line was also in attendance to discuss the technological standpoint of information sharing. i2’s Director of Corporate Communications Mitch Derman moderated the session.

While discussing the solutions to the major pain points in information sharing, the panellists touched on one basic requirement at all levels: the critical need for collaboration. Whether it be between operations and analysts or the federal government and local police departments, it is imperative that the primary goal must be to create a safe environment for citizens and law enforcement officers alike. Deputy Chief Smith and Riley agreed that the inroads that have already been taken toward information sharing are light years ahead of where things used to be earlier in their careers.  However until collaboration and a willingness to share becomes the norm, there are still challenges to tackle.

Perhaps one of the most important aspects of collaboration is the need to build relationships.  Chief Inspector O’Toole heartily stressed the importance of uniting operational sworn police officers with the more traditional back-office analysts. Regardless of the environment in which they interact, it is important to train analysts and sworn officers to work together, ask the right questions, and understand the value of using analysis in investigations. She believes that the best way to solve this problem is to bring the two sides together. O’Toole expressed that,  “At the end of the day, it’s all about relationships and co-locating people to the greatest extent possible in some of these centers to work on different operations together… the more time analysts spend with operations people the stronger the relationship and the more valuable the relationship becomes. The BRIC was my pet project, and I spent a lot of time there, and walking through it, one wouldn’t know who was sworn and who wasn’t sworn because analysts were valued as much as the sworn personnel.”

Deputy Chief Smith also emphasized the importance of communication, particularly within and across communities and organizations, to combat the stigma against sharing private information. The recent tragic shootings in Arizona provided a prime example of small pieces of information located in disparate sources that prevented the experts  from being able to access all the puzzle pieces to see the broader picture.  Deputy Chief Smith recognized this as an ongoing issue and organized a forum in Grand Junction, Colo., with public and private organizations to discuss how they could combat such a complicated scenario.  By instigating a collaboration of various members of the community, it not only brought awareness to both law enforcement officials but others such as schools and health center officials who are normally unable or unwilling to share information. Already Grand Junction has seen  noticeable results from their forum. Deputy Chief Smith remarked that “we’ve had some people at a mental health hospital notice certain behaviors, and they were capable of sharing that information in a way that didn’t violate their agreements. Previously they may not have known to call or that we would have been interested in that information.”

Fear of widespread access to private information is one of the largest inhibitors against the adoption of information sharing. Fortunately, through the creation of extensive audit trails and security protocols, Riley and Knisley believe this can be overcome. Records exist for every attempted access to private information to know who is accessing it and what exactly they are looking at. Knisley added that, “In regards to the effective use of information, people are going to think a little bit more about accessing information system that they know is logged. People are not going to log in and search for someone they might get in trouble for later if they know their name is attached to it.”

Your insights are welcome on this important topic.

It is with utmost graciousness that on behalf of the employees at i2, I extend our gratitude to the men and women across the Intelligence and Counterterrorism communities in the U.S., and abroad who have worked tirelessly to make the capture of bin Laden a reality. And let’s remember the many who gave the ultimate sacrifice.　

I also want to commend the employees of i2 for their ongoing commitment to ensuring our customers have the best analytical and intelligence tools available. While we cannot confirm for certain that our tools were used in this manhunt, we do know that all the military and intelligence agencies involved in the mission rely on i2 daily to capture and share actionable intelligence that saves lives and enhances our security.　　　

Today is a day when we can all be proud of supporting the mission.

i2 CEO Bob Griffin

With the nation’s debt ceiling looming, it has become clear that members of Congress on both sides of the aisle will not agree to new borrowing unless government spending cuts are included in that authorization. But when it comes to reducing outlays, the programs that make up the lion’s share of spending, and which are also the most contentious – nondiscretionary spending like entitlements and health care – are often put off for another day. If we’re going to have a meaningful, long-term impact on the fiscal well-being of our economy, this can’t continue. Fortunately, we have an option available that can make an immediate difference on one of the biggest budget busters, without eliminating any programs or forcing tough choices – tackling health care fraud by leveraging existing technologies.

Health care-related fraud, including fraudulent Medicare and Medicaid claims, costs taxpayers as much as $100 billion each year. Recently, the U.S. Department of Health and Human Services (HHS) charged 111 people in nine cities, including doctors and nurses, for more than $225 million in false billing. These fraudulent claims increase health care costs for all Americans.

One of the best strategies for fighting this drain may be a surprising one: taking existing technologies that are currently catching criminals, stopping terrorists, and mapping the intricacies of insurgent networks – and leverage them to combat health care fraud.

The challenge is the same for both types of criminal activity: processing and analyzing huge amounts of data to identify patterns, trends and individual criminals. In the case of Medicare and Medicaid, the trillions of transactions that happen every year are particularly ripe to be analyzed. This is because health care claims are essentially pieces of “structured data.” Each claim includes the same basic information, such as diagnosis and treatment, and this type of data lends itself especially well to analysis of fraud patterns.

But the power of these technologies really lies in their scale – identifying patterns based on large amounts of data. The impact and benefit could be exponentially bigger if there was a concerted effort, across agencies and organizations, to scale up the implementation of these tools.

If we cut even half of annual Medicaid and Medicare fraud, we’ll go a long way towards achieving Congress’ target reductions in spending. Moreover, this is a long-term fix, one that will continue to remove costs from the system for decades. 

Seven days a week, 24 hours a day, cutting-edge software and technologies are using data analysis to provide actionable intelligence that is protecting Americans from terrorism.  These technologies can, and should, be employed in a similar fashion to protect our health care system and our government’s fiscal stability for generations to come.

I also agree with the report’s suggestion that continuous training is essential for analysts.  Training helps analysts stay fresh on their game and understand new techniques.

A true analyst is motivated by the work they do.  When I performed analysis for the IC, I was excited to be at work because there was always more data to analyze.  Visualizing new data and deciphering it with historic data to help fulfill my team’s mission is what brought me into work early each day. And I now get the opportunity to help enhance the work of other analysts in the IC with new techniques such as Social Network Analysis,  and with other data sources such as geospatial data and open source.

In 2003, Saddam Hussein was on the run. With his chain of command eliminated, traditional intelligence efforts to track him down were failing. Col. James Hickey, U.S. Army, heading the intelligence operation to find Saddam, determined that the reclusive Iraqi dictator only trusted and communicated with family members of his own tribal group. As Hickey said, “We built a fairly elaborate estimate of who Saddam’s supporters were in the area; though it did provide security, it also worked against them. Once we learnt who did what, it allowed us to work against them.”¹

Hickey and his team were using a nascent form of Social Network Analysis (SNA). In its purest form, SNA relies on examining the linkages between people and places within a defined group or locality in order to deduce the key decision makers or vulnerable links and where they are located. In this case, it was the pinpointing of Saddam’s chauffeurs that led to his historic capture.

Figure 1

Social Network Analysis

Social Network, or Link, Analysis distinguishes between the friendly, hostile and neutral players who populate the ‘human terrain’ where modern counter-insurgency operations take place. Formerly a paper-driven exercise involving considerable resources, it was largely confined to headquarters’ intelligence staffs rather than front line units. By automating the process it is now possible to map linkages between thousands of intelligence sources simultaneously from routine patrol contacts, electronic warfare intercepts, aerial surveillance and other sources.

Analysts can then identify key nodal points in the decision-making or communications network (Figure 1) in near real time. A recent trial of SNA² demonstrated that it can now be used by front line units to cope with a complex human terrain consisting of multiple actors with differing agendas. “Counter-insurgency operations are complex to say the least; gone is the conventional red and blue intelligence picture. [With SNA] we can operate in a complex human terrain comprising multiple actors and a constant stream of intelligence.”³

Using only a standalone SNA solution, the unit concerned was able quickly to build up a comprehensive ‘Who’s Who’ of people populating their tactical area of responsibility, establish linkages between people and places, pinpoint key decision makers and predict potential firing points – all in near real time.

Linking this capability with compatible databases and geospatial systems makes it even more effective. And the increasing reach and bandwidth of the Afghan Mission Network (AMN) now offers the prospect of networking this capability to operational headquarters, achieving a common intelligence platform operating from tactical to strategic levels with SNA as a key element. Information superiority is at last becoming a realistic and achievable goal in the war against terrorism.

Network Defence

As military systems and civilian society become more networked, they become more vulnerable to exploitation and attack. In World War II Hitler sought to undermine the UK’s Critical National Infrastructure (CNI) by kinetic aerial attacks on its cities and industrial bases. The modern equivalent would be a cyber attack on our computer networks or exploitation of the Internet. We don’t have far to look for a military example. In July 2008 Ossetian rebels provoked a conflict with Georgia; and Georgia countered with its own air strikes and a ground invasion.

The Russian army responded in force, ejecting the Georgian army from South Ossetia. An integral part of this response was cyber warriors striking on the virtual battlefield, using denial-of-service attacks to shut down Georgian government websites, disrupt Georgian financial institutions and block Georgian access to the outside world.

Recognising that Cyber is becoming the fifth dimension of warfare (after Land, Sea, Air and Space) the UK Government has committed more than £600M to Cyber Security. While it was one of the few growth areas in the Strategic Defence and Security Review (SDSR), details have yet to emerge about precisely where those funds will be invested. Identifying specific cyber threats is not as clear-cut as kinetic warfare because of anonymity. Identifying who is initiating the attack, and where it is coming from, will be the key challenge. This is where SNA and link analysis techniques can come to the forefront, identifying key linkages and the source of the attack.

Sources:

¹ “I am Saddam Hussein the President of Iraq and I am willing to negotiate,” The Guardian, 16 December 2003.

² Ist Battalion Royal Gurkha Rifles (1 RGR) used off-the-shelf stand-alone Analyst’s Notebooks from i2 on their recent deployment in Helmand Province, Afghanistan.

³ Major Shaun W Chandler, 1 RGR.

Led by Brian McIlravey, co-CEO of PPM 2000, and i2’s Mark Massop, Director and Solutions Specialist, the webinar demonstrated how the products significantly reduce the time and effort required of analysts to turn routine data into actionable intelligence – the key to any successful investigation.

Whether countering cybercrime, investigating fraud or monitoring terrorist networks, time spent combing through case summaries and databases is time lost as illicit activity continues. By transforming routine information in flat reports into visual elements that can easily be analyzed, i2 and PPM’s combined solutions equip analysts with the tools needed to swiftly navigate data, identify relationships and present actionable intelligence to prevent and/or mitigate incidents.

The integration of these solutions will help customers protect their bottom lines, their reputations and most importantly, their customers.

As White House Cyber Czar Howard Schmidt pointed out at an Infragard Alliance breakfast in late January, the technology and capabilities available on mobile devices are way ahead of the current state of security, presenting a high value target for hackers, criminals and terrorists.

For example, applications like Venmo and Bump facilitate payments from mobile devices by linking to bank and credit card information and transmitting payment data via barcodes on the screen, by infrared or by NFC (near-field communications). Starbucks has already made available to customers its own iPhone payment application.  

“These tools [mobile software apps] have historically weak coding and security practices, and will allow cyber criminals to manipulate a variety of physical devices through compromised or controlled apps,” wrote McAfee Labs in the report, adding that many end users do not realize their mobile devices are full-blown computers and they are connected to a network.

Certainly the implications for consumer fraud are rife. More alarming are potential threats to national security and critical infrastructure. The U.S. Army just announced its intention to equip every soldier with a smart phone, and software maker Indusoft recently introduced a SCADA (Supervisory Command and Data Acquisition) application for iPhone, iPad and Blackberry allowing a wireless mobile interface with computer networks that control such critical infrastructure as energy and water facilities.

Dave Marcus, director of Security Research and Communications at McAfee, suggests that for end users, the best defense against mobile cyber crime is knowing your device, knowing what security settings you should have in place, and most importantly knowing what the applications you are using are actually doing. For instance, while end users may be aware that mobile apps can expose privacy and identity data, many users may not be aware that when they post to social networks, send e-mail or perform other seemingly benign activities, many devices are simultaneously transmitting GPS data so that hackers can instantly learn their physical location in addition to whatever else they may be attempting to do.

A byproduct of Twitter for instance – and other limited text communication environments popular on mobile devices – is tiny urls.  Using hyperlink embedding to transmit a longer potentially malicious URL, they are not as easily recognized by users or security software, and are currently capable of bypassing a wide range web filtering countermeasures.

Cyber criminals are targeting more Apple devices in 2011 as their popularity grows in business environments. The use of Botnets, which have now evolved to be capable of swiping data directly from computers vs. simply hijacking them to send spam, will become a common occurrence on Apple platforms in 2011 according to McAfee.

As technology and utilization continue to leapfrog past security, there are nonetheless progressive tools becoming available to help investigators stay ahead of threats by automating and expediting what was once a largely manual process, one which did not easily allow for the pooling and comparison of data from multiple devices.

 To learn more about these tools, attend the upcoming webinar “Mobile Telephony: The Next Wave in Cyber Crime” on Feb. 9.  For more information, visit www.i2group.com.

By Charlotte Davies, Intelligence Analyst, EIA

Recently, I was interested to read about a physicist named John Archibald Wheeler. One of Wheeler’s theories was (put very basically) that everything is information. Meaning, literally, everything is information – that the deepest foundations of the universe are ultimately made up of nuggets of information, corresponding to a vast chorus of “yes” or “no” binary choices, from which all physical existence flows.

So this word ‘information’ no longer merely suggests something like ‘facts’ or ‘knowledge’. As information philosophy explains it, the word has now expanded to mean something greater – something that can even be described in biological, metaphysical, even cosmological terms. It’s said we’re living in an information age. In recent times, the concept of information has mutated to symbolise and represent many different things, and come to guide us into myriad new ways of thinking and doing. Likewise, in the enforcement world, the understanding that information exists, that it can be captured, expanded and enhanced to enable appropriate responses to illegal activity has also undergone an expansion in recent years.

This blog shows you that EIA has many activities, works with many tools. The gathering, analysing and sharing of information to identify and combat environmental crime is one shade in its palette. In the enforcement world, these processes use raw information as the starting ingredient; they connect, unite and enhance pieces of information into a more cohesive whole, called intelligence. The result of these actions should be a picture or a portrait of crime; where it’s happening, due to whom – and how to combat it. Intelligence-led action relies on profiling, investigation and consideration of targets – not random or superficial activity that isn’t informed by the situation on the ground. As EIA’s work cross-cuts enforcement and conservation concerns, we believe that intelligence-led enforcement is one thing which will help to preserve endangered species.

By linking different pieces of intelligence, a web of associations springs up. This composite i2® chart shows trans-Himalayan connections in the skin trade, revealed through skin seizure events and telephone records. EIA has used this tool to show the transnational nature of the skin trade to campaign for greater enforcement and international cooperation. Copyright EIA.

Faced with a haemorrhage of species from some of the most biodiverse areas on earth, we ask enforcement agencies to develop their applications of intelligence. Because we have seen that borders pose few barriers to a sophisticated and organised global trade, we ask that enforcement agencies and governments communicate, and share their information to dig down to the roots of the illegal trade, to effect substantial and lasting change.

EIA’s own investigations have shown that those perpetuating the illegal trade operate within sophisticated and fluid networks. By necessity these are covert, shadowy, difficult to penetrate. Because EIA campaigns for change to protect the natural world from abuse perpetuated by networks such as these, we use i2® intelligence analysis software to depict the nature of criminal associations and transactions to governments and enforcement agencies.

It’s my hope that enforcement responses to environmental crime might reflect features that have been ascribed to the natural world. Vigour is needed, co-operation also. Some range states now have dedicated wildlife crime enforcement units; there are information sharing networks are operating. But species decline continues. The kingpins continue to operate undeterred. Traders tell us they anticipate increased demand for tiger skins in this, the Year of the Tiger.

The fabric of issues impacting upon environmental crime is complex. Decision makers need to dig deep into what causes and perpetuates these problems, and make real commitments to change. So in the Year of the Tiger and beyond, let information be transformed into intelligent enforcement.

Find out how to quickly unravel criminal and terrorist operations and easily identify their power centers with Social Network Analysis capabilities in Analyst’s Notebook 8.5 from i2. In this webcast, you’ll learn:

Terrorist and criminal activity can involve seemingly unconnected people, interactions, and organisations. Massive amounts of data can conceal critical relationships, and pinpointing their importance has typically required highly specialised skills—and resources.

Register Now