The events that occurred on September 11 are the primary reason so many of us – the law enforcement and intelligence communities in particular – work so hard to enhance our security capabilities in preventing another attack.

As CEO of i2, I am always humbled by the commitment and dedication of our police officers, intelligence analysts and the men and women serving in uniform around the world.  Their sacrifices to make the world more secure never go unnoticed. I’m often asked if we’re safer today than we were on September 11. As a nation, we have come a long way in fixing some of the problems the 9/11 Commission highlighted in its report. For example:

• It is estimated that the amount of sensor level data has increased by as much as 1600 percent since 9/11.  At the same time, the capacity to capture and assimilate that data and make connections from non-obvious relationships has gotten much better.
• The notion of information sharing has migrated from an anomalistic approach to where it’s now the table stakes for any successful intelligence gathering endeavor.  Success has happened within agencies and has begun to take place across agencies and is beginning to take shape across borders.  It’s an evolutionary process.  Clearly, the OBL mission success on May 1 would not have been as seamless without information sharing.
• Part of what’s really helped is the umbrella of DHS which has enabled more sharing between ATF, Customs, Border Security and across to DoJ/FBI and the intelligence agencies.  At the state and local level, Joint Terrorism Task Forces and fusion centers, there are federal agents working off of state databases.
• Analysts have never been better trained.  The analysts of today grew up with technology.  As a result, they are able to take advantage of tools that analysts in earlier generations were not able to.  That along with the proliferation of data and data sources, and the need to assimilate all of it in one place to quickly create actionable intelligence has made the responsibility of the intelligence analyst role increase in responsibility and prominence.  Analysis – once perceived as a back room effort – has become central to intelligence operations.

As James Clapper, director of National Intelligence said recently in a Wall Street Journal op/ed, “We now collaborate on intelligence collection and analysis in ways that were unheard of 10 years ago. We’ve made significant progress in reducing the cultural, information technology and policy barriers to sharing information among agencies, and we continue to explore new strategies for integrating our intelligence efforts.”

So when people inevitably continue to ask my colleagues and me, “are we safer today?” I can undoubtedly say, yes. The strides the intelligence community has made – from technology advancements to the capture of key terrorists throughout the world – have been nothing short of remarkable – milestones for which we can be proud.

i2 CEO Bob Griffin receives Queen's Award from HM Lord-Lieutenant of Cambridgeshire, Hugh Duberly Esq CBE

Dressed in his traditional royal garb, HM Lord-Lieutenant of Cambridgeshire, Hugh Duberly Esq CBE bestowed the Queen’s Award to i2 for the second year in a row. The Chief Executive of Cambridgeshire County Council, Mark Lloyd, read from the official royal scroll at a ceremony attended by hundreds of i2 employees at the company’s Cambridge, UK headquarters on 15 July. 

The event marked a positive milestone in the company’s two decade history providing solutions for law enforcement, national security, defence and the private sector.

The Chief Executive of Cambridgeshire County Council, Mark Lloyd, reads from the the official royal scroll

“Winning this award for the second year running is a fitting tribute to the continuing achievements of the company and our employees,” said i2 CEO Robert Griffin. “The successes of our products in helping our customers collaborate and share information, investigate, predict, prevent and defeat the world’s most sophisticated criminal and terrorist threats has been an instrumental factor in this achievement.”

A day prior, Mr. Griffin and i2 employee Tracey Ellis attended a private ceremony at Buckingham Palace for all the Queen’s Award winners.

At the same time, there are still many challenges to face before information sharing becomes de riguer across local, state, national and international boundaries. To better understand and communicate these issues, i2 hosted an information sharing panel at its Americas User Conference earlier this month.

Panelists included Kathleen O’Toole, the Chief Inspector of the Garda Síochána Inspectorate in Ireland, who was previously the Boston, Mass., Police Commissioner. During her time in Boston, she was critical to the founding of the Boston Regional Intelligence Center (BRIC), one of the nation’s first fusion centers. Deputy Chief Troy Smith of the Grand Junction Police Department in Colorado also offered up his expertise gleaned from his department’s organization  in getting Colorado to be one of the states that has successfully established information sharing state-wide. Tim Riley, a current i2 SVP and former CIO for the Los Angeles Police Department, played a large role in establishing information sharing agreements between the LAPD, the Los Angeles Sheriff’s Department and Orange County.  Chriss Knisley, the i2 Assistant Vice President for the COPLINK product line was also in attendance to discuss the technological standpoint of information sharing. i2’s Director of Corporate Communications Mitch Derman moderated the session.

While discussing the solutions to the major pain points in information sharing, the panellists touched on one basic requirement at all levels: the critical need for collaboration. Whether it be between operations and analysts or the federal government and local police departments, it is imperative that the primary goal must be to create a safe environment for citizens and law enforcement officers alike. Deputy Chief Smith and Riley agreed that the inroads that have already been taken toward information sharing are light years ahead of where things used to be earlier in their careers.  However until collaboration and a willingness to share becomes the norm, there are still challenges to tackle.

Perhaps one of the most important aspects of collaboration is the need to build relationships.  Chief Inspector O’Toole heartily stressed the importance of uniting operational sworn police officers with the more traditional back-office analysts. Regardless of the environment in which they interact, it is important to train analysts and sworn officers to work together, ask the right questions, and understand the value of using analysis in investigations. She believes that the best way to solve this problem is to bring the two sides together. O’Toole expressed that,  “At the end of the day, it’s all about relationships and co-locating people to the greatest extent possible in some of these centers to work on different operations together… the more time analysts spend with operations people the stronger the relationship and the more valuable the relationship becomes. The BRIC was my pet project, and I spent a lot of time there, and walking through it, one wouldn’t know who was sworn and who wasn’t sworn because analysts were valued as much as the sworn personnel.”

Deputy Chief Smith also emphasized the importance of communication, particularly within and across communities and organizations, to combat the stigma against sharing private information. The recent tragic shootings in Arizona provided a prime example of small pieces of information located in disparate sources that prevented the experts  from being able to access all the puzzle pieces to see the broader picture.  Deputy Chief Smith recognized this as an ongoing issue and organized a forum in Grand Junction, Colo., with public and private organizations to discuss how they could combat such a complicated scenario.  By instigating a collaboration of various members of the community, it not only brought awareness to both law enforcement officials but others such as schools and health center officials who are normally unable or unwilling to share information. Already Grand Junction has seen  noticeable results from their forum. Deputy Chief Smith remarked that “we’ve had some people at a mental health hospital notice certain behaviors, and they were capable of sharing that information in a way that didn’t violate their agreements. Previously they may not have known to call or that we would have been interested in that information.”

Fear of widespread access to private information is one of the largest inhibitors against the adoption of information sharing. Fortunately, through the creation of extensive audit trails and security protocols, Riley and Knisley believe this can be overcome. Records exist for every attempted access to private information to know who is accessing it and what exactly they are looking at. Knisley added that, “In regards to the effective use of information, people are going to think a little bit more about accessing information system that they know is logged. People are not going to log in and search for someone they might get in trouble for later if they know their name is attached to it.”

Your insights are welcome on this important topic.

It is with utmost graciousness that on behalf of the employees at i2, I extend our gratitude to the men and women across the Intelligence and Counterterrorism communities in the U.S., and abroad who have worked tirelessly to make the capture of bin Laden a reality. And let’s remember the many who gave the ultimate sacrifice.　

I also want to commend the employees of i2 for their ongoing commitment to ensuring our customers have the best analytical and intelligence tools available. While we cannot confirm for certain that our tools were used in this manhunt, we do know that all the military and intelligence agencies involved in the mission rely on i2 daily to capture and share actionable intelligence that saves lives and enhances our security.　　　

Today is a day when we can all be proud of supporting the mission.

i2 CEO Bob Griffin

With the nation’s debt ceiling looming, it has become clear that members of Congress on both sides of the aisle will not agree to new borrowing unless government spending cuts are included in that authorization. But when it comes to reducing outlays, the programs that make up the lion’s share of spending, and which are also the most contentious – nondiscretionary spending like entitlements and health care – are often put off for another day. If we’re going to have a meaningful, long-term impact on the fiscal well-being of our economy, this can’t continue. Fortunately, we have an option available that can make an immediate difference on one of the biggest budget busters, without eliminating any programs or forcing tough choices – tackling health care fraud by leveraging existing technologies.

Health care-related fraud, including fraudulent Medicare and Medicaid claims, costs taxpayers as much as $100 billion each year. Recently, the U.S. Department of Health and Human Services (HHS) charged 111 people in nine cities, including doctors and nurses, for more than $225 million in false billing. These fraudulent claims increase health care costs for all Americans.

One of the best strategies for fighting this drain may be a surprising one: taking existing technologies that are currently catching criminals, stopping terrorists, and mapping the intricacies of insurgent networks – and leverage them to combat health care fraud.

The challenge is the same for both types of criminal activity: processing and analyzing huge amounts of data to identify patterns, trends and individual criminals. In the case of Medicare and Medicaid, the trillions of transactions that happen every year are particularly ripe to be analyzed. This is because health care claims are essentially pieces of “structured data.” Each claim includes the same basic information, such as diagnosis and treatment, and this type of data lends itself especially well to analysis of fraud patterns.

But the power of these technologies really lies in their scale – identifying patterns based on large amounts of data. The impact and benefit could be exponentially bigger if there was a concerted effort, across agencies and organizations, to scale up the implementation of these tools.

If we cut even half of annual Medicaid and Medicare fraud, we’ll go a long way towards achieving Congress’ target reductions in spending. Moreover, this is a long-term fix, one that will continue to remove costs from the system for decades. 

Seven days a week, 24 hours a day, cutting-edge software and technologies are using data analysis to provide actionable intelligence that is protecting Americans from terrorism.  These technologies can, and should, be employed in a similar fashion to protect our health care system and our government’s fiscal stability for generations to come.

I also agree with the report’s suggestion that continuous training is essential for analysts.  Training helps analysts stay fresh on their game and understand new techniques.

A true analyst is motivated by the work they do.  When I performed analysis for the IC, I was excited to be at work because there was always more data to analyze.  Visualizing new data and deciphering it with historic data to help fulfill my team’s mission is what brought me into work early each day. And I now get the opportunity to help enhance the work of other analysts in the IC with new techniques such as Social Network Analysis,  and with other data sources such as geospatial data and open source.

In 2003, Saddam Hussein was on the run. With his chain of command eliminated, traditional intelligence efforts to track him down were failing. Col. James Hickey, U.S. Army, heading the intelligence operation to find Saddam, determined that the reclusive Iraqi dictator only trusted and communicated with family members of his own tribal group. As Hickey said, “We built a fairly elaborate estimate of who Saddam’s supporters were in the area; though it did provide security, it also worked against them. Once we learnt who did what, it allowed us to work against them.”¹

Hickey and his team were using a nascent form of Social Network Analysis (SNA). In its purest form, SNA relies on examining the linkages between people and places within a defined group or locality in order to deduce the key decision makers or vulnerable links and where they are located. In this case, it was the pinpointing of Saddam’s chauffeurs that led to his historic capture.

Figure 1

Social Network Analysis

Social Network, or Link, Analysis distinguishes between the friendly, hostile and neutral players who populate the ‘human terrain’ where modern counter-insurgency operations take place. Formerly a paper-driven exercise involving considerable resources, it was largely confined to headquarters’ intelligence staffs rather than front line units. By automating the process it is now possible to map linkages between thousands of intelligence sources simultaneously from routine patrol contacts, electronic warfare intercepts, aerial surveillance and other sources.

Analysts can then identify key nodal points in the decision-making or communications network (Figure 1) in near real time. A recent trial of SNA² demonstrated that it can now be used by front line units to cope with a complex human terrain consisting of multiple actors with differing agendas. “Counter-insurgency operations are complex to say the least; gone is the conventional red and blue intelligence picture. [With SNA] we can operate in a complex human terrain comprising multiple actors and a constant stream of intelligence.”³

Using only a standalone SNA solution, the unit concerned was able quickly to build up a comprehensive ‘Who’s Who’ of people populating their tactical area of responsibility, establish linkages between people and places, pinpoint key decision makers and predict potential firing points – all in near real time.

Linking this capability with compatible databases and geospatial systems makes it even more effective. And the increasing reach and bandwidth of the Afghan Mission Network (AMN) now offers the prospect of networking this capability to operational headquarters, achieving a common intelligence platform operating from tactical to strategic levels with SNA as a key element. Information superiority is at last becoming a realistic and achievable goal in the war against terrorism.

Network Defence

As military systems and civilian society become more networked, they become more vulnerable to exploitation and attack. In World War II Hitler sought to undermine the UK’s Critical National Infrastructure (CNI) by kinetic aerial attacks on its cities and industrial bases. The modern equivalent would be a cyber attack on our computer networks or exploitation of the Internet. We don’t have far to look for a military example. In July 2008 Ossetian rebels provoked a conflict with Georgia; and Georgia countered with its own air strikes and a ground invasion.

The Russian army responded in force, ejecting the Georgian army from South Ossetia. An integral part of this response was cyber warriors striking on the virtual battlefield, using denial-of-service attacks to shut down Georgian government websites, disrupt Georgian financial institutions and block Georgian access to the outside world.

Recognising that Cyber is becoming the fifth dimension of warfare (after Land, Sea, Air and Space) the UK Government has committed more than £600M to Cyber Security. While it was one of the few growth areas in the Strategic Defence and Security Review (SDSR), details have yet to emerge about precisely where those funds will be invested. Identifying specific cyber threats is not as clear-cut as kinetic warfare because of anonymity. Identifying who is initiating the attack, and where it is coming from, will be the key challenge. This is where SNA and link analysis techniques can come to the forefront, identifying key linkages and the source of the attack.

Sources:

¹ “I am Saddam Hussein the President of Iraq and I am willing to negotiate,” The Guardian, 16 December 2003.

² Ist Battalion Royal Gurkha Rifles (1 RGR) used off-the-shelf stand-alone Analyst’s Notebooks from i2 on their recent deployment in Helmand Province, Afghanistan.

³ Major Shaun W Chandler, 1 RGR.

Led by Brian McIlravey, co-CEO of PPM 2000, and i2’s Mark Massop, Director and Solutions Specialist, the webinar demonstrated how the products significantly reduce the time and effort required of analysts to turn routine data into actionable intelligence – the key to any successful investigation.

Whether countering cybercrime, investigating fraud or monitoring terrorist networks, time spent combing through case summaries and databases is time lost as illicit activity continues. By transforming routine information in flat reports into visual elements that can easily be analyzed, i2 and PPM’s combined solutions equip analysts with the tools needed to swiftly navigate data, identify relationships and present actionable intelligence to prevent and/or mitigate incidents.

The integration of these solutions will help customers protect their bottom lines, their reputations and most importantly, their customers.

As the former CIO of the Los Angeles Police Department, I’ve had the privilege of being part of the security infrastructure for many large gatherings – the Academy Awards and the NBA Finals at Staples Center to name a few. The planning and coordination among many law enforcement agencies is critical to the success of securing any event of this scope.

The Texas fusion centers play a centralization function by coordinating all the intelligence about localized incidents and suspicious activities. Fusion Centers can coordinate all the various organizations that will be providing security and information. It’s critical to not only prepare for any scenario and have all the tools in place should something occur, but also ensure the safety of those in attendance. Sophisticated analytical tools that can make non-obvious relationships among a deluge of data bring tremendous value to the intelligence analysts who are monitoring for any potential threat and can be acted on if necessary.

Lt. Todd Thomasson of the Dallas Police Department puts it best in describing the Fusion Center as a resource that “will give us situational awareness if crowds are getting big, getting out of hand or if there’s a fight and we need to apply additional resources.”(1)

The Fusion Center will be looking at a variety of sources — confidential, public, open source, and more. My bet is that they will monitor and analyze any threats that may be coming in and reviewing security measures in place.

Consistent with the security operations infrastructure now common to all major sporting events, that being put in place leading up to Super Bowl is a massive, collaborative, behind-the-scenes undertaking involving dozens of law enforcement agencies and the most advanced intelligence technology. The planning began more than a year ago. Fusion Center analysts are in close cooperation with their colleagues at the Dallas Police Department, the Arlington Emergency Operations Center, as well as the Department of Homeland Security and the FBI. Working together, they will play a pivotal role in sifting through copious amounts of data in monitoring for and taking action to deter potentially disruptive scenarios.

My prediction for the game itself …. one team will win.

(1) “Fusion Center gives Dallas officers bird’s eye views during Super Bowl,” WFAA.com, January 27, 2011.

As White House Cyber Czar Howard Schmidt pointed out at an Infragard Alliance breakfast in late January, the technology and capabilities available on mobile devices are way ahead of the current state of security, presenting a high value target for hackers, criminals and terrorists.

For example, applications like Venmo and Bump facilitate payments from mobile devices by linking to bank and credit card information and transmitting payment data via barcodes on the screen, by infrared or by NFC (near-field communications). Starbucks has already made available to customers its own iPhone payment application.  

“These tools [mobile software apps] have historically weak coding and security practices, and will allow cyber criminals to manipulate a variety of physical devices through compromised or controlled apps,” wrote McAfee Labs in the report, adding that many end users do not realize their mobile devices are full-blown computers and they are connected to a network.

Certainly the implications for consumer fraud are rife. More alarming are potential threats to national security and critical infrastructure. The U.S. Army just announced its intention to equip every soldier with a smart phone, and software maker Indusoft recently introduced a SCADA (Supervisory Command and Data Acquisition) application for iPhone, iPad and Blackberry allowing a wireless mobile interface with computer networks that control such critical infrastructure as energy and water facilities.

Dave Marcus, director of Security Research and Communications at McAfee, suggests that for end users, the best defense against mobile cyber crime is knowing your device, knowing what security settings you should have in place, and most importantly knowing what the applications you are using are actually doing. For instance, while end users may be aware that mobile apps can expose privacy and identity data, many users may not be aware that when they post to social networks, send e-mail or perform other seemingly benign activities, many devices are simultaneously transmitting GPS data so that hackers can instantly learn their physical location in addition to whatever else they may be attempting to do.

A byproduct of Twitter for instance – and other limited text communication environments popular on mobile devices – is tiny urls.  Using hyperlink embedding to transmit a longer potentially malicious URL, they are not as easily recognized by users or security software, and are currently capable of bypassing a wide range web filtering countermeasures.

Cyber criminals are targeting more Apple devices in 2011 as their popularity grows in business environments. The use of Botnets, which have now evolved to be capable of swiping data directly from computers vs. simply hijacking them to send spam, will become a common occurrence on Apple platforms in 2011 according to McAfee.

As technology and utilization continue to leapfrog past security, there are nonetheless progressive tools becoming available to help investigators stay ahead of threats by automating and expediting what was once a largely manual process, one which did not easily allow for the pooling and comparison of data from multiple devices.

 To learn more about these tools, attend the upcoming webinar “Mobile Telephony: The Next Wave in Cyber Crime” on Feb. 9.  For more information, visit www.i2group.com.