A Better Toolbox

Analytic methodology has evolved significantly since the Cold War


Analytic methodology has evolved significantly since the bipolar standoff between the East and West that was the Cold War, during which intelligence collection targeted specific objects that were easy to find but difficult to stop—tanks and other armored vehicles, naval ships and submarines, and planes.

As intelligence has shifted its focus from these specific objects to the actions and movement of individuals, the emerging concept of activity-based intelligence (ABI) has generated significant buzz throughout the Intelligence Community. Robert Zitz, a former senior executive with NGA, NSA, and the NRO, described ABI as a “natural evolution” that has taken place since the Cold War.

“In the past you knew what to look for and where to find it,” Zitz said.

With ABI, data on activities and transactions is collected over a larger area, and often stored in a database to be discovered at a later date.

During the Cold War, Zitz said, intelligence methodology was a serial, collection-driven process with analysts at the end of the chain. Today, the methodology has shifted to a non-linear strategy for seeking unknown unknowns, throughout which analysts are significantly more involved in the collection process.

Scott White, vice president for intelligence with Northrop Grumman and the former associate deputy director of the CIA until 2010, explains ABI as a methodology where analysis drives collection focused on activity and transactions.

“ABI is not a new concept,” White said. “It’s been used in the past in the Intelligence Community in pockets.”

Although most Cold War intelligence initiatives were a stark contrast to the modern ABI methodology, the foundation of ABI actually goes back as far as the Cold War, according to White. He referred to the Navy’s pioneering Sound Surveillance System (SOSUS), a persistent underwater sonar system used to track the activity of submarines during the ’70s and ’80s, as an example.

The forward-thinking, persistent technology deployed with SOSUS was a preview of today’s full-motion video (FMV) technology that has brought ABI to the forefront, White said. He added that operational strategy has shifted from an emphasis on reconnaissance to surveillance with the advent of irregular warfare.

As FMV capabilities have become more readily available with the increasing popularity of UAVs, other open source information outlets such as social media have exploded as well, driving an exponential increase in the amount of useful data. Meanwhile, data storage architectures such as cloud computing, and data analysis tools such as high-speed processing and complex algorithms are beginning to catch up with the data deluge.

“The evolution of the needs met the evolution of the technology,” Zitz said.

As this perfect storm brews, ABI was a common theme on the main stage in October at the GEOINT 2012 Symposium, with many in the Community seeking to understand what exactly ABI is, why it is such a hot topic, and how to gear up for this impending sea change.

Analysis Driven

Zitz, who is now senior vice president and chief systems architect with SAIC’s ISR group, points to special operations forces deployed to Iraq and Afghanistan following 9/11 as one of the driving factors to what has evolved into ABI.

“Special operations were not only melding SIGINT and GEOINT, but then bringing in HUMINT and OSINT,” Zitz said. “How they evolved in terms of their needs and uses of
integrated intelligence, this has really evolved into this methodology called ABI.”

Meanwhile, a group of GEOINT analysts deployed to Iraq and Afghanistan began pulling intelligence disciplines together around the 2004-2006 timeframe, according to Dave Gauthier, chief of strategic capabilities in the office of special programs at the National Geospatial-Intelligence Agency (NGA), and also the agency’s lead for ABI.

These analysts hit upon a concept called “geospatial multi-INT fusion,” Gauthier said, through which they pulled together data from various intelligence disciplines into one large database, recognizing that the one field all data had in common was location.

This database could then be queried when new information came to bear, and used to connect locations and roll up terrorist networks, a process that was recently coined “geo-chaining,” Gauthier added.

“It’s the way to understand the network when you look at location,” he said.

Over time, analysts built up a training process around geospatial multi-INT fusion and geo-chaining, and continued to develop and prove the methodology, Gauthier said. This evolved into the building blocks for ABI.

However, analysts using ABI are often faced with the challenges of “the four Vs:” volume, velocity, variety, and veracity of the data.

“ABI is a way to overcome that and turn big data into an advantage,” Gauthier said.

Although many in the Intelligence Community are still hesitant to declare a formal definition for ABI, there is no disputing that the development of the methodology is being fueled by the need to process big data.

“Volume must become our friend,” said Michael Vickers, undersecretary of defense for intelligence (USD(I)), during a keynote address at GEOINT 2012. “Our goal is not to miss anything, and large volumes of data support that goal. We just need to make sure that our enterprise infrastructure supports the provisioning of volume and variety of data we need, at the velocity we need it, to the right people or machines.”

In 2010, USD(I) released two strategic guidance papers on irregular warfare and human terrain, with much written about ABI, defining it as a discipline of intelligence where the analysis and subsequent collection is focused on the activity and transactions associated with an entity, population, or area of interest.

However, this definition is considered slightly outdated by most experts in the burgeoning field, if only because it refers to ABI as an intelligence discipline rather than an analytic methodology. But what’s the difference?

Jeff DeTroye, who retired in September as the commander of the ground station at the National Reconnaissance Office’s ADF-East facility, views ABI as a new toolbox to tackle any intelligence problem.

From DeTroye’s perspective, ABI is a methodology that can be deployed across disciplines, rather than a discipline in itself.

“If you turn it into a discipline then not everybody’s using it,” DeTroye said.

In the Army, ABI is yet to be recognized as a doctrinal term, said Maj. Gen. Stephen Fogarty, Commanding General of the U.S. Army Intelligence and Security Command, during a breakout session on ABI at the GEOINT 2012 Symposium.

“Currently, if you look through an army manual or joint pub you won’t see ABI in there,” Fogarty said.

Instead, the principal related issues the Army is focused on are real-time intelligence collection and fusion, Fogarty added.

“Whatever we call ABI, it has to sense the activity that is important to us, it has to be delivered in a format and in a timeframe that allows decision makers to decide and be able to act,” Fogarty said. “Otherwise all we’re going to do is shoot behind the rabbit or we’re going to be late with whatever our humanitarian mission is.”

Let the Data Find You

Despite lack of an official and uniform definition, there is a strong consensus emerging throughout the Community as to the components, or pillars, that comprise the ABI methodology.

Dr. Patrick Biltgen, a senior mission engineer for BAE Systems in its GEOINT-ISR sector, said that while the concept of ABI may be difficult to articulate, the approach is much easier to grasp when seen in action.

“I think people are trying to redefine ABI,” Biltgen said. “But the practitioners of ABI say, ‘I know unequivocally what it is because I’ve been doing it.’ If you’re saying we need to define it, I don’t think you understand it. It’s a very simple concept.”

The first main component of ABI is “geo-reference to discover,” which means persistently collecting data on activity and transactions over a broad area or with a variety of sources, then storing it in a database to be discovered later when it intersects with other data.

“Everything happens somewhere and if you can visualize that and understand it, then trends and patterns in the network start to jump out,” Biltgen said.

NGA’s Gauthier describes this component as allowing the data to find you.

“By recording this activity in bulk, we can look for unknown unknowns,” Gauthier said. “That basically means unknown targets with unknown behaviors.”

He compared the process to the massive fingerprint database used by law enforcement.

“That is the concept of building your database for when you need it in the future,” Gauthier said. “They’re not relevant now, but someday they might be relevant to solving a case that we haven’t thought of yet.”

An operational example of this could be using wide-area motion imagery to process vehicle tracks and capture and store data such as the license plate of every vehicle in Baghdad.

“Most of them may always be irrelevant, but there’s the idea that some of them will be relevant in the future when an event happens,” Gauthier said.

The second concept in the ABI methodology is “sequence neutrality,” which also draws upon forensics by looking for clues in the data, both backward and forward in time.

“We usually expect things to go A to B to C,” Biltgen said. “In ABI it doesn’t go like that. We get the data but don’t know what it means. We might tag it and set it aside. Sometimes the answers come in before the questions.”

White said the sequence neutrality component represents a shift away from the traditional paradigm of the tasking, collection, processing, exploitation, and dissemination intelligence cycle. Instead, he said, ABI takes a more analytic-centric approach focused on defining the activity being sought, orchestrating a collection suite, and executing.

In other words, seeking “temporally and spatially what activity is going on in that particular space on earth rather than at just one point,” White said.

Dr. Eileen Preisser, director of the Air Force GEOINT Office at NGA, said ABI methodology is still emerging in the Air Force as her office works with its development at NGA, and the benefits of these key components are beginning to be recognized throughout the service.

“Big data is how we empower non-linear analytics,” Preisser said. “That crazy stuff I collected today in some remote corner of nowhere may be the golden ticket for an analyst in several years or several hours.”

The third component to ABI is “data neutrality,” or the idea that all data is good and not to be biased toward any one data source. Usable data encompasses a full range, from open source intelligence, such as information derived from social media, all the way to the most closely held human intelligence-derived information.

“This is one of the hardest things for the Community to deal with—the notion that all data is equal,” Biltgen said.

With the ABI approach, disparate data is pulled together to understand what’s going on, meaning a particular data point may not reveal itself as “good” or “bad” until later on.

A fourth component that isn’t discussed as often, but is also critical according to Gauthier, is knowledge management. For example, when the ABI methodology is used to uncover associations in data or discover a network, it is important to capture the network in a knowledge system using smart metadata tagging.

“One of the things I’m frustrated with in the intelligence business is we usually capture that knowledge in a written product,” Gauthier said. “You require someone to go read that product to bring it back out…We have technology and software now that lets us do that, so we should be using it.”

Enabling the Methodology

The strategy of cross-referencing data from various sources and treating data from all sources as equal is not only inherently multi-INT, but it is also
creating a chicken-or-the-egg conundrum with regard to intelligence integration. Is ABI driving intelligence integration or vice versa? Does the answer even matter?

White predicts the correlation of data from various sources will continue to grow over the next few years, eventually to the point where collection systems will be able to tip one another automatically and sensors will be much more finely tuned.

“ABI is a catalyst for intelligence integration,” White said.

Conversely, DeTroye described intelligence integration as a “major enabler” of ABI, adding that as recently as 10 years ago the Community wasn’t ready to exercise the level of collaboration necessary to execute the methodology.

“If you’re not willing to collaborate across stovepipes, the concepts of ABI simply won’t work,” DeTroye said.

Zitz sees the Intelligence Community Information Technology Enterprise (ICITE), a recapitalization of the intelligence IT infrastructure set to occur between 2013 and 2018, as “absolutely critical” to taking ABI to the next level. ICITE aims to consolidate the architectures of the CIA, NSA, NGA, DIA, and NRO to reduce cost, better protect the data and the network, and deliver a multi-INT-enabled environment.

“ICITE will power multi-INT, and multi-INT powers ABI,” Zitz said.

During his keynote address at GEOINT 2012, Director of National Intelligence James Clapper referred to ICITE and ABI as two big ideas for the future of the Community.

“As we execute [ICITE] we’ll save a lot of money,” Clapper said. “Maybe more importantly, the Intelligence Community will be able to take intelligence integration to the next level as we transition from an individual, agency-centric IT model to an enterprise model that shares resources and data.”

He later added that future generation architecture would enable ABI.

“Instead of predicting where we should look tomorrow, if we can respond on a quick cuing and tipping basis, that is what activity-based intelligence is all about,” Clapper said. “In other words, be cued and then have the agility and capability to respond to those cues.”

Advancing Tradecraft

Perhaps just as important as sharing information across intelligence disciplines is enabling individual analysts to share intrinsic knowledge with one another, according to Gauthier. NGA is embarking on a quest to store that intrinsic knowledge in a database so that others may discover it and collaborate.

“ABI is a new emphasis on a methodology that people have been using for a long time,” Gauthier said. “We’ve just put the entire burden of doing this on the analysts in the past. Good analysts naturally will study data and make inferences about activity and then use those inferences to understand the behaviors and patterns of what’s going on.”

Over many years, analysts develop inherent knowledge of their targets, as well as a deep understanding of what’s related to what, Gauthier said. Typically, when analysts make a database remark about a significant activity, it is because they’ve witnessed something that crosses their mental threshold for a target they’ve monitored for so long.

“If analysts can consistently record the activity they observe in data or imagery and what they’re focused on mentally, there may be another target and 20 different things they look at every day,” Gauthier said. “If it’s something significant, they write about it, otherwise they don’t. We want to know what those other 20 things are.”

In other words, what was it about those other 20 things that the analysts knew made those targets insignificant? If this is recorded more regularly, a history of such knowledge can be built and handed down over time. This knowledge can also be turned into useful data for the high-powered computing and analytics that industry can now provide, allowing computers to search for the anomalies that humans might overlook.

Mark Lowenthal, president of the Intelligence and Security Academy, which provides education, training, and consulting in analytics, said it is important to dedicate resources to training analysts in how to use ABI methodology and FMV to their advantage, without becoming too dependent on the data.

“One of the major problems in the Intelligence Community is that analysts usually do not get much training in how to use collection sources, especially new collection sources,” Lowenthal said. “As useful as ABI is for a certain set of issues, it would be more useful if time was devoted to teaching analysts how to use this intelligence in their product. It’s equally important for analysts to figure out what ABI’s limitations are so they don’t become over-reliant on it or expect it to do things that it can’t do.”

Preparing for Change

Many experts say the government is still in the early stages of communicating to industry its needs and expectations for ABI, but that lately that communication is becoming more clear. In particular, the many discussions of ABI at GEOINT 2012 emphasized that the methodology is about the data.

“We need the standards applied to the data, regardless of what the source or sensor is,” Gauthier said. “We need smart data and I think there are standards for that for industry to look at…Now industry can begin to write applications tailored to those concepts.”

Not only can such algorithms used to parse data in ABI help make analysts more efficient and direct their attention toward true analysis rather than research, they can also address the issue of scaling.

“We can no longer hire more analysts just because we have more data,” Gauthier said.

White described ABI as a way to “transfer the workforce to something that’s more 21st century-based given the data sources we have, and the way that IT is able to process the information.”

This can be done through the development of machine-to-machine interfaces that re-task and correlate data automatically without humans in the middle, as well as the metadata tagging necessary for such correlation, he added.

“That’s where industry comes in,” White said. “The challenge for industry is how do you develop the technology to be able to take all those collection systems, correlate this data, and make it easily available for the analysts.”

While industry begins to grasp this analytic methodology and innovate to meet its requirements, it’s up to the ABI leaders in government to drive the cultural conversation about this non-traditional, integrated strategy.

“The government has got to be willing to make changes required for security policies and culture changes to ensure that these needs and this architectural and technological change is not only asked for by decision makers, but is embraced by the managers and the workforce,” Zitz said.

Biltgen described ABI as on par with the spy technology often portrayed by Hollywood, generating greater appeal among younger analysts who seem to pick up the concept quickly.

“People are really getting into it,” Biltgen said. “It doesn’t look like a bunch of dudes in skinny ties bending over a table. It looks like something cool and futuristic that’s helping us solve hard problems.”

NGA Director Letitia Long also referenced ABI as a major change to the agency’s analytic approach during her keynote speech at GEOINT 2012. Long noted that culture is one of the biggest challenges when asking people to work together to approach problems from a different perspective.

“But I will tell you, when folks are seeing change and see what’s being delivered almost on a daily basis, the culture isn’t as hard as you might think,” Long said.

Location Nation

In just a few short years, LBS has changed the way the world thinks about and interacts with place

Success Left of Zero

The significance of human geography before and during conflict

, ,

The Science of Certification

Developing performance standards for the GEOINT community