How Maritime Geospatial Analysis Helps Identify Asymmetric Threats

Geospatial analytics help identify asymmetric threats by leveraging AI and near real-time data analysis


By CAPT. Jatin S. Bains, Merchant Mariner; CDR (U.S. Navy Intelligence Retired) Dennis Pendergist; and CDR (Indian Navy Intelligence Retired) Shishir Upadhyaya, Ph.D.

The Challenges

Earth observation and remote sensing in the maritime domain cover 70 percent of the Earth’s surface, where almost every conceivable illegal and legal activity occurs. The maritime domain is also home to the movement of more than 90 percent of world trade. National exclusive economic zone boundaries are widely recognized by the United Nations. Furthermore, low Earth orbit (LEO) satellites are widely used for remote sensing with automated identification system (AIS), optical, radar, and signals intelligence (SIGINT) payloads. The maritime domain hosts approximately 250,000 compliant surface craft and approximately 250,000 quasi-compliant surface craft. In other words, up to half and maybe more of the vessels on the sea who should follow specific rules and regulations dealing with identification and intent on the water do not do so continuously.

In reality, a non-state nefarious actor can proceed undetected since mandatory platform AIS transmissions rely on self-governance and can be spoofed, hacked, or even turned off.  According to a November 11, 2015 article by, one study conducted in 2013 suggests that nearly one quarter of all AIS-equipped vessels have AIS turned off at least 10 percent of the time, hiding the vessel’s true location. Other sensors such as optical, radar, and SIGINT can mainly validate geo-location, which also depends on data latency. The concept of Identification Friend or Foe on surface combatants is a well-designed process with suitable sensors. This article highlights that nefarious actors are readily capable of launching asymmetric attacks since the platforms used are mainly unregistered, non-compliant, and typically fail to follow International Maritime Organization regulations.

Numerous entities continue using efforts such as manual sightings to signal triangulation to create an extensive database of ship movements. Likewise, numerous efforts have been undertaken to build a database of crafts used in illegal fishing. In today’s world, non-state actors are challenging nation states, institutions, and private enterprise through a wide range of overt and covert activities. These are referred to as “asymmetric” or “hybrid” threats/warfare, and the maritime domain has proven especially vulnerable. As we continue to see in the South China Sea, a hybrid approach lowers the chance of criminal or militant actors being interdicted because of the miniscule chance of being identified or tracked in the vast maritime domain. This phenomenon requires a whole of government approach to access the necessary means and authorities to address these types of threats. Thus, asymmetric or hybrid threats are best understood when framed as an attack on governance.

Transnational, non-state actors such as ISIS use subtle, far-reaching, and opportunistic methods including legal trade. In other cases, they can be more brazen, but operate in a gray zone where the affected state has few response options without escalating the situation into an armed conflict. In general, governments and institutions with weak governance are more susceptible. Corruption, low levels of public trust, ineffective law enforcement, poor border and port security, weak security protocols for critical infrastructure, and a lack of cooperation between the government and the private sector increase vulnerability.

Threats to maritime security have always existed but modern communication, online banking, supply chain visibility, and other factors have allowed asymmetric and hybrid threats to be weaponized against globalization. It is important to understand that more than 75 percent of global critical infrastructure (offshore oil wells, drilling rigs, floating liquefied natural gas platforms, seaports, offshore pipeline loading arms, etc.) are owned by the private sector. Geospatial analytics help identify asymmetric threats by leveraging artificial intelligence (AI) and near real-time data analysis.

  • This article is part of USGIF’s 2019 State & Future of GEOINT Report. Download the PDF to view the report in its entirety. 

Databases and Sensors

Numerous databases and sensor systems are available with various methods to cross-reference and identify surface craft. The emerging source of data is open-source intelligence (OSINT), which is often derived from unstructured data available on the internet or via other reporting mechanisms. The large swath of geospatial data has often existed in silos due to classified sensor data being handled differently than unclassified data in an effort to protect sources and methods of data collection. It is widely acknowledged that a significantly lower percentage of data is now classified than compared with the pre-internet era as a result of today’s pervasive and fungible nature of data and access. The recent emergence of LEO payloads and the geospatial data they deliver are providing multiple opportunities to integrate and merge sensor with non-sensor data.

Efforts such as the Department of Justice-led SeaHawk Task Force in Charleston, S.C., the Joint Interagency Task Force South (JIATF South) in Florida, JIATF West in Hawaii, the Maritime Security Task Force in Singapore, and the Naval Coordination and Guidance for Shipping in Bahrain are all examples of fusion or data integration entities intent on identifying threats. These entities have mostly been successful and led to improvements in the ability to mitigate a number of asymmetric and other potential maritime-related threats.

Data collection has become a pervasive and a substantial part of OSINT. For example, piracy data can be obtained via nefarious maritime events reported in local news or bulletins. Or there is the emergence of social media postings and other data streams generated around illegal fishing, hijackings at sea, United Nation sanctions, etc. Other subject matter experts have said that the substantive amount of volunteered geographic information available leads to a host of AI rules facilitating geospatial intelligence (GEOINT), which leads to improved maritime domain awareness for stakeholders.      

The Rise of Non-State Actors

In the new era of global finance, big data, and mass migration, the principle of territorial sovereignty agreed to at the Treaty of Westphalia in 1648 is under threat. The early 20th century brought western nations to establish a set of national values—defense, taxation, and law, among others—that gave governments substantial control of national identity. The world has now evolved to the point which big data companies such as Google, Amazon, and Facebook have assumed many functions previously associated with the state, from cartography to tracking.

In the past few decades, more countries are going the way of Yemen, South Sudan, Syria, and Somalia, and are flush with opportunities for nefarious non-state actors. The political technology is charismatic religion, and the future they seek is inspired by the ancient golden empires that existed before the invention of nations. It is in the world’s most dangerous regions that today’s new political possibilities are imagined. Recognizing that the non-state actor has substantial tools available to them and that global data is ubiquitous and fragmented, it is reasonable to assume that stakeholders such as navies, coast guards, and marine police units do not have near real-time actionable intelligence to understand intent, mitigate asymmetric threats, and react. This discipline is operationally called maritime domain awareness or maritime security, and is guided by AI and big data analytics.

Ascertaining Intent

Ascertaining intent is possible by deciphering the quantum of reliable, real-time, and single source data using AI, machine, and deep learning in a cloud-based environment where data from multiple sources can be correlated and analyzed. This enables the capability to establish change detection conditions for a defined area of responsibility or interest. Movement of regular trade is historically captured and object detection algorithms on synthetic aperture radar (SAR) data reveal where non-compliant targets that do not transmit, spoof, or hack identification signals are located.

A good example is the unusual movements of small craft in the Sulu Sea between Sabah, Malaysia, and Mindanao, Philippines, where the terrorist group Abu Sayyaf is known to be active. When change detection algorithms observe an increase or decrease in the non-compliant cluster, they can reliably predict that nefarious activity is imminent. Utilizing these methods, the entity is then able to establish, in near real-time, maritime domain awareness including the monitoring of intelligence triggers such as governance, proliferation, etc., that alert us to the prospect of nefarious activities by non-state actors.

To reach a conclusive state of reasoning, we must first be able to corroborate and validate conditions when such clusters appear, for example, when an oil tanker (candidate for piracy) passes, when a slow-moving tug and barge unit (candidate for commodity theft) passes, when a cruise ship passes, or when the U.S. Navy undertakes a scope of Freedom of Navigation Operations. We will then be able to query a library of optical and SAR imagery, each with metadata outlining the state of the area of responsibility and interest. The resultant spatiotemporal heat maps are able to position valuable insight when a commander is evaluating near real-time situational awareness from single-source data based on the commander’s concept of operations. Ascertaining intent is further validated with numerous other data attributes from satellite sensors such as speed, course, length, and track. We believe spatiotemporal threat reasoning will become the primary model for ascertaining levels and types of asymmetric threats.

Operational Benefits

It must be acknowledged that the blockchain revolution has just begun. Blockchain is a type of distributed database that allows untrusted parties to reach consensus on a shared digital history without a middleman. It is considered to be incorruptible. A distributed database eliminates a single point of attack and makes blockchain a highly secure and reliable source of truth. This is an important point for stakeholders such as navies, coast guards, and marine police who need to validate the security risk of unknown entities.

The value of the discussed blockchain methodology in theater is multifold:

  • Largely eliminates data latency.
  • Provides near real-time management of compliant and non-compliant targets in theater.
  • Provides a model for creating a library of non-compliant “dark objects.”
  • Provides an extensive library of maritime (non-naval) threats in theater.
  • Generates intelligence on demand for any designated area of responsibility and/or interest.
  • Empowers in-theater GEOINT analysts with near real-time and more comprehensive tipping and cueing.
  • Allows the commander to create mission-based rules on demand using near real-time, single-source data.


The emergence and integration of mature commercial geospatial and non-spatial capabilities allows us to address asymmetric threats in theater and in near real-time. A sizeable advantage of commercially available capabilities helps improve GEOINT collaboration with coalition partners. Those valuable data nuggets come from diverse sources and collectively define, corroborate, and validate the mosaic. The art of ascertaining context and intent is not opaque but a rigorous process of defining spatiotemporal threat modeling. The emerging space-based Earth observation marketplace is unprecedented in size, scale, and vision, with the expressed intent to provide timely geospatial information and analytics to the world.

Discussion is taking place among government geospatial analysts to determine how commercial remote sensing imagery, analysis, and services can be best applied to support U.S. government missions. What is needed to achieve an optimal mix of OSINT and GEOINT data for all U.S. government users? What regulatory impediments remain for the commercial Earth observation community to fully support U.S. government needs? Likewise, it is reasonable to expect the intelligence, surveillance, and reconnaissance enterprise to work hand-in-hand with the broader Intelligence Community, embrace commercial space capabilities, and integrate them with decision support systems across all echelons.

It is undisputed that the demand for timely, relevant, accurate, and customized geospatial products has exploded. The growth in demand has coincided with the emergence of global architectures such as Amazon Web Services, which is poised to move data to customers with almost no time delay. The customer base, now composed of both government and coalition government entities around the globe, has pushed commercial, space-based GEOINT providers to develop machine-to-machine algorithms to almost instantly process and analyze data streams, then produce customized contextual results based on stakeholder needs. This has been coined Actionable Information as-a Service (IaaS), available on demand anytime and anywhere via an internet browser.

Headline image courtesy of U.S. Navy.

, , ,

USGIF Publishes GEOINT Essential Body of Knowledge (EBK) 3.0

Herndon, VA, (May 2, 2024)—The United States Geospatial Intelligence Foundation (USGIF) is thrilled to announce the publication of its Geospatial Intelligence (GEOINT) Essential Body of Knowledge (EBK) 3.0. The purpose of the EBK is to define and describe the GEOINT discipline and to represent the essential knowledge, skills, and abilities required for a GEOINT professional to…

GEOINT Lessons Being Learned from the Russian-Ukrainian War

The Ukraine war shows lessons that the U.S. Geospatial Intelligence (GEOINT) community can observe, learn, and consider an incentive for change


USGIF Welcomes Gary Dunow as New Vice President for Strategic Development

Gary Dunow is joining the Foundation as Vice President for Strategic Development