Several specific and new requirements have been given to the national security community as part of the White House review of security and intelligence systems following the attempted terrorist attack on Christmas day. Collection, processing, organization, and dissemination of information is a priority in the new requirements.
This post provides an articulation of some of the technology dimensions of the challenge our nation’s counter terror IT systems must surmount. It will be followed by a post on ways to transform the challenge into design criteria.
The accompanying post is available at: Enhancing IT Support to the Counter Terror Effort: Design Criteria
The Situation:
The White House review of the Christmas Terror attack concluded that “Our ability to protect the U.S. Homeland against terrorist attacks is only as good as the information and analysis that drives and facilitates disruption efforts.”1 The summary also underscored that the amount of information being analyzed is growing dramatically, and challenges exist in bringing the many disparate pieces of information about individuals, groups and vague plots together to form a clear picture about our adversaries.
The White House summary report also gives a finding that intelligence analysis failed because the counter-terror community did not identify, correlate and fuse into a coherent story all of the discrete pieces of intelligence held by the US Government. Additionally, shortcomings were seen in the watchlisting system where the counter-terror community failed to identify intelligence in US government holdings that would have potentially prevented an aircraft boarding.
Another key component of the current situation is that technology impediments to information sharing have, for the most part, been addressed. There are certainly still technology challenges in information sharing, but there has been tremendous progress.
Other key observations:
- During the weeks prior to this particular event, information was available to analysts, but it was “fragmentary and embedded in a large volume of other data.”
- The report also indicated that confusing delays and mistakes were made in part because of name misspellings.
- The report finds that NCTC and CIA personnel responsible for watchlisting did not search all available databases to uncover additional derogatory information that could have been correlated to reach a better awareness of the situation.
- Information Technology in the counter-terror community was highlighted as a challenge: “Information technology within the counter-terror community did not sufficiently enable the correlation of data that would have enabled analysts to highlight the relevant threat information.” There is an important nuance to understand here. The big challenges in IT in the community are not those surrounding information sharing, they are the ones surrounding correlation and information extraction. Information sharing is critical but not sufficient. The reason to share is the important thing. The community must share in for a variety of reasons including data correlation, better awareness, better analysis or to drive actions (including more focused collections). This reason for sharing is more important than simply moving data.
The President’s Directive:
On 7 January 2010 the President signed a directive on corrective actions flowing from this review.2 The directive mentions several technology related actions, including:
- The Department of State is to determine how technology enhancements can strengthen visa-related business processes.
- The Department of Homeland Security is to aggressively pursue enhanced screening technology. This does not appear to be limited to just physical screening. The use of information on passengers during the screening process and IT to support that is a clear option.
- The Director of National Intelligence is to accelerate information technology enhancements, to include knowledge discovery, database integration, cross-database searches, and the ability to correlate biographic information with terrorism-related intelligence.
The Challenge:
As noted throughout the White House review, the most significant, most crucial element in our nation’s counter terrorism system is the human element. Humans are our only chance at success here. But we have to address the fact that humans were called out in the review as having failed to search every database. This sounds intuitively true and is a statement that can likely be made about every event past present and future. Systems that must rely on people asking every possible question of every possible database cannot scale and will not operate on a time scale required by the counter-terror enterprise. Those systems are asking people to do things they are not good at.
Things humans are good at include assessing relevance and full context of information. Only people can conceptualize the realm of possible threats. Only humans can imagine and as noted in the 9/11 Commission Report, failures of imagination have been at the core of our failure to anticipate.3 Only humans can act on data. And only humans can design IT architectures to ensure success.
Computers are far better than people in searching, correlating, moving, storing and disseminating information. When properly designed, developed and configured, IT serves humans by helping them discover, interact with and create new information. Computers are also critically important to the widespread and rapid dissemination of newly created content.
When computers are used for things they are not good at and when humans are used for things they are not good at, the entire system becomes sub-optimized. IT can become part of the problem vice a solution. By providing too much data in the wrong context and by forcing humans to deal with algorithms and applications not scalable to or relevant to the data the entire enterprise human-computer system is weakened. A key component to solving the challenge, therefore, is to design systems where humans do what humans do best and computers do what computers do best.
Another significant challenge associated with counter terrorism is the requirement to avoid enterprise amnesia.4 This construct examined by data system architect/entrepreneur Jeff Jonas refers to the too common situation in enterprises where one part of the organization does not know what the other part knows or forgets that it ever knew. To avoid this, systems must be designed in ways that identify when data entering the enterprise relates to something already known. A closely related construct is the temporal version of enterprise amnesia, the situation in an enterprise where it is forgotten that someone asked a question. Systems that are designed with the assumption that the data will show up before the query are flawed, and that seems to be the design of most modern data systems.5 Systems for the counter terror community must include means to ask a question and then if any data ever enters the system that answers that question an alert must be generated.
These many challenges have been articulated for the record by officials in the executive branch and by legislators, including wide-spread recognition on the challenges of information overload and the inability of standard “google-like” search to keep up during the United States Senate Committee on Homeland Security and Government Affairs on 20 January.6 Many simple tools for search exist in the current system and they are not sufficient for mission success. Something more is required.
The next post will build on the articulation above and propose a novel way to clarify design requirements for enterprise IT support to the counter terror effort.
More Reading:
- Awake Yet? The list of cyber security wake up calls grows as predicted
- How do you define cyberspace?
- CTO-as-a-Service: When your enterprise needs deep technical expertise on demand
- Cybersecurity and IT standards and standard bodies
For more on these topics see the CTOvision Guide to National Security Technology and
