This is the concluding post on enhancing IT innovation in support of the Counter Terror effort. The first part focused on the challenge and importance context relevant to design criteria. This post focuses on design criteria and proposes next steps.
Transforming the Challenge Into Design Criteria:
The legacy IT environment of the counter-terror community is complex. Changes to the environment must be done by design or they may cause unintended consequences that result in more harm to the system than good. To enable good design, the challenges previously articulated can be captured in explicit goals that the counter-terror IT enterprise must achieve. Primary Design Criteria are those that must be met in a successful design. Secondary Design Criteria are those that are highly desirable but not absolutely essential.
Primary Design Criteria. The counter-terror IT enterprise will possess the following features:
- Data streams are the feeds of data normally moving across IP-based networks from sensors, databases, command centers and other generators of message traffic and events.
- Data stream design features supporting humans include the need to provide access to and insight into data streams in a way conducive to immediate understanding of importance. Alerts on what is occurring in data streams should be provided. Visualizations of data streams should be provided. Since humans are the only component of the system which can assess relevance they must be able to inject their assessments of relevance into the data stream. Therefore, analysts/watchstanders/other approved users will be given an ability to rapidly tag information in stream as desired. Data streams must be designed to support humans with many other analytical capabilities including an ability to understand how the enterprise is functioning (data ingest rates, networks/nodes available, bottlenecks, what is nominal performance etc).
- Data stream design features supporting computer to computer processing will include design of systems to evaluate data streams to produce alerts to users and to evaluate new data in the context of all legacy data (through pattern matching, correlation and database search). This evaluation step may generate additional alerts.
- A key note: the counter-terror mission requires data stream’s from from a wide community including communities operating at many different classification levels. The engineering of solutions that bring these streams together seems to be a very straightforward task but the very high data rates and need for security make this a challenge. There are ways to use software to create cross domain data repositories and that may be the way ahead here. And an enduring challenge is in finding rapid ways to bring on new streams of data from other organizations. This also requires focused engineering.
- Databases are holders of and operators on data.
- Database design features supporting humans include the need to provide enhanced means of accessing, discovering and working with data at rest. People need systems that automatically discover relationships in the data. Users must also be given ways to assess the relevance of data at rest and then inject assessments of their judgment (users get to give the “so what” of the information). Humans must be enabled with guided navigation and discovery engines, especially discovery engines that will enable discovery of all variations/spellings of names and locations.
- Database design features focused on automation include design of a means to evaluate every update to a database in context of previous information in the enterprise. Every update to a database must be evaluated by automated routines to understand how the update related to existing information stores from throughout the enterprise. When data is found that relates to other data, users must be notified so evaluations can be made on its relevance. When databases are queried and when discovery engines are run against databases misspellings must not be an issue (modern discovery capabilities return all related results including all potential misspellings). Multi-lingual search/correlation and other language support tools and information extraction capabilities are also required.
The primary design criteria are summarized in the following matrix:
Secondary Design Criteria. If at all possible, the counter-terror IT enterprise will possess the following additional features:
- Designs in this environment should accommodate change. Open standards and open architecture are a must. Collaborative development environments which enable secure code development and application development lifecycle management are also a must.
- The mission here places a very high premium on IT security and the protection of privacy. The legacy architecture and objective design will both continue to emphasize protection of data and privacy. Additionally, the objective design will work with an existing network and ride on top of existing infrastructure. This means the objective design will accommodate multiple domains of classification and security policy.
- A key shortfall in our capabilities (human and machie) is name spellings, however, we don’t do well in challenging people to validate their name entries. There is a need for a “do you mean…?” feature when people are enterirng data. Auto-fills driven by data from hundeeds of indexes and databases could help drive this feature.
- Production of intelligence in living/fluid/dynamic ways is in need of focused attention. Little engineering needs to be done to accomplish this, but upgrading IT can at times be a good excuse to get the attention of business process owners and can help in improving business processes (we have all seen what IT can do to a bad process, it can automate the bad process and make it far worse).
- The most significant situations confronting members of the intelligence community are those that require our best thinkers to collaborate together across many systems. The need to enhance collaboration is a continuing, enduring requirement that should be a consideration in all designs.
Redesign and modernization of current systems and the enterprise IT environment supporting counter terror work is a complex task involving far more than just the intelligence community. It involves a large community of IC providers, IC users, law enforcement, homeland security and IT professionals. Throughout the redesign of IT for this large community we should ensure computers support humans in ways where humans do what humans do best and computers do what computers do best.
A useful next step will be to closely examine the entire framework of counter terror systems with the framework above. This review can inform strategic decisions regarding future design work.
The framework above can also be used in developing requirements and in evaluating commercial technologies which can be relevant to meeting mission needs. New design criteria do not always need to result in totally new systems. Frequently existing systems can be improved by configuration changes and CONOP improvements and the design criteria above can aid in discussing those.
A closing note: This paper addresses a framework for considering key design criteria. It is the opinion of the author that governance must be addressed in conjunction with systems design. Technology can help mitigate threats to the nation, but only if the right decisions are made regarding how data flows and that generally requires clear, non-ambiguous community-wide governance structures.
Latest posts by Bob Gourley
- Nation’s Financial Heavyweights Issue Cyber Warning - January 18, 2020
- Trusona Is Poised To Improve How We Securely Authenticate With Systems - January 14, 2020
- This One Little Configuration Change Will Make It Harder For People To Steal Your Information - January 12, 2020