Region :

Knowledge Centre:

HomeResourcesArticles › Data Fusion ›

Data Fusion

This article originally appeared in Intersec magazine November 2011

Managing the wide variety of intelligence, data and evidence in a counter-terrorism investigation can prove difficult, but Mark Gibsons argues that information sharing and fusion centres are the answer.

Terrorism is difficult to define.lt has different meanings and connotations in different parts of the world. The US department of state uses the term to mean "politically-motivated violence", the UN talks about "message generators" and "violence-based communication" and in the UK terrorism tends to be associated with public fear and criminal acts that influence an audience beyond the immediate victim.

These perceptions are all quite different. When you consider the huge sums invested by governments and crime-fighting agencies around the world in combating the threat, it is pertinent to ask whether the focus of the battle against terrorism is right and whether the investment in tackling terrorism is paying off. The US alone spent $75-$80bn last year alone on domestic security, much of which was based on increased budgets to combat terrorism, which has prevailed since the attacks on New York and Washington in September 2001. ln the UK,the government has earmarked £600mn for Olympic security, much of which is to address the perceived terrorist threat.

As we have already noted across Europe and in the UK in particular, there is a strong focus on the messages terrorists are looking to communicate. So should crime-fighting agencies be concentrating on issues to do with crime, criminality and terrorism, crime generated from social media sites; cyber warfare and crime associated with the Olympics - all of which potentially provide a platform for terrorists to get their message across? The answer is absolutely yes. And with the recent example of Anders Breivik's attacks in Norway still fresh in the collective memory, agencies are now also focusing more on the concept of the "lone wolf" activist - individuals with a message or, as was the case with Breivik, a twisted manifesto they want to communicate.

Recent international conferences such as London Cyberspace have focused on the need for crime­ fighting agencies to communicate closely with each other and work together to combat threats, effectively to disrupt the ability of the terrorists to generate and deliver their "messages". In doing so, it is critical that agencies share information and intelligence, but it is equally vital that they share best practice.

Technology is, of course, something of a double­ edged sword in the context of terrorism. Terrorists themselves utilise technology in a range of different ways, including fundraising online and promoting their agenda via social networks, for example. The terrorists that carried out the Mumbai attacks in 2008 used a broad range of communications technologies to execute their plan and remain one step ahead of the police who were trying to track them down.

In responding to such threats, the technology used by crime fighting agencies needs to enable information sharing between multiple agencies working to deter terrorism. It needs also to support intelligence management, covering the entire lifecycle - from information collection to review, evaluation and analysis. In particular, systems have to ensure the right information gets to the right person at the right time.

Today we see a great opportunity to take the concept of the fusion centre, (which originated in the US after 9/11) to bring together different agencies with different mandates and different agendas in a secure environment. Not all of these would typically be terrorism-related, but the ability to bring together different strands of intelligence would potentially have benefits in tackling terrorism.

In gathering information about known or suspected terrorists, for example,police forces or other crime fighting agencies might wish to bring together in one place a range of disparate sources of information about an individual from community groups, the workplace, email traffic and financial transactions, for example, giving them a larger pool of intelligence to utilise. The technology deployed must above all be reliable, secure and scalable to respond to the need to access a mass of information from sensitive IT systems to intelligence in the open source environment.

Solutions must also be fast, cost-effective and easy-to-use. Exponential data growth is putting a huge strain on systems, so high-performance computing is key if forces are going to be able to scale up quickly and not spend weeks running searches to find that key piece of information. Increasingly, with budgets under threat or already being slashed, more process automation is required. A mature. sophisticated intelligence cycle, requiring inter-agency co-operation to achieve its goals, is also required to prioritise data feeds.

Systems also need to be clever to present limited amounts of people with options around how they can look at data and ask further questions. The other important requirement is visualisation. Today, more non-technical people are looking at data, and to make sense of it they need simple ways of viewing and visualising information. There is also a growing distinction between the concept of inteligence and evidence gathering.The two increasingly need to be gathered in tandem. Captured data in the context typically contains some intelligence and some evidence, and some intelligence that will be evidence. Increasingly now, sentiment analytics tools are being used to analyse online content and to select suspects to put under surveillance. Equally important is the role of fusion centres, or their European equivalent, in providing threat assessment to leadership (command awareness), so that law enforcement resources can be focused on high-priority threats. Again, information sharing plays a key role in ensuring executives at the centre are notified in a timely manner to be able to make informed decisions. This might, for example, allow them to make decisions on raising risk levels, setting priorities and deploying resources. Information on its own will typically not be sufficient but it can be supported by searching carried out at the time to build a bigger picture.

The major problem for Europe in tackling these threats is the international nature of terrorism.As a result, there is a limit on what can eff efectively be done at a local level. Europe is sometimes seen as conservative or risk-averse in forcing the inter­ government co-operation that could be necessary to combat such threats. The states in the US are typically working within the same broad legal framework and structure and can usually rely on central government funding. The situation is very different in Europe, however, particularly in the current environment, with many administrations focused on cost-cutting.As a result, cross-border information sharing is limited.

What the different European countries can and must do, though, is share best practice. This could simply involve crime fighting agencies from recent Olympic cities passing on details of their experiences, as well as the systems and techniques that worked well for them in tackling the terrorist threat. Much of the sharing in this case will be on a point-by-point basis.

Key insights that might be passed on as a result include ways in which agencies can be more proactive in spotting trends and threats. After all, the crime fighting experts might have a clear idea of what "bad behaviour" looks like in terms of activity patterns and trends, either through observing it or investigating criminality.

Technology can then be used to look out for these patterns, whether through sentiment analysis on a blog or on Twitter, or by examining analytical models based on call pattern behaviour or financial irregularities, for example.This is where companies like SAS can add value: by providing analytical tools that give forces early warning of potential problems and then provide them with tools that support the decision-making process when an incident does occur, so they can take proactive or pre-emptive action.

Predictive modelling can be used to provide critical support to border protection efforts, helping agencies to intervene to choose, for example, the right container to open, and to ensure they are utilising their scarce manpower resources in the most effective way possible.

Today, the terrorist threat remains as severe as at any time in our history. As Or Ekaterina Stepanova, a lead researcher in Russia's Institute of World Economy and International Relations recently put it: "We have seen a three-fold increase in terrorism over the past decade, which is unlikely to decline in the next couple of decades". Europe is far from immune, with Greece alone experiencing 180 attacks in the 12 months to June 2010 - more than Yemen over the same period.

In countering these threats, agencies need actionable intelligence.And to achieve this, agencies and centres urgently require systems that present their analyst teams with the relevant information "all in one place". This is where solutions providers can help in delivering solutions that provide intelligence management and analytics, allowing investigators to analyse the data more effectively and forecast and predict likely future patterns of behaviour.

Yet, it is equally critical that they are part of a culture of sharing information, where crime­ fighting agencies and even national governments are ready and willing to share best practice to meet and combat the ongoing threat of terrorism.

Make an Enquiry

Call Us

 

Public Security spotlight

Whitepaper download

Copyright © Memex Technology Ltd. All rights reserved.
In the United States, the distribution of Memex products and solutions is conducted by SAS Institute Inc. under license from Memex Technology Limited, a SAS company.