Homeland Security: Real-time analytics in flagging risks

Claus Larsen

Global Director, Business Development, e-Government, Security & Alliances for the Public and Defense sector

  Yannick Rolland

Atos Codex head of vertical offers

Posted on: 19 April 2018

In the post Wikileaks era, you don’t have to be working for an intelligence agency to have an understanding of the information that can be gathered about you. Terrorists, or potential terrorists, understand this better than most. They know they might be under surveillance, they know the data sources that are likely to be gathered and so they are learning to change their behaviour accordingly.

So how do intelligence agencies stay a step ahead?

A vast amount of academic and intelligence studies have made clear that there is no single terrorist profile. Instead, intelligence agencies must look at various threat-related activities in order to assess not only the intent but also the capability, preparation and planning. We now need to understand “unknown behaviours” and use more complex behavioural indicators, particularly noticing any changes and concealment or deception activities.

We feel this requires a mixed behavioural and statistical approach to get the greatest depth of knowledge and to anticipate future events or actions. The key intelligence indicators are:

  • Communications – cell phone use, movement, peer group etc
  • Image –physical actions and interactions, movement through crowds etc
  • Open source intelligence – social media interactions.

Looking at and triangulating all of these simultaneously can give you an indication of a person’s risk even if single indicators are weak.

Unknown behaviours and unknown target

As mentioned above, key indicators to flag are changes in behaviour and deception activities. Change could be seen in many different areas, for example they may have given up activities and hobbies especially if they are mainstream and against religious code. Conversely, have they stopped all suspicious activity and are they acting in a way to deceive or conceal behaviour such as joining activities or hobbies that are contrary to religious code? None of these activities alone can be indicators but put together you begin to get a view of suspect behaviour.

We can’t always know what we’re looking for exactly. The ways of attack can change – only in the last few years have we seen vehicles used as weapons. This constant adaptation requires constant adaptation of indicators and flags.

Real-time necessity

This is where real-time analytics comes in and is hugely important to the work of intelligence agencies. A snap-shot view will not reveal anything but a real-time view – like a film, rather than a picture – will offer a dynamic flow of information enabling intelligence agencies to move targets continuously from one tier of risk to another. They may be able to recognize behaviours that relate to a series of events.

A number of behavioural studies have shown that the speed of mobilization to violence takes an average of 12 months. Monitoring a flow of behavioural indicators over time can therefore track progression from radicalisation to violence. Having real-time analytics in place and being able to flag key indicators along a path of progression can therefore serve as a good indication of a person’s risk and threat level.

Human intelligence

Analytics platforms that have been carefully established to flag certain behaviours or behavioural changes can alert intelligence agencies to potential risk but here is where human intelligence must come in. It is not possible to sacrifice this for technology; it must play a vital role in the process. A machine cannot understand a local culture or various anomalies that would be easy for a person to identify.

Human intervention in Analytics

Machines and algorithms need constant updating and refining in order to learn and keep up with new trends and emerging behavioural identifiers. Post incident analysis must be gone through:

  • What went wrong?
  • What did we not see?
  • Where were the signals?
  • Where’s the red flag

Those involved in illegal activities are highly imaginative when it comes to finding new ideas for achieving their ends and at hiding themselves within the population, which means that indicators that are important today may not be important tomorrow. Go back and start refining your systems and analytics. Keep progressing and keep moving forward.

Share this blog article


About Claus Larsen

Global Director, Business Development, e-Government, Security & Alliances for the Public and Defense sector
Claus is Global Director, Business Development, e-Government, Security & Alliances for the Public and Defense sector in Atos. He joined Atos in January 2013 as market lead for the Siemens Account in Benelux and the Nordics and as Global Account Executive for Siemens Wind Power. In 2015 he joined the Global Public and Healthcare team with responsibility for the Defense and Homeland Security sectors. Before joining Atos, Claus held a number of management positions at international IT and management consulting companies providing IT security services and solutions to the defense and homeland security sector. Having served as an officer in the Danish Army for over 20 years, Claus understands exactly how soldiers and homeland security forces can use real-time information as a tactical advantage in counter-terrorism and modern warfare. He knows how a network-centric solution connecting troops, vehicles and weapon systems can offer commanders a truly holistic view of the field of operations and support optimal decision-making. Part of Claus’ remit is to ensure that cyber security strategy has the highest priority within organizations.

About Yannick Rolland

Atos Codex head of vertical offers
Yannick is head of codex vertical offers and has specific expertise in intelligence and big data.