Homeland Security: Real-time analytics in flagging risks
Claus Larsen
Global Director, Business Development, e-Government, Security & Alliances for the Public and Defense sector
Yannick Rolland
Atos Codex head of vertical offers
Posted on: 19 April 2018
In the post Wikileaks era, you don’t have to be working for an intelligence agency to have an understanding of the information that can be gathered about you. Terrorists, or potential terrorists, understand this better than most. They know they might be under surveillance, they know the data sources that are likely to be gathered and so they are learning to change their behaviour accordingly.
So how do intelligence agencies stay a step ahead?
A vast amount of academic and intelligence studies have made clear that there is no single terrorist profile. Instead, intelligence agencies must look at various threat-related activities in order to assess not only the intent but also the capability, preparation and planning. We now need to understand “unknown behaviours” and use more complex behavioural indicators, particularly noticing any changes and concealment or deception activities.
We feel this requires a mixed behavioural and statistical approach to get the greatest depth of knowledge and to anticipate future events or actions. The key intelligence indicators are:
- Communications – cell phone use, movement, peer group etc
- Image –physical actions and interactions, movement through crowds etc
- Open source intelligence – social media interactions.
Looking at and triangulating all of these simultaneously can give you an indication of a person’s risk even if single indicators are weak.
Unknown behaviours and unknown target
As mentioned above, key indicators to flag are changes in behaviour and deception activities. Change could be seen in many different areas, for example they may have given up activities and hobbies especially if they are mainstream and against religious code. Conversely, have they stopped all suspicious activity and are they acting in a way to deceive or conceal behaviour such as joining activities or hobbies that are contrary to religious code? None of these activities alone can be indicators but put together you begin to get a view of suspect behaviour.
We can’t always know what we’re looking for exactly. The ways of attack can change – only in the last few years have we seen vehicles used as weapons. This constant adaptation requires constant adaptation of indicators and flags.
Real-time necessity
This is where real-time analytics comes in and is hugely important to the work of intelligence agencies. A snap-shot view will not reveal anything but a real-time view – like a film, rather than a picture – will offer a dynamic flow of information enabling intelligence agencies to move targets continuously from one tier of risk to another. They may be able to recognize behaviours that relate to a series of events.
A number of behavioural studies have shown that the speed of mobilization to violence takes an average of 12 months. Monitoring a flow of behavioural indicators over time can therefore track progression from radicalisation to violence. Having real-time analytics in place and being able to flag key indicators along a path of progression can therefore serve as a good indication of a person’s risk and threat level.
Human intelligence
Analytics platforms that have been carefully established to flag certain behaviours or behavioural changes can alert intelligence agencies to potential risk but here is where human intelligence must come in. It is not possible to sacrifice this for technology; it must play a vital role in the process. A machine cannot understand a local culture or various anomalies that would be easy for a person to identify.
Human intervention in Analytics
Machines and algorithms need constant updating and refining in order to learn and keep up with new trends and emerging behavioural identifiers. Post incident analysis must be gone through:
- What went wrong?
- What did we not see?
- Where were the signals?
- Where’s the red flag
Those involved in illegal activities are highly imaginative when it comes to finding new ideas for achieving their ends and at hiding themselves within the population, which means that indicators that are important today may not be important tomorrow. Go back and start refining your systems and analytics. Keep progressing and keep moving forward.
