Developing a predictive capability in the Counterintelligence Integrated Analysis Center (CIIAC).
The CIIAC is the current intelligence branch of the Army Counterintelligence Center (ACIC). The ACIC is the Army Service-level counterintelligence (CI) production center and responds to both scheduled production, managed under the Department of Defense Intelligence Production Program (DODIPP), and ad hoc requests. AR 381-11, Production Requirements and Threat Intelligence Support to the U.S. Army, dated 28 June 2000, covers the procedures for requesting intelligence production support from the ACIC.
Since 11 September, the CIIAC has undergone several restructures to meet evolving mission requirements. Presently, the CIIAC is structured to focus on identifying FP threats to Army installations, personnel, and activities in the continental United States (CONUS). The CIIAC functions as both a modified ACE, providing direct support to the 902d MI Group, and in a general support role as a strategic analysis section to provide FP research and analysis to the Army in CONUS.
This article will describe the evolving business processes of the CIIAC, how these processes provide a framework to perform predictive analysis of FP threats, and how they facilitate collaboration between the CIIAC, the Anti-Terrorism Operations and Intelligence Cell (ATOIC), and the U.S. Army Intelligence and Security Command (INSCOM)Information Dominance Center (IDC).
The objective of current intelligence research and analysis is to provide predictive analysis. The goal of predictive analysis in support of FP is to identify threats and warn leaders of threat actions in time to defeat or mitigate them. Predictive analysis techniques identify the level of probability of an event based on combinations of indicators, trends, patterns, and historical events. The ability to perform predictive analysis is especially important for FP but it is extremely hard to achieve given the--
* Tremendous amount of information available.
* Complexity of interpreting the reliability of sources.
* Evolving modus operandi of foreign terrorists.
* Open nature of our society in the United States.
* As well as other factors.
Given this complexity, the CIIAC has developed several new products and business processes incorporating evolving computerized analytic tools in an effort to achieve the ability to predict FP threats.
Predictive Analysis Tools
Central to the predictive analysis process are threat streams, indicators and warning (I&W), and analytic programs such as Analyst's Notebook, Starlight, and the Structured Evidential Argumentation System (SEAS).
Threat Streams. The concept of threat streams has been used for some time and can be equated to a commander's critical information requirement (CCIR). The CIIAC has developed long-term and short-term threat streams. Long-term streams are generally strategic concerns, such as the threat of the use of weapons of mass destruction (WMD) or the employment of Man-Portable Air Defense System (MANPADS) weapons by terrorists. Short-term threat streams reflect threats to specific activities or events.
Analyst's Notebook. The Analyst's Notebook enables analysts to prepare and share link-analysis charts. Figure 1 shows an example of a chart from an Analyst Notebook. The CIIAC uses Analyst's Notebook to identify links between known or suspected terrorists, their activities, phone numbers, locations, and their associations with other persons, events, or groups. Analyst's Notebook charts are in increasingly being used in the ACIC Terrorism Summary (ATS) to help readers understand linkages in the information provided.
[FIGURE 1 OMITTED]
Analytic Tools. The CIIAC also uses several advanced analytic tools that are part of the INSCOM IDC suite of tools in support of predictive analysis. These include Starlight, and SEAS.
Starlight is a data visualization tool that captures and graphically portrays relationships among multiple pieces and types of information to include text documents, database records, images, maps, and web pages.
[FIGURE 2 OMITTED]
SEAS is a predictive analysis program and one of several artificial intelligence programs developed by the Artificial Intelligence Center at a government contracted firm. SEAS enables analysts to enter intelligence information and record their thinking through a series of structured arguments. SEAS allows collaboration between analysts on common arguments and relating arguments to indicators. It enables analysts to "drill down" through layers of arguments to discover the basis and rationale of arguments.
CIIAC Organization and Products
The CIIAC, (see figure 3) with a staff of 34, performs analysis and provides technical support. It is organized into two analysis sections that focus on FP: the ACIC Terrorism Summary (ATS), and Homeland Defense (HLD) sections and includes two technical support teams.
[FIGURE 3 OMITTED]
ACIC Terrorism Summary (ATS) Section. Each workday the ATS section prepares a summary of significant FP information relevant to Army forces within CONUS and outside CONUS (OCONUS). The goal of the ATS is to provide readers a daily compilation of significant FP information along with an assessment of the relevance and impact of the information on the Army. The ATS analysts use the CONUS threat streams as a guide to identify FP concerns for Army senior leaders based on current and planned operations. The CIIAC coordinates these threat streams with the ATOIC and INSCOM Intelligence Operations Center (IOC) on a monthly basis; they update the CONUS I&W list as needed.
Immediately after 11 September, the U.S. Army Criminal Investigative Command (USACIDC) assigned a criminal investigation detachment (CID) agent to the 902d to support the exchange of FP information between the two commands. The CID liaison officer (LNO) performs both a liaison and analysis function as part of the ATS section. Since 11 September, the CID LNO has made significant contributions to the CIIAC FP mission by providing timely access to law-enforcement information and facilitating the fusion of CI and law-enforcement information. The increased capabilities provided by the CID LNO are an indicator of an evolution in the relationship between INSCOM and USACIDC that will have a positive long-term impact on both organizations.
Homeland Defense (HLD) Section. There are five teams that focus on the four geographic regions of the U.S. Army Installation Management Agency (IMA) and the Military District of Washington (MDW) in the HLD section. The section's analysts maintain a "Blue force" and "Red force" laydown of Army installations and activities in CONUS and monitor FP threats. The HLD section has drafted threat assessments for each of the CONUS Army installations that fall under the IMA. They post these installation threat assessments on the ACIC web pages and update them on a regular basis. The objective of preparing these assessments is to provide a higher level of situational awareness to 902d CI agents throughout CONUS, garrison intelligence and security personnel, and the Army law-enforcement community.
The HLD analysts use the CONUS threat streams as the basis for their daily research. As analysts identify new FP information, they compare it to the CIIAC threat streams and the I&W list. If they determine the information is of value, they add it to the appropriate threat stream model in SEAS. The analysts specify the weight assigned to each piece of intelligence based on the factors of relevance, credibility, and impact. SEAS then performs a probabilistic analysis of the various pieces of information and provides a color-coded assessment of the probability or threat level. The value of SEAS increases over time as the database grows.
Technical Support Teams. The 902d IDC-Extension team maintains the 902d MI Group's IDC-Extension node and consists of a system administrator for the 902d IDC network, programmer/assistant system administrator, Geospatial Information Systems (GIS) developer, and a senior analyst. The CIIAC Production Support team consists of a web developer, a technical editor, and a GIS analyst. Together, these technical support teams are building a robust system to perform predictive analysis.
A number of technologies have converged over the past several years that improve the ability of analysts to perform predictive analysis. Each of these technologies is important in supporting research, analysis, and information sharing. These include the push within the Intelligence Community to establish common standards for--
* Digital production.
* Increased bandwidth.
* Development of data-mining tools.
* Improved data-tagging methods such as extensible markup language (XML).
* Data migration tools such as Trusted One-Way Links (TOWL) that permit one-way data flow between networks, and Trusted Workstations, which allow two-way data flow between networks.
Threat Reporting and Collaboration
Access to a broad range of information is critical to situational awareness and conducting predictive analysis. Each analyst in the CIIAC has access to four networks: Nonclassified Internet Protocol Router Network (NIPRNET), Secure Internet Protocol Router Network (SIPRNET), Joint Worldwide Intelligence Communications System (JWICS), and the INSCOM IDC Network. The INSCOM IDC Network is a Top Secret-level research and development network that resides on the JWICS. The ACIC is coordinating access to the National Security Agency (NSA) Net to improve the CIIAC's all-source intelligence analysis capability. The CID LNO/ analyst provides access to law-enforcement databases and systems.
The three core competencies of the CIIAC are research, analysis, and collaboration. Collaboration is the newest addition and reflects the growing need to increase the level of agency-to-agency and analyst-to-analyst contact. In CONUS, each of the military services faces the same basic challenges in providing FP support to installations, personnel, and activities. We face a common enemy in the Global War on Terrorism. To anticipate or predict global threats effectively, we must collaborate through formal communities of practice (COP) and communities of interest (COI). Each of these is part of an organizational knowledge management program designed to capture individual experience and intuitive knowledge and codify it into explicit knowledge.
The CIIAC has been using the Joint Regional Information Exchange System (JRIES) to collaborate with law-enforcement officials across the United States. The Department of Homeland Security has fielded JRIES to all 50 states. Additionally, the CIIAC has access to the Joint Protection Enterprise Network (JPEN) that U.S. Northern Command (NORTHCOM) is fielding. NORTHCOM has fielded JPEN to a number of Department of Defense (DOD) installations to include 23 Army installations. Installation security and law-enforcement personnel are using JPEN to submit Talon reports, the DOD standard for reporting suspicious incidents that may be terrorism-related.
The 902d MI Group maintains the Army Talon database of suspicious incident reports on the SIPRNET. Since February 2003, agents from the 902d have submitted more than 2,600 Army Talon reports. The CIIAC provides Army Talon reports to the Counterintelligence Field Activity (CIFA) where they add it to the Cornerstone database of suspicious incident reports from all of the military services. The ability to submit suspicious incident reports online provides the current intelligence needed to support predictive analysis.
The ACIC has also developed a web-based map on the SIPRNET using the Arc Geographical Information System (ArcGIS) suite of products from a commercial company. All Army Talon reports are automatically posted to the GIS map. Additionally, the ACIC can add data to the map as needed from its other mission areas, to include technology protection, information operations, and investigations and operations. Based on the movement toward digital production within the Intelligence Community, the ACIC and CIIAC are moving toward pushing information with the expectation that users will find the information they need and be able to tailor it to meet their needs. Consumers who are not able to find required information can then submit requests for scheduled or ad hoc production to the ACIC through the Community On-Line Intelligence System for End-Users and Managers (COLISEUM).
The goal of the CIIAC is to develop a solid predictive analysis capability in support of the Army and homeland defense in CONUS. New business processes have streamlined research and analysis using state-of-the-art systems and new intelligence products support situational awareness and the dissemination of force protection information. The CIIAC is building on existing collaborative systems to establish agency and peer-to-peer relationships that will enhance predictive analysis and FP. The CIIAC, ATOIC, INSCOM IOC, and USACIDC will integrate information based on a common understanding of long- and short-term threat streams, CONUS I&W, and threat levels based on the use of SEAS and other advanced analytic tools.
Charles Harlan began his career with U. S. Army Intelligence as a Department of the Army civilian with the 902d MI Group. at Fort George G. Meade. Maryland and has served as the Chief of the CIIAC since January 2003. He is a retired Army CI agent and has been with the 902d MI Group since October 1998. Readers may contact the author via E-mail at email@example.com.