Developing a predictive capability in the Counterintelligence Integrated Analysis Center (CIIAC).
The mission of the Counterintelligence Integrated Analysis Center (CIIAC) is to conduct near-real-time analysis and provide force protection (FP) information that enhances situational awareness in support of the 902d Military Intelligence (MI) Group, at Fort Meade, Maryland Fort Meade is a census-designated place (CDP) in Anne Arundel County, Maryland, United States. The population was 9,882 at the 2000 census. It is the home to the National Security Agency in the US Army base of the same name. . The 902d formed the CIIAC following the terrorist attacks on 11 September 2001 to function as the 902d analysis and control element (ACE) to support the Group's FP activities. The 902d ACE initially used the All-Source Analysis System-Light (ASAS-L) system; it did not have the signals intelligence (SIGINT Noun 1. SIGINT - intelligence information gathered from communications intelligence or electronics intelligence or telemetry intelligence
signals intelligence ) and imagery intelligence (IMINT) sections found in a fully staffed ACE.
The CIIAC is the current intelligence branch of the Army Counterintelligence Center (ACIC). The ACIC is the Army Service-level counterintelligence (CI) production center and responds to both scheduled production, managed under the Department of Defense Intelligence Production Program (DODIPP DODIPP Department of Defense Intelligence Production Program ), and ad hoc requests. AR 381-11, Production Requirements and Threat Intelligence Support to the U.S. Army, dated 28 June 2000, covers the procedures for requesting intelligence production support from the ACIC.
Since 11 September, the CIIAC has undergone several restructures to meet evolving mission requirements. Presently, the CIIAC is structured to focus on identifying FP threats to Army installations, personnel, and activities in the continental United States (CONUS). The CIIAC functions as both a modified ACE, providing direct support to the 902d MI Group, and in a general support role as a strategic analysis section to provide FP research and analysis to the Army in CONUS.
This article will describe the evolving business processes of the CIIAC, how these processes provide a framework to perform predictive analysis of FP threats, and how they facilitate collaboration between the CIIAC, the Anti-Terrorism Operations and Intelligence Cell (ATOIC), and the U.S. Army Intelligence and Security Command (INSCOM INSCOM United States Army Intelligence & Security Command )Information Dominance Center (IDC).
The objective of current intelligence research and analysis is to provide predictive analysis. The goal of predictive analysis in support of FP is to identify threats and warn leaders of threat actions in time to defeat or mitigate them. Predictive analysis techniques identify the level of probability of an event based on combinations of indicators, trends, patterns, and historical events. The ability to perform predictive analysis is especially important for FP but it is extremely hard to achieve given the--
* Tremendous amount of information available.
* Complexity of interpreting the reliability of sources.
* Evolving modus operandi of foreign terrorists.
* Open nature of our society in the United States.
* As well as other factors.
Given this complexity, the CIIAC has developed several new products and business processes incorporating evolving computerized analytic tools in an effort to achieve the ability to predict FP threats.
Predictive Analysis Tools
Central to the predictive analysis process are threat streams, indicators and warning (I&W), and analytic programs such as Analyst's Notebook, Starlight, and the Structured Evidential Argumentation System (SEAS).
Threat Streams. The concept of threat streams has been used for some time and can be equated to a commander's critical information requirement (CCIR). The CIIAC has developed long-term and short-term threat streams. Long-term streams are generally strategic concerns, such as the threat of the use of weapons of mass destruction Weapons that are capable of a high order of destruction and/or of being used in such a manner as to destroy large numbers of people. Weapons of mass destruction can be high explosives or nuclear, biological, chemical, and radiological weapons, but exclude the means of transporting or (WMD WMD
white muscle disease. ) or the employment of Man-Portable Air Defense System (MANPADS MANPADS Man-Portable Air Defense System ) weapons by terrorists. Short-term threat streams reflect threats to specific activities or events.
Analyst's Notebook. The Analyst's Notebook enables analysts to prepare and share link-analysis charts. Figure 1 shows an example of a chart from an Analyst Notebook. The CIIAC uses Analyst's Notebook to identify links between known or suspected terrorists, their activities, phone numbers, locations, and their associations with other persons, events, or groups. Analyst's Notebook charts are in increasingly being used in the ACIC Terrorism Summary (ATS) to help readers understand linkages in the information provided.
[FIGURE 1 OMITTED]
Analytic Tools. The CIIAC also uses several advanced analytic tools that are part of the INSCOM IDC suite of tools in support of predictive analysis. These include Starlight, and SEAS.
Starlight is a data visualization tool that captures and graphically portrays relationships among multiple pieces and types of information to include text documents, database records, images, maps, and web pages.
[FIGURE 2 OMITTED]
SEAS is a predictive analysis program and one of several artificial intelligence programs developed by the Artificial Intelligence Center at a government contracted firm. SEAS enables analysts to enter intelligence information and record their thinking through a series of structured arguments. SEAS allows collaboration between analysts on common arguments and relating arguments to indicators. It enables analysts to "drill down" through layers of arguments to discover the basis and rationale of arguments.
CIIAC Organization and Products
The CIIAC, (see figure 3) with a staff of 34, performs analysis and provides technical support. It is organized into two analysis sections that focus on FP: the ACIC Terrorism Summary (ATS), and Homeland Defense (HLD) sections and includes two technical support teams.
[FIGURE 3 OMITTED]
ACIC Terrorism Summary (ATS) Section. Each workday the ATS section prepares a summary of significant FP information relevant to Army forces within CONUS and outside CONUS (OCONUS OCONUS Outside the Continental United States
OCONUS Outside Contiguous United States ). The goal of the ATS is to provide readers a daily compilation of significant FP information along with an assessment of the relevance and impact of the information on the Army. The ATS analysts use the CONUS threat streams as a guide to identify FP concerns for Army senior leaders based on current and planned operations. The CIIAC coordinates these threat streams with the ATOIC and INSCOM Intelligence Operations Center (IOC) on a monthly basis; they update the CONUS I&W list as needed.
Immediately after 11 September, the U.S. Army Criminal Investigative Command (USACIDC USACIDC United States Army Criminal Investigation Command (US DoD) ) assigned a criminal investigation detachment (CID Cid or Cid Campeador (sĭd, Span. thēth kämpāäthōr`) [Span.,=lord conqueror], d. 1099, Spanish soldier and national hero, whose real name was Rodrigo (or Ruy) Díaz de Vivar. ) agent to the 902d to support the exchange of FP information between the two commands. The CID liaison officer (LNO) performs both a liaison and analysis function as part of the ATS section. Since 11 September, the CID LNO has made significant contributions to the CIIAC FP mission by providing timely access to law-enforcement information and facilitating the fusion of CI and law-enforcement information. The increased capabilities provided by the CID LNO are an indicator of an evolution in the relationship between INSCOM and USACIDC that will have a positive long-term impact on both organizations.
Homeland Defense (HLD) Section. There are five teams that focus on the four geographic regions of the U.S. Army Installation Management Agency (IMA (Interactive Multimedia Association, Annapolis, MD) An earlier trade association founded in 1988 originally as the Interactive Video Industry Association. It provided an open process for adopting existing technologies and was involved in subjects such as networked services, scripting ) and the Military District of Washington The Military District of Washington (MDW) is one of nineteen major commands of the United States Army. Its headquarters are located at Fort McNair in Washington, D.C. (MDW) in the HLD section. The section's analysts maintain a "Blue force" and "Red force" laydown of Army installations and activities in CONUS and monitor FP threats. The HLD section has drafted threat assessments for each of the CONUS Army installations that fall under the IMA. They post these installation threat assessments on the ACIC web pages and update them on a regular basis. The objective of preparing these assessments is to provide a higher level of situational awareness to 902d CI agents throughout CONUS, garrison intelligence and security personnel, and the Army law-enforcement community.
The HLD analysts use the CONUS threat streams as the basis for their daily research. As analysts identify new FP information, they compare it to the CIIAC threat streams and the I&W list. If they determine the information is of value, they add it to the appropriate threat stream model in SEAS. The analysts specify the weight assigned to each piece of intelligence based on the factors of relevance, credibility, and impact. SEAS then performs a probabilistic analysis of the various pieces of information and provides a color-coded assessment of the probability or threat level. The value of SEAS increases over time as the database grows.
Technical Support Teams. The 902d IDC-Extension team maintains the 902d MI Group's IDC-Extension node and consists of a system administrator for the 902d IDC network, programmer/assistant system administrator, Geospatial Information Systems (GIS) developer, and a senior analyst. The CIIAC Production Support team consists of a web developer, a technical editor, and a GIS analyst. Together, these technical support teams are building a robust system to perform predictive analysis.
A number of technologies have converged over the past several years that improve the ability of analysts to perform predictive analysis. Each of these technologies is important in supporting research, analysis, and information sharing. These include the push within the Intelligence Community to establish common standards for--
* Digital production.
* Increased bandwidth.
* Development of data-mining tools.
* Improved data-tagging methods such as extensible markup language See XML.
(language, text) Extensible Markup Language - (XML) An initiative from the W3C defining an "extremely simple" dialect of SGML suitable for use on the World-Wide Web.
* Data migration tools such as Trusted One-Way Links (TOWL) that permit one-way data flow between networks, and Trusted Workstations, which allow two-way data flow between networks.
Threat Reporting and Collaboration
Access to a broad range of information is critical to situational awareness and conducting predictive analysis. Each analyst in the CIIAC has access to four networks: Nonclassified Internet Protocol Router Network (NIPRNET NIPRNET Unclassified but Sensitive Internet Protocol Router Network (US DoD)
NIPRNET Non-Classified Internet Protocol Router Network (US DoD)
NIPRNET Non-Secure Internet Protocol Router Network ), Secure Internet Protocol Router Network (SIPRNET), Joint Worldwide Intelligence Communications System The sensitive, compartmented information portion of the Defense Information Systems Network. It incorporates advanced networking technologies that permit point-to-point or multipoint information exchange involving voice, text, graphics, data, and video teleconferencing. Also called JWICS. (JWICS), and the INSCOM IDC Network. The INSCOM IDC Network is a Top Secret-level research and development network that resides on the JWICS. The ACIC is coordinating access to the National Security Agency (NSA) Net to improve the CIIAC's all-source intelligence analysis capability. The CID LNO/ analyst provides access to law-enforcement databases and systems.
The three core competencies of the CIIAC are research, analysis, and collaboration. Collaboration is the newest addition and reflects the growing need to increase the level of agency-to-agency and analyst-to-analyst contact. In CONUS, each of the military services faces the same basic challenges in providing FP support to installations, personnel, and activities. We face a common enemy in the Global War on Terrorism Terrorist acts and the threat of Terrorism have occupied the various law enforcement agencies in the U.S. government for many years. The Anti-Terrorism and Effective Death Penalty Act of 1996, as amended by the usa patriot act . To anticipate or predict global threats effectively, we must collaborate through formal communities of practice (COP) and communities of interest (COI). Each of these is part of an organizational knowledge management program designed to capture individual experience and intuitive knowledge and codify it into explicit knowledge.
The CIIAC has been using the Joint Regional Information Exchange System (JRIES) to collaborate with law-enforcement officials across the United States. The Department of Homeland Security Noun 1. Department of Homeland Security - the federal department that administers all matters relating to homeland security
executive department - a federal department in the executive branch of the government of the United States has fielded JRIES to all 50 states. Additionally, the CIIAC has access to the Joint Protection Enterprise Network (JPEN) that U.S. Northern Command (NORTHCOM) is fielding. NORTHCOM has fielded JPEN to a number of Department of Defense (DOD (1) (Dial On Demand) A feature that allows a device to automatically dial a telephone number. For example, an ISDN router with dial on demand will automatically dial up the ISP when it senses IP traffic destined for the Internet. ) installations to include 23 Army installations. Installation security and law-enforcement personnel are using JPEN to submit Talon reports, the DOD standard for reporting suspicious incidents that may be terrorism-related.
The 902d MI Group maintains the Army Talon database of suspicious incident reports on the SIPRNET. Since February 2003, agents from the 902d have submitted more than 2,600 Army Talon reports. The CIIAC provides Army Talon reports to the Counterintelligence Field Activity Counterintelligence Field Activity (CIFA) is a United States Department of Defense (DoD) agency whose size and budget are classified. The CIFA was created by a directive from the Secretary of Defense (Number 5105.67) on February 19, 2002 . (CIFA) where they add it to the Cornerstone database of suspicious incident reports from all of the military services. The ability to submit suspicious incident reports online provides the current intelligence needed to support predictive analysis.
The ACIC has also developed a web-based map on the SIPRNET using the Arc Geographical Information System Geographical Information System - Geographic Information System (ArcGIS) suite of products from a commercial company. All Army Talon reports are automatically posted to the GIS map. Additionally, the ACIC can add data to the map as needed from its other mission areas, to include technology protection, information operations, and investigations and operations. Based on the movement toward digital production within the Intelligence Community, the ACIC and CIIAC are moving toward pushing information with the expectation that users will find the information they need and be able to tailor it to meet their needs. Consumers who are not able to find required information can then submit requests for scheduled or ad hoc production to the ACIC through the Community On-Line Intelligence System for End-Users and Managers (COLISEUM).
The goal of the CIIAC is to develop a solid predictive analysis capability in support of the Army and homeland defense in CONUS. New business processes have streamlined research and analysis using state-of-the-art systems and new intelligence products support situational awareness and the dissemination of force protection information. The CIIAC is building on existing collaborative systems to establish agency and peer-to-peer relationships that will enhance predictive analysis and FP. The CIIAC, ATOIC, INSCOM IOC, and USACIDC will integrate information based on a common understanding of long- and short-term threat streams, CONUS I&W, and threat levels based on the use of SEAS and other advanced analytic tools.
Charles Harlan began his career with U. S. Army Intelligence as a Department of the Army civilian with the 902d MI Group. at Fort George G. Meade Fort George G. Meade, U.S. army post, 13,500 acres (5,460 hectares), central Md., between Baltimore and Washington, D.C.; est. 1917 as a World War I induction center. . Maryland and has served as the Chief of the CIIAC since January 2003. He is a retired Army CI agent and has been with the 902d MI Group since October 1998. Readers may contact the author via E-mail at firstname.lastname@example.org.