ABI - A Perilous Journey

 

Activity Based Intelligence: A Perilous Journey to Intelligence Integration

Presented at DGI 2017

Over the last several years, Activity Based Intelligence has emerged as a new method of intelligence. Activity Based Intelligence (ABI) applies geographic thinking in new ways to help solve today’s complex intelligence problems. Implementing ABI involves the convergence of new sources of intelligence information, advancements in technology like Big Data , the Internet of Things (IoT), and a new way of thinking about intelligence production. 

This was one of my first presentations on ABI and establishes many of the fundamentals. This presentation resulted in this article published in Digital Battlespace.

Recording

Speech:

Explorer and Guide Slide 2

This new approach creates great  opportunities and challenges for organizations that many of you belong to. We believe that GEOINT professionals need to lead the way and lend their expertise to realize the promise of ABI. GEOINT organizations are posture to take advantage of ABI concepts fairly simply because of the nature of their business, and the necessity to geographically visualize, and analyze data to glean comprehensive understanding over a particular area in the world.  However, the application of these new techniques and new technologies has many potential pitfalls. Let’s explore how we can apply the lessons we know from implementing ABI to overcome some of those pitfalls.

ABI Definition Slide

First, let’s talk about why you should be interested in ABI at all. The US Undersecretary of Defense for Intelligence has found value in this approach and defines ABI as “A method of intelligence, where analysis and subsequent collection is focused on the activity and transactions associated with an entity, a population, or an area of interest”.  This definition is the tip of iceberg, to what ABI can do for the intelligence community.  While this definition can help us understand what ABI is, it is probably quite useful to understand why we need ABI and how it fits into the current landscape of Intelligence.

Age of Intelligence Slide

The modern intelligence profession really began with a focus on Human Intelligence and managing of a single threat. Over time, new technical capabilities were developed to collect intelligence information. Organizations were created based on intelligence disciplines to wring out as much intel as possible from each piece of data collected. Robust rules were developed for understanding the signatures of our enemies based on fixed locations and known targets. After 9/11, the game was changed. The enemy no longer had fixed signatures or known target locations. This is where we begin to break down some of our intelligence stovepipes and form multi-discipline intelligence teams. This is also when many of the techniques for ABI were beginning to be developed. Today, we are now seeing the threat becoming increasingly complex, with new threats and new technologies being applied. Leading us to aspire for a true integrated intelligence environment that provides comprehensive understanding. Many groups had been performing All-Source or integrated intelligence for years, this new age of intelligence required these smaller operations to be taken to a larger scale and to a new workforce.   

Technology Trends Slide

In addition to the increasing need for understanding of a complex threat environment, we also have many new technology developments. There is an explosion of new sources of information, drones, consumer devices, social media, and real time reporting. This new data creates demand for new applications, the app revolution, providing people access to information with the ability to analyze it and visualize it like never before. These advancements all ride on new technology trends, with great increases in computing power and storage. Similar to many technology trends, every user wants a personalized view or interaction with the data, like you may see on your common social media applications. Fact, we can create data environments for managing and storing these vast new collections of data and make it available to anyone in the organization, on any device, at any time, and in a manner that is meaningful for them.

ABI Elements Slide

This convergence of these new technologies and increased intelligence capability has led  to the creation of new Intelligence approaches like that of ABI. These new methods do not replace any of the time tested analytic processes already developed. Instead, it formalizes a methodology and shifts focus from Intelligence reporting to the discovery of the unknown. Activity Based Intelligence is a set of spatiotemporal analytic methods to; Discover Correlations, Resolve Unknowns, Understand Networks, Develop Knowledge, Drive Collection using diverse data sets to understand the environment. To understand the environment and not just a specific location or facility .

Discovery Intelligence Slide

Many traditional intelligence methods were focused on analyzing and exploiting information based on known targets and locations, or known behaviors and signatures of adversaries. ABI is really focused on tackling the unknown/unknowns. Discovery is fundamentally a data driven process. Traditional techniques focused on known locations or known signatures, instead ABI is focused on finding the unknown-unknown.

The output of ABI is a resolved Entity, a defined pattern of life or understanding of an unknown behavior or phenomenon.  Think of the logic that may lead you to understand the activities prior to an attack. You will have advanced recon, increased training, frequent meetings, travel outside of normal areas etc.. putting this activity in context is the purpose of ABI.

ABI Intel Cycle Slide

ABI fits into the traditional Intelligence cycle. While most of traditional intelligence was focused on tasking and collection of critical assets, ABI is focused on processing and exploitation of the increasing wealth of data we have at our disposal to actually glean understanding.

ABI Comparison Table Slide

There is a never ending debate about exactly who invented ABI, who owns ABI, if ABI itself is even a new concept...Everyone who has looked at ABI seems to agree that the techniques used in ABI are valuable and relevant to today’s complex world.

As you think about implementing ABI in your organizations, I hope you find it useful to learn from those that went before you. The early practitioners of ABI didn’t know they were inventing a new method as they developed it. In fact, they were just explorers. Trying to reach a new promised land and setting the path for those that followed behind them. As they explored they made many mistakes, which we can learn from.

As you will soon see, the application of Geographic Information is fundamental underpinning of ABI. As GEOINT professionals you can be the guides for your organization as they proceed down this perilous path. Help take the right steps, avoid missteps, and take advantage of technology.

Let’s start with the first problem of ABI….

Spatially Correlate Information - Slide

We need to have a single method to manage and correlate multi-intelligence information. The early explorers tried many different techniques. They created large object-relational databases with complex ontologies. They created data lakes of unstructured information. They fully-text indexed their information and made it easy to search and find data. The problem with all these techniques is that all of the information required analysts to sift through the data and perform cognitive correlation of data. What was needed was a common framework that could be applied to all the data to actually gain more understanding from it, while decreasing the analytical timelines and manpower to derive this needed information.

Georeference-to-discover - Slide

The earlier explorers discovered something many of us have known all along. The only common organizing framework we can apply to all information is space and time. All activity occurs at a place and at a time. ……………Personal Anecdote………….  We can use geography as an organizing principle to help us correlate information and enable us to discover key events, trends and patterns in our data. By managing our information in a spatiotemporal construct we can apply robust analytic tools to the data. We can use time tested techniques to curate and capture data. The early practitioners of this started simply by adding X,Y and T to all of their data. This let them put their “dots” on a map, but more importantly visualize the spatial importance or relevance of data over a geography, over times of interest. This simple technique allowed them to visualize and ask complex questions of their data.

As organizations became more advanced, they realized that there was more they could do with this information. They could represent information using complex geographic relationships. They could add context to their information by “geo-enriching” the information. This allowed them to leverage the wealth of geographic knowledge they had in their organization and made their intelligence information richer and more valuable. This took them beyond visualizing and into a complete understanding of the context for the data to help them answer questions about a particular geography or target.

This approach establishes the first pillar of ABI. Georeference to discover. Instead of exploitation then Georeferencing.

From Single-Source to Multi-Intelligence Integration - Slide

The second problem of ABI was the challenge of moving from a world of single source exploitation to a true integrated multi-int environment. In the early days of ABI, analysts would exploit their individual intelligence sources before correlating them with other data. This resulted in many significant activities being overlooked because the separate intel datasets were not interesting in isolation. The fact is, the more you know about a particular area, the better your analytical output will be. “Let’s face it, most analyst begin their analysis with reviewing the last report of a facility, or order of battle. They start from what they already know.

Early attempts to correct this fell short. Early applications brought together views of the raw intelligence data into a single view, which did allow analysts to integrate the data. However, they were unable to perform more robust analytics because the integration only occurred at the application level. For most apps this meant they could only see the data but not analyze or understand it.  If you needed to perform real-time or predictive analytics you would need to build that into every application, instead of leveraging existing architectures. Obviously, many companies could get rich off of this technique, but it did not scale well for the organizations.

Integration before exploitation - Slide

What our early explorers figured out is that they can create a solid logical architecture with separation between data, visualization, analysis and applications. They leveraged open standards to integrate many systems instead of application level integration.

Using this technique, they could apply real-time and big data analytics to perform intelligence analysis at machine speed. This let’s analyze data at the point of entry. This key concept allow real analysis to take advantage of the data, it also ensures there is analytic value to the data you store for forensic analysis. The inverse isn’t true. You can just store data separately and later hope that forensic analysis will bring it together.

This establishes the second pillar of ABI - Integration before exploitation.

Prize all data - Slide

The third problem of ABI was the challenge of moving to a world of scarce single source intelligence to one of plentiful data from multiple sources. Early so called ABI systems were actually purpose built to specifically exploit some new intelligence sources like Wide Area Motion Imagery (WAMI) and other technical collection. This worked well until the problem set shifted and we had to work in denied areas where the sources of information were different.

The problem is that different data requires different tools and applications to properly visualize, synthesize and analyze the data. The same exact application can’t be used for WAMI and Twitter data for example. One needs a complex video player capability and the other needs rich media interaction. To combat this problem, ABI teams would have embedded developers. They could customize and build the applications needed based on the individual data sources. This was great for the teams but it did not scale. Application maintenance became problematic and building a staff of capable developers can be nearly impossible.

Data Neutrality - Slide

What our explorers figured out is that we need to prize all data regardless of source. This means establishing a standard practice for integrating all data into analytics processes. They applied the best practice in their architecture, they had logical separation of data and applications. This allowed them to leverage standard commercial applications to exploit much of their data. Professionals had their toolsets, Desktop GIS, Statistical Packages and advanced visualization tools which could be leveraged to exploit the data.

Application frameworks would be used by advanced staff to capture and share focused tradecraft across the organization. These frameworks do not require developers and they allow for quick creation of focused apps on a common foundation which could be used quickly and then discarded.

Enabling the exploitation of all types of data regardless of source. This establishes the third pillar of ABI – Data neutrality

Sometimes the answer arrives before you ask the question

This is probably the most vexing problem in ABI, often times by the time you know which questions you are asking, it is too late to begin the collection and tasking process! What you need is to have already been collecting the information in the first place to answer the question. Our early practitioners tried to solve this problem with technology alone. They created big data archives and dumped all sorts of information into it with the assumption that they could make sense out of the data later.

The problem with this approach is that information still needed to be cleaned or normalized and prepped for analysis. There is a lot of noise in the data that needed to be sorted out and the more unfiltered data collected the more noise there was.

Sequence Neutrality

This is where our early explorers defined our next pillar, Sequence Neutrality. You need to collect data, without a question defined and store the data where it can be retrieved and analyzed easily. This changes how you think about tasking and collection.

This pillar introduced new challenges, however, how do we logically manage and store information and make it easy for analysts to discover and use. How do we condition the date to make it possible to have key data already correlated, and information connections already defined?

Integrated Intelligence Enterprise - Slide

This is where we need to leave the realm of Activity Based Intelligence and examine the larger Intelligence Enterprise. Our Intelligence Enterprise should be the core enabler to a smarter community. It functions for a larger purpose then just supporting Activity Based Intelligence. We are managing our Strategic and Current Intelligence. We are developing our Basic Intelligence profile of organizations, equipment and individuals. This Foundation Intelligence information has to be made available as data and analytic services so it can be combined and leveraged in an ABI context. For example, the data we are collecting about facilities, can be used to help us identify individuals connected to a facility. Connect that with point of interest data and you can rapidly build a picture of an individual’s pattern of life.

 Foundation Intelligence provides situational awareness, monitoring and reporting information. It is the Organizing Model for our Known Information. ABI consumes information from our foundational systems and it contributes data and develops new information.

You can think of this in terms of Object Based Production. OBP provides the set of known entitiies and realtionships ABI is used to identify new entitites and to extend netowrks. This foundation intelligence help correlate entities. Foundation GEOINT provides context about locations and human geography. Combineing to create new understanding.

Four Pillars– Resting on the Intelligence Enterprise - Slide

So from our early explorers we have learned that there are 4 essential pillars of ABI.

  • Georeference to Discover

  • Integration Before Exploitation

  • Data Neutrality

  • Sequence Neutrality

For these to have any relevance they need to be connected to our Intelligence Enterprise where they consume data and analytic processes and contribute new information. ABI adds the method of Discovery Intelligence to our Intelligence Disciplines. We think ABI is a major advance in intelligence techniques which has Enterprise GIS at its heart, so as you return to your organizations, perhaps you should work with your counterparts who are already implementing ABI and see if these principles and these new techniques would be useful to you.

Remember, in this complex world it is not enough to apply the tried and tested methods of intelligence. We must expand our toolset with a focus on discovering the unknown-unknowns and contributing new kinds of intelligence analysis. ABI with its foundation in spatial thinking can help address this challenge.

Wrap Up Slide

A key reference I used when creating presentation is an excellent book by Patrick Biltgen and Stephen Ryan called Activity-Based Intelligence: Principles and Applications.