Home » Business Areas » National & Homeland Security » Information Sharing and Analysis

Information Sharing and Analysis

To detect, protect and respond in the face of new threats, organizations across government and the private sector must acquire, analyze and share information. Noblis has developed working models for information sharing between public and private sector entities, integrated vulnerability assessments, and field exercises to test vulnerabilities and response plans. We prepared the first comprehensive proposal for a cross-sector information sharing and analysis center shortly after PDD-64. We are partnering with several government and private sector organizations on a prototype information-sharing resource that will enhance access to vital information on threats, capabilities, and response to catastrophic terrorism threats.

Constructive Analysis Models for Threat Assessment

A key Noblis contribution to threat assessment is an approach called constructive analysis. Conceptually, constructive analysis is a simple process. Beginning with a generic acquisition model of the threat, the analyst augments and modifies the model to accommodate each piece of data or information and links that part of the model to the supporting document. Why an acquisition model? Because the adversary has to accomplish certain things in a certain order to acquire the capability to attack. At different points in time, terrorists may do library research, may try to purchase items, may conduct rudimentary R&D, and may test parts of a system. We may have knowledge about some parts of this cycle and may be missing others—knowing that a certain step has to be carried out as a prerequisite to another step may suggest new places to look for information or new kinds of information to look for.

Over time, the model can be built up to a great degree of detail. A production process can be broken down into individual components, all the way down to the level of the starting materials, the kind of equipment being used, and the characteristics of the equipment that might be detectable by some means. Once it has been built, the model can be queried or “mined” to address specific questions or to generate broad reports; it can also be probed to verify the evidence about an activity, a person, or an institution. The model can serve as a collaborative tool, so that different participants can each contribute in their own best way to synthesis. It can serve as corporate memory, to preserve efforts of an individual that rotates to a new assignment.

Knowledge Management Systems

We are applying our unique capability in knowledge management to address the need across many domains for structured access to information and expertise, decision support and collaborative operations. The following initiatives are illustrative of our efforts:

• Counter-Terrorism TIPS Call Center
• Investigative Support Systems (ISS)
• USDA Agricultural Research Service (ARS)
• FBI and States
• County Governments
• Risk and Safety Management Alert System (RASMAS)
• Collaboration & Intelligence Now System (CAINS)
• Incident Management Personnel Accountability System (IMPAS)

Counter-Terrorism TIPS Call Center: Law enforcement is becoming more dependent on tips and information from citizens in solving crimes and in exposing fraud, drug interdiction and terrorist plots. At the same time, the sources of these tips are expanding beyond U.S. borders, and the medium is expanding from phones to email and soon may also include instant messaging. As a result of this expansion, the number of tips is growing exponentially and it is taking more people longer to assign priorities to the tips and to find relationships among them. The current approach can create unacceptable and dangerous delays, is becoming costly, and is error prone.

For a government client, Noblis is developing a prototype system to aid in the processing of tips. The TIPS processing system is an “end-to-end” solution that prioritizes incoming tips, is capable of being trained to identify bogus tips, notifies domain experts of the existence of high priority situations, and allows operators to search for relationships and missing links. The approach, if successful, is anticipated to reduce manual processing by as much as 80 percent, to dramatically reduce processing times, and to result in a much more rapid response by authorities, as well as improved inter-agency collaboration.

Investigative Support Systems (ISS): Criminal and civil investigations are frequently composed of a large collection of facts and findings that are gathered and filed during the inquiry. Making sense of these facts, or finding relationships in them, generally depends on a person with experience reviewing the files and, from insight or serendipity, discovering patterns, trends and directions. This process is generally erratic, can depend on the experience and time available to the investigator and does not have a standard methodology. For the National Institute of Justice, Noblis is developing a prototype investigation support system to aid in this process. Besides aiding criminal justice organizations in solving complex multi-jurisdictional criminal investigations, the system will also assist in training people in investigative techniques and practices.

USDA Agricultural Research Service (ARS): Organizations that have had minimal or no concern over security and have no project classification and access control systems must now consider how to protect sensitive assets with minimal disruption to research productivity.

The U.S. Department of Agriculture (USDA) research and development programs involve visiting scientists from other nations. While these programs have contributed to our agricultural productivity, they also provide a potential source of information that, if misused, could lead to the development of devastating crop and animal diseases for agroterrorism purposes.

To prevent this, USDA asked Noblis to propose a concept that would help identify individuals who could pose a threat to our national security or well being if they were granted access to USDA research activities. In response, Noblis developed a conceptual approach—the Project Access Screening System (PASS)—to rapidly transform the USDA to a security-conscious posture. As conceived, PASS would be a tiered system tied directly to the level of security required to safeguard research projects and their supporting facilities and information systems. This approach creates a balance between security, administrative burden, and the free flow of ideas in the scientific community. The system would use information available in the open literature as well as closed-source resources from the intelligence community.

Noblis worked with the USDA Agricultural Research Service’s (ARS) Special Research Programs (SRP) office, to develop a Knowledge Management System Intranet. This intranet is intended to provide effective communication tools between team members in a secure manner. Through a secure internet portal, the intranet provides communication and coordination tools as well as an online reference library for team members in the office and while on travel. The intranet could also allow field scientists or diagnosticians to coordinate with laboratories and remote offices in the event of disease outbreaks.

FBI and States: As part of our systems engineering support to the FBI over the last decade, Noblis helped the Bureau to develop the Integrated Automated Fingerprint Identification System (IAFIS) and the National Crime Information Center 2000 (NCIC 2000). IAFIS, the national repository for more than 43 million sets of fingerprints and associated criminal records, is designed to support more than 60,000 requests for information a day; law enforcement officers around the country can electronically submit a subject’s fingerprints and receive a criminal history from IAFIS within two hours. The NCIC 2000 system provides a modern, nationwide, on-line clearinghouse of information on wanted and missing persons, warrants, criminal histories, and stolen vehicles and property. It also includes mobile imaging units at patrol cars that can capture and transmit fingerprint or mug shot images to the central database for probable cause determination.

Noblis also works with state and local law enforcement agencies to improve both their systems and their procedures. These activities extend more than a decade, including process reengineering, architecture, systems engineering, and program management responsibilities. For instance, Los Angeles Police Department selected Noblis to lead its process reengineering effort and establish a roadmap toward better use of technology across its operations. Baltimore County asked Noblis to develop the approach for integrating many police information systems, including booking, investigation, crime analysis, case management, evidence tracking, crime reporting, management reporting, and archiving. Several states have come to Noblis for systems engineering and architectural advice in integrating their criminal justice records and exchanging information with other states. Finally, with the University of Maryland, Noblis has established the Center for Criminal Justice Technology, an initiative that seeks to work through state governments to improve the use of technology at the local level.

Noblis’ knowledge of law enforcement includes some very practical contributions to improve the capabilities of investigators in the field. One of these is the Universal Latent Workstation, which we developed at the request of the FBI. This provides a unique “vendor independent” capability that allows a fingerprint examiner to process a print one time and then search for a match in the national database, or in any other repository, regardless of the vendor. Another such contribution was the CARVE-IT computer forensics toolset, a basic toolkit for use by computer forensics investigators in recovering evidence from computer disk drives.

County Governments: In order to address deficiencies in information-sharing between levels of government, Noblis has partnered with the County Executives of America to propose a secure, networked information-sharing system that will enable county executives to meet their responsibilities in this critical area. The system would deliver and monitor information and training to all elements of county government potentially affected by a catastrophic attack; it also establishes a mechanism for the ongoing dissemination and coordination of vital information between neighboring jurisdictions and between government and private-sector entities. Furthermore, it offers federal planners a cumulative view of local capabilities and needs at the state and local level.

Incident Management Personnel Accountability System (IMPAS): In recent years, the fire service has focused considerable and increasing attention on the issue of personnel accountability. “Personnel accountability” is an effort to improve the safety of emergency responders by keeping track of their locations and assignments when operation at the scene of an incident. A properly implemented personnel accountability system will help to insure that the incident command staff knows the exact number and identity of the personnel working at the incident, their approximate locations, and whether they are in distress.

Collaboration and Intelligence Now System (CAINS): This Knowledge Management System works in the background constantly collecting, classifying, organizing and categorizing information on content and its use and people and their actions. Just-in-Time applications are then hung from the system on an as needed basis. Some examples: Instant-On Anti-Threat Communities: Assembles the experts and the reference material for virtually any threat listed in the organization's threat taxonomy and forms a virtual tiger-team with a full set of collaborative tools; Instant-On Expert Communities: Selects the best persons and best content and forms a virtual team with a full set of collaborative tools; Instant-On Training Communities: Assembles the experts and the reference material for virtually any subject listed in the organization's taxonomy and puts them together in an online classroom with the students.

Risk and Safety Management Alert System (RASMAS): Noblis has developed a prototype for a Risk and Safety Management Alert System (RASMAS). RASMAS is a system that acquires, manages, systematizes and presents healthcare alerts and incidents. Its objective is to reduce medical errors and improve patient safety at healthcare institutions. It accomplishes this by providing an on-going information service on alerts, hazards, incidents, and product recalls for use at a healthcare facility. The alert capture process can be expedited through the use of advanced information processing technologies. This initial pilot project proposes to demonstrate the viability of the Noblis alert and incident architecture by creating an initial customizable data source adapter and mining a single alert site, the FDA's MED Watch website. The effectiveness of this automated alert mining and qualification capability will be compared to manual alert mining and qualification conducted by an alerts administration team acting as an experimental control.