Uncloaking Adversaries through GIS

Using GIS for Activity-Based Intelligence

Presented by Esri Esri's logo

In modern conflicts, adversaries hide in plain sight. Their intentions are often disguised in overwhelming volumes of data. In response, intelligence organizations are implementing activity-based intelligence (ABI) to uncloak these adversaries. ABI applies geographic thinking in new ways to help solve today's complex intelligence problems. The implementation of ABI involves the convergence of new and old sources of intelligence information and new ways of thinking about intelligence production.

At any given moment, every person, thing, location, or activity is connected to place and time. This spatiotemporal data is essential for intelligence. It is captured by sensors, transactions, and observations, which intelligence analysts can bring together in a geographic information system (GIS). GIS manages data that's critical to discovering the unknown. GIS analytic tools transform data into intelligence that drives action.

ABI moves the intelligence process away from traditional and passive workflows and production, toward ones that are targeted, focused, and driven by results. The principles of the ABI approach are as follows:1

  • Discovery by georeferencing — To the extent possible, georeference all your data before you exploit it. This single act will bring additional structure to your data and prepare it for analytical workflows.
  • Data neutrality— All data has value. A preference for traditional intelligence data may lead you to overlook opportunities offered by the open or unclassified sources.
  • Sequence neutrality — Sometimes the answer arrives before you know the question. Data must be continually collected and integrated so you can follow a trail of clues in time and space.
  • Integration before exploitation — Take a multi-intelligence approach to problem solving. Activity in only one intelligence source may seem insignificant. Only an integrated view of activities will reveal patterns or trends.

ABI methodologies are not new; in fact, many practices related to ABI have been performed for years. As far back as the Indications and Warnings, community methodologies have been used for detecting patterns. More recently, when the Undersecretary of Defense for Intelligence (USD(I)) defined ABI in 2010, ABI was being implemented by many small teams in the Department of Defense (DOD) and intelligence community. Today's challenge is scaling out this workflow to the entire intelligence community, moving ABI practices from small, resource-rich teams and extending it to every analyst. This will require organizations to harness the latest advances in technology and bring order to the growing volume of intelligence data.

Space/Time Data Conditioning

Activity data comes from a variety of sources and requires specific conditioning before it is useful. The challenge is each stream of data has different characteristics and attributes. Location is the only common value across the data sources and can be used to integrate disparate data sources. Separate data sources, like contact reports, imagery observations, and even social media check-ins, might all tie back to a single individual or organization. Connecting these datasets in time and space helps identify specific entities. GIS allows analysts to define rules to integrate multiple data sources. For example, geocoding can be used to take text data with place-names and addresses and, in turn, locate it to a specific coordinate on the ground.

A large volume of intelligence comes through manual intelligence reporting. These techniques might be imagery intelligence (IMINT) specialists watching drones, or human intelligence (HUMINT) agents in the field. They can use smart, form-driven applications to capture structured observations. These structured observations become data points, which are integrated along with all the other sensor data, adding to the known intelligence data. Capturing data in these ways ensures data neutrality and integrates all data with a location element (Georeference to Integrate and Discover).

With the data georeferenced, analysts can apply another key tool in the GIS toolbox: the GeoEnrichment service. GeoEnrichment is the process of connecting raw intelligence observation data with foundation intelligence. Foundation intelligence provides context about the environment where these activities occur: cultural factors like religion, language, and ethnicity; the physical environment — urban or rural; and known locations like safe houses and meeting places. Connecting observations with known information gives critical context and helps find the suspicious activity within all the normal activity occurring around it.

Enabling a Spatiotemporal Data Environment

Over the past few years, the intelligence community has created an IT platform and information sharing environment known as Intelligence Community IT Enterprise (IC ITE). This environment leverages cloud computing technology, connecting people to data. GIS technology is deployed in this environment, which allows analysts across the intelligence community to access spatiotemporal information and integrate it into their intelligence workflows.

As the functional manager for geospatial data, the National Geospatial-Intelligence Agency (NGA) hosts the Intelligence Community GIS Portal (IC GIS Portal). While Sue Gordon was deputy director of NGA, she stated, "The IC GIS Portal, which is our first GEOINT service and provides easy access to NGA data, is now about two years old. Within that time, we've grown from zero users to almost 60,000 users worldwide.2 This demonstrates the power of this data environment for supporting intelligence analysis, access to foundation GEOINT, and simple collaboration/sharing.

NGA is not the only provider of intelligence data services; other agencies provide spatially-enabled content and collaboration services. This is expanding the reach of the spatiotemporal data environment and will make it easier for analysts from any agency to use space and time to collaborate on complex intelligence problems. The next phase of this evolution will be to implement a distributed system of systems, which will support complex security and collaboration models needed in the intelligence community.

There are two primary reasons why the IC GIS Portal has been so successful. First, it has provided access to authoritative foundation GEOINT through easy-to-use configurable applications. And second, it provides an environment where analyst-to-analyst collaboration can occur. Analysts can create dynamic intelligence products and share them with others who are working on the same issues, even if they are in different organizations.

Access to this foundation intelligence and analyst reporting is critical to enabling ABI workflows. In addition, the GIS platform capabilities are expanding with cloud-based applications and services for real-time and big data analytics. GIS can connect to machine learning and artificial intelligence (AI) systems to assist in automated intelligence production and alerting. Imagery will be connected to these systems to enable on-the-fly analysis and production. As new data types are integrated, analysts will be able to spend less time on data conditioning and more time on analysis.

Enabling the Analyst

Ultimately, for ABI workflows to be successful, analysts need to be able to use their cognitive ability to make connections in the data. They need to leverage a powerful suite of analytic tools and visualization capabilities to make sense of data. They need to be able to create rich analytic products that expose their analysis, along with the underlying data and workflows.

The intelligence analyst needs to bring these suspicious entities into focus and track their activities through time and space. ABI takes a discovery approach to building intelligence. Rather than merely providing updates on current intelligence, the ABI method calls for integrating all source intelligence with other data to discover and monitor relevant information. Analysts probe the integrated dataset to make sense of the activities, transactions, and networks. With integrated data, analysts can discover a threat signature or indicator that otherwise is not discernible.

Using ABI's systematic, sequential, and iterative thinking processes, analysts uncover transactions connected to the entity. They also use technology that enlists algorithms to filter data, highlight anomalies, and recognize patterns. To do this work, an analyst can leverage a wide variety of data visualization and statistical tools capable of processing large volumes of intelligence data.

GIS provides visualization and analytic tools for working with intelligence data. Maps, the foundation of a GIS, can be used to understand complex patterns and visualize the spatial importance and relevance of data at a specific time. Geospatial analysis tools can be used to find statistically significant patterns in the data and to help predict outcomes. Maps are just the starting point; data can be visualized in a variety of other formats including timelines, histograms, charts, tree maps, or even chord diagrams for visualizing relationships. Analysts use these visualizations to explore data and to develop assessments.

After making an assessment, the analyst needs to create an analytic product. In traditional workflows, this product would frequently be a written report or other static document. For ABI, this technique falls short — the situation is too dynamic, and products would quickly become outdated and lose value. To solve this problem, ABI analysts need to create living intelligence assessments. They can leverage Esri Story Maps, an application that allows them to create browser-based intelligence products. These products are composed of dynamic maps and include written reports and other multimedia.

Story maps give decision makers a quick, interactive understanding of the intelligence assessment that is always up to date. Other analysts can peer behind the report and see the data and analysis that went into the product. This makes it possible for them to leverage the data in their own workflows.

Implementing an Activity-Based Intelligence Platform

ABI is emerging as a formal method of discovering intelligence. As national security threats become more complex and the volume of data keeps increasing, organizations will need to implement ABI in a way that allows them to scale to all their analysts. With ABI's foundation in spatial thinking, GIS technology is a key enabler. An enterprise GIS creates a spatiotemporal data environment capable of connecting analysts with foundation intelligence data and applications for analysis and production. These tools have been implemented successfully in many organizations and have proved to scale to even the most complex agencies.

If you are interested in learning more about how to leverage GIS technology and ABI methodologies in your organization, visit: http://go.esri.com/FutureOfIntel2018 or contact us at ­­­Intelligence@esri.com.


1 Principles as identified in Activity-Based Intelligence: Principles and Applications by Patrick Biltgen and Stephen Ryan (published December 2015)

2 ArcNews interview of Sue Gordon, Spring 2017: http://www.esri.com/esri-news/arcnews/spring17articles/at-the-nga-gis-underpins-virtually-everything