House Committee on Homeland Security Report, Boston Marathon Bombing
Enviado por jorumecha • 14 de Agosto de 2016 • Apuntes • 2.266 Palabras (10 Páginas) • 218 Visitas
[pic 2][pic 3]
House Committee on Homeland Security Report, Boston Marathon Bombing
There were opportunities in which greater sharing of information might have altered the course of events
With more and more of our lives being documented, tweeted and discussed online it’s only natural that law enforcement and intelligence organisations are increasingly turning to social media to identify new threats and monitor those that might pose a risk to our national interests. But with more than 20 000 pieces of new social intelligence per second this task is beyond daunting. Organisations that were already struggling with an increased workload most somehow adapt and scale to this challenge and they must do so in era of reduced funding and resources, analysing more with less.
Even if an organisation could manage and explore the sheer volume of data produced by social media, they would still only have a part of the whole story. No single tweet is going to identify the next domestic terrorist and radical elements are becoming more and more sophisticated in the way they interact online. Social media on its own is not enough; organisations must combine it with all their other resources and treat social media as just another source of potential intelligence. [pic 4]
[pic 5]
[pic 6]
[pic 7][pic 8]
Whilst the sheer scale of the problem is the most obvious challenge, it’s not the only one. Organisations must deal with a number of challenges that prevent them from using social media to the best advantage. These include:
- Understanding: How do organisations make sense of the information being collected and how do they know which to ignore?
- Security: How can they monitor targets securely without identifying or alerting potential suspects? And how can they securely share sensitive intelligence with each other?
- Collaboration: How can organisations share their findings or benefit from the work of others?
- Application Diversity: Which application will they use and how will it integrate into their existing systems?
Understanding
The vast majority of information on social media is useless and irrelevant to intelligence investigations. Even the information that might help identify a potential suspect is likely to be cryptic or lost amongst the noise. It’s also unlikely to be a single message that helps identify someone, rather an escalating series of messages combined with other data sources.
Organisations need tools that help them, at scale, derive meaning and understanding from the messages available on social media. It is impractical to rely on a team of human operators to review and parse all messages online to find the most relevant ones. A computerised tool is required to help identify and filter the amount of messages down to a manageable number. This would likely be a number of tools, including natural language processing tools to identify what is being said, linguistic sentiment analysis tools to help understand the sentiment or mood of the message and possibly translation tools to help identify content across languages. As well as tools that help extract entities of interest (ie: mentions of important locations or key terms relating to bomb making) and tools that build on the metadata provided by social media (co-ordinates, urls, ip addresses etc).
But understanding social media is more than just being able to understand what is being said, it’s also the profile of the social handle that posted the message and relationships that social handle has with others. [pic 9]
The profile of a social handle includes the meta-data they provide on multiple social accounts (ie: the same email address was used to register a twitter account and a Facebook account) as well as what else they have said on those accounts. What is their pattern of communication? What else do they talk about? Do they generally talk about the same things over time? Historical patterns are important to. Has a potential suspect recently been discussing radical ideas? Did they used to talk about them on this account but have now gone quiet (implying that they might be trying to cover their tracks or have moved to some other communication medium)?
Understanding relationships can be a powerful tool that can help identify potential new suspects and even sources of radicalisation. Identifying a radicalised person and then reviewing their social relationship network might identify the most likely influencer and allow organisations to focus attention and resources. Building this relationship network requires tools that can model and display this information to users in a way that represents the mental model they have of relationships. There is no point in storing this kind of information in a traditional relational database as organisations need a way to store it in a way that allows them to run powerful analytics that rely on a graph structure easily. For instance, users might need to find all handles in a network that are within 2 degrees of separation and have also discussed the same topics. This is far easier to achieve on a graph than trying to re-construct using a standard database.
Security
Social media data is effectively unclassified (it’s publicly available after all) but to really make use of the data organisations need to combine it with their own intelligence data. This could include matching social handles with real names, combining police reports with messages in that geographical area, identifying a social handle as a potential suspect and so on. For this reason security is paramount and needs to be easily applied to the vast amount of data. There is no point in displaying the social media on its own and then having users move data one at a time to a higher classification level so that it can be combined with sensitive data.
There is also another aspect to security when dealing with social media. In some cases it may not be possible to search for certain names on cloud-based social media tools or even request them from behind the firewall. For instance, a common use case of social intelligence is to be able to monitor the social lives of staff that have security clearances. But to do that an organisation would need to store the names of every classified user on a cloud service that may or may not be stored in the country and will have varying levels of security and disclosure around data breaches. In this scenario, a better approach would be to monitor for topics of interests (ie: things that classified staff should not be discussing online) and bring the social handles of everyone that mentions those topics back behind the firewall. Then it’s simply a matter of comparing that list with the list of classified users and any matches will imply a staff member has been discussing something they shouldn’t. Importantly at no point were the names (or social handles) of classified staff placed in relatively un-secure cloud services.
...