Stopping terrorists in their tracks
The Bush administration aims to build largest system ever for analyzing intelligence data. What will it take to get it done?<@VM>Size matters<@VM>Distributed data<@VM>People first<@VM>Easy-to-use knowledge management tools
- By Joab Jackson
- Sep 05, 2002
Any homeland security system would be a combination of larger databases and smaller ones. "There will be big warehouses, distributed systems and lots of hybrids," said Tim Hoechst, senior vice president of technology for Oracle Corp.'s public-sector unit.
Bill Smithson, vice president for information technologies at MatCom International Corp., said an intelligence analysis system should be built in multiple phases.
WT file photo
All the clues were there: Student pilots interested in flying planes but not landing them; Osama bin Laden wanting to hijack a plane; funds being transferred to the United States from known bin Laden operatives.
What was missing was a way for law enforcement and intelligence agencies that had this information to connect the dots. There was no system or procedure to assemble these related facts gathered by a diverse collection of government agencies.
Being able to do this ? and alerting officials before another strike occurs ? will be one of the main priorities for the President Bush's proposed Department of Homeland Security. The department will tap information from foreign intelligence, law enforcement and intelligence agencies and publicly available information to look for future threats.
To accomplish this task, the new department will be leaning heavily on computing power to collect, store and analyze information.
"What we're talking about is pattern recognition, or use of software intelligent agents to peruse data, [which are] driven by algorithms and rules that define themselves over time," said Steve Cooper, the chief information officer of the Homeland Security Office, during a July 16 press briefing. Such tools "can marry statistically derived outcomes from known events to predictive models," he said.
Such a project could be the most ambitious knowledge management effort ever attempted by either the government or a private company, said Jennifer Hill, director of public-sector strategy of SAS Institute Inc., Cary, N.C., which specializes in business intelligence software.
"I don't think there is anything to compare to how many different bureaus and agencies are being tied together in homeland security," Hill said. "I've never seen that many mergers and acquisitions at one company."
Sanjay Poonen, vice president of worldwide marketing for business intelligence software provider Informatica Corp., Palo Alto, Calif., said, "The nature of what the government wants to do with analytics goes way beyond what normal business intelligence software can offer."
As for the cost, Tom Siebel, chief executive officer of customer relationship management software vendor Siebel Systems Inc. of San Mateo, Calif., said the system that Cooper envisions could cost up to $1 billion.
Perry Luzwick, director of business development of mission support systems for Northrop Grumman Corp.'s information technology division, said $1 billion would be a realistic estimate if the system were built to interact not only with other federal agencies, but with state and local agencies, utility systems and other commercial systems as well.
"I wouldn't even want to ballpark an estimate," said Hill, who conceded that it would not be "a $1 million project."
Which is not to say it cannot be done. Integrators and vendors are confident such a system can be built, if the government plans correctly and executes carefully.During his keynote speech at the eGov conference held in Washington last July, Siebel demonstrated his company's homeland security solution, which took 100 people working full time for months to develop.
The prototype provided a glimpse into how a homeland security knowledge management system would work, including what other systems it would need to operate with and what analysis it would need to perform.
Working on a Web-based console, Siebel executives posing as intelligence agents walked the audience through how to use the system. Through a Web-based portal, an agent gets information from other agencies on the suspected terrorists on his or her own case list. The agent gets alerts on newly identified suspicious behavior and assigns field agents to investigate suspicious activities. And in the field, an agent would draw on the same information from a handheld computer.
Experts in business and government agree that building a homeland security knowledge management system would be a complex endeavor, one best pursued in a series of pilots and pieces to be put in place, followed by more extensive buildouts later.
"The Big Bang approach doesn't work," Hill said. "They need to take it as an iterative approach. They will have to look at various areas and prioritize what is the best approach to take in pulling all this information together."
Hill also said the project would not be a single system to do all the knowledge management chores, but rather multiple ones tied together.Any homeland security system would be a combination of larger databases and smaller ones. One central database just couldn't hold all the information needed for analysis, said Tim Hoechst, senior vice president of technology for Oracle Corp.'s public-sector unit.
"There will be a combination of approaches. There will be big warehouses, distributed systems and lots of hybrids," Hoechst said.
This will lead to a diversity of how the data is stored. Antony Satyadas, the knowledge discovery business leader for IBM Corp., Armonk, N.Y., said a knowledge management system of this breadth must access multiple repositories with files coming in a large variety of formats, from e-mail to Excel spreadsheets. The information must be categorized and indexed.
Standardizing the data found in all these repositories will be a large job, said Terence Atkins, director of public-sector sales for business intelligence software provider Cognos Inc., Ottawa. One database might record names with the last name first, while another might use a different method. Finding a way of synchronizing fields such as this will be one of the integrator's largest jobs.
Once standardized, the data can then be analyzed for potential terrorist threats, Atkins said. Such analysis would involve identifying relationships within the disparate elements. For instance, if an agency knows of the behaviors and events that led up to a bomb threat, then it could search for those patterns within the data.
There are a number of ways to do this task, some easier to accomplish than others, said Bill Smithson, vice president for information technologies at MatCom International Corp., Alexandria, Va. One is to define what characteristics the system will look for and have it comb the data for those traits. That process is pretty straightforward, and existing software can do the job.
The other, more difficult and expensive task would be to have the software itself detect patterns.
One agency that knows this task well is the National Security Agency, said Northrop Grumman's Luzwick. He said a content processing technology already developed by the agency called "Semantic Forests and Semantic Trees" can sift through electronic data, everything from telephone calls to faxes.
Another challenge to those building the system will be speed of analysis.
"If you want to track incidents as they occur, it's a monumentally complex thing to do, especially against more than one database," Atkins said. The ability to query multiple streams of information in real time is not a problem that has been entirely worked out, he said.
Oracle has been working on a way to reduce the amount of data that needs to be monitored, thereby speeding alert times, Hoechst said. The latest release of its software, Oracle 9i, has the ability to stream data that was changed in one database to other locations.
Originally developed as a mirroring tool, this feature can also be used as an alert system when events recorded in one agency's database may be of interest to another agency.Arik Johnson, managing director for Aurora WDC, a Chippewa Falls, Wis.-based firm that does competitive intelligence for companies, said that even the best pattern recognition will only go so far.
"Although software can discover patterns in behavior, that's about the maximum amount of help it can bring. It cannot bring about responsiveness," Johnson said.
But the biggest problem, he said, is that most information that an organization has is tacit, meaning that most knowledge resides with people, not within databases. Thus, any knowledge management system needs to understand the workers of an organization, Johnson said.
Johnson said software created by Tacit Knowledge Systems Inc., Palo Alto, Calif., indexes all the words in employee e-mail and other documents to find out what topics employees are experts in, or at least spend a lot of time discussing. This will give managers a quick way of uncovering who are the subject-matter experts within organizations.
This sort of software may raise privacy concerns but also may help climatize workers to the practice of sharing information, an essential ingredient when dealing with normally secretive agencies.
Cultural change, not technology, remains the biggest challenge to forming a successful department, industry officials said.
James Jacobs, research director at Gartner Inc., Stamford, Conn., said that, on the average, only 30 percent of the cost of a knowledge management system pays for technology. The rest goes towards shifting the policies and organizational culture towards a mind-set of sharing knowledge.
"Too often, an organization will go out and buy a knowledge management solution, and then stop there. Six months later, it'll find people aren't using it," Jacobs said.
"Sharing data has not been a common practice within the federal government. Agencies have stayed within the confines of their own walls, and now they need to take on a different mind-set," said Tom Conaway managing principal for defense at Unisys Corp., Blue Bell Pa.
Otherwise, the effort will be pointless. "The government will spend billions trying to integrate disparate applications without so much of an idea of what they are going to do when they are connected," Johnson said.An intelligence analysis system, no matter how powerful, will be of little value if it's too cumbersome. Here are some companies offering solutions to help make such systems easy to use.
Autonomy Corp. plc, Cambridge, U.K., has developed a data integration platform with a feature that can profile users to offer documents of interest as these files enter the system. It can also categorize large repositories of information by visual clusters, allowing users to easily sort through documents in varied formats.
"The bottom line is you want your knowledge workers spending as much time applying their expertise and as little time as possible searching for data," said John Cronin, Autonomy's vice president for the government sector.
The State Department is testing Autonomy's solution for its Interagency Collaboration Zone, a $17 million pilot project by Accenture Ltd. to share information among agency offices.
The data integration platform from Informatica Corp., Palo Alto, Calif., has a Web-based front-end that can make interfacing with outside data analysis tools easier. Managers can use this "dashboard" to keep an eye on data trends or events. "Anyone is able to use it," said Sanjay Poonen, vice president of worldwide marketing for Informatica.
Silicon Graphics Inc., Mountain View, Calif., recently introduced its Visual Area Network for collaborate remotely on large three-dimensional documents. The company's modeling software gives emergency workers and other personnel a better view of the geographic challenges they face in given locations.
"If people have a visual view of events, then they can see trends that they couldn't as easily see otherwise," said Eng Lim Goh, chief technology officer for SGI.
Webversa Inc., Reston, Va., developed a middleware application that sends alerts, generated by computers or by humans, simultaneously over multiple devices such as cellular phones, Blackberry e-mail readers and beepers.
DynCorp, Reston, Va., rolled Webversa's product into its Homeland Security Response Tracking System. This system, employed on a pilot basis as a service by Fairfax County, Va.'s hazardous materials unit, alerts emergency response personnel whenever a biological incident occurs.
Joab Jackson is the senior technology editor for Government Computer News.