Finding more time for human-led analysis
Accurate, timely analysis is central to the intelligence community’s tradecraft. The backbone of this tradecraft is the intelligence cycle of acquiring, fusing, analyzing and publishing intelligence information. Historically, this time-consuming manual process has resulted in intelligence analysts spending most of their time on data acquisition and fusion, instead of on data analysis and dissemination of finished, actionable intelligence products.
Automating Tradecraft can dramatically accelerate the time to derive actionable intelligence by automating many of the most time-consuming tasks without replacing human-led analysis. Rather than a specific solution, it’s a vision and approach to intelligence analysis employing technological innovations to reduce the time spent on manual tasks, while retaining the analyst’s ability to control the process.
Addressing intelligence cycle challenges
The intelligence cycle is an iterative process with four stages: Acquire, Fuse, Analyze and Publish. Technological innovations in acquiring and storing data have slowed the latter part of the cycle down. Massive growth in available data and asymmetric threats, along with a decrease in experienced intelligence analysts, has led to new challenges for each stage of the cycle:
At the acquisition stage, intelligence analysts are struggling to bring in all the information they need to adequately answer threat intelligence questions
At the fusion stage, analysts are spending too much time trying to reconcile disaggregated data sources, unify different data formats and remove redundancies
At the analyze stage, manual processes and a lack of skilled resources are slowing down the discovery of actionable intelligence
At the publish stage, threat intelligence is siloed and difficult to disseminate to decision makers
Automating Tradecraft can accelerate the time to actionable intelligence and strengthen the discovery process by automating and addressing the challenges that face intelligence analysts today.
The goal is to positively impact each stage of the intelligence cycle. For acquisition, it can provide data load, import and connector options to a wide variety of internal and external data sources — such as unstructured data from interviews, intelligence reports and social media — to quickly expand the field of investigative analysis. For fusion, it can better automate the process of curating and cleansing data, to provide a common threat picture so that analysts can quickly move into the analysis phase of the cycle. For analysis, it can help an analyst prioritize their time with the generation and testing of hypotheses. And for publishing, Automating Tradecraft can distribute and orchestrate intelligence consumption in real time to a broader set of authorized users.
Acquire and Fuse: Decrease data preparation time
Intelligence analysts often spend about 80 percent of their time preparing data for analysis and only 20 percent analyzing it. There are several reasons for this uneven distribution of effort. Data can be difficult to find and spread out in different silos and formats. Much of it may be unstructured and non-digitized in documents, articles, intelligence reports, interview tapes and handwritten field reports. And it is becoming increasingly difficult to prioritize credible and relevant intelligence content from the increasing volume and variety of available and constantly changing data sources.
An analyst must fuse this data to harness the power of advanced analytics. Given the wide variety of different sources, data is often overlapped and disaggregated. The time spent by an analyst on hand-curating — organizing, merging and resolving — data can be massive. Because of this, analysts are blocked from improving efficiency. This also prevents seasoned analysts from sharing their gained expertise across the organization.
The IBM vision of Automating Tradecraft is to remove many current-day data acquisition and fusion challenges in order to:
- Automate data acquisition from internal, external and unstructured data sources with easy-to-use, ad hoc connectors
- Expand the number of data sources that can be leveraged for intelligence analysis
- Automate rules-based indexing of structured and unstructured data
- Quickly search and visualize data to identify hard-to-find relationships
- De-duplicate data and linking entity identities for an integrated intelligence cycle and faster, deeper threat detection
Analyze: Rapidly acquire actionable intelligence
Even under the best circumstances, analyst teams can struggle to produce actionable intelligence to inform leaders in a world of fast-moving, asymmetrical threats. These teams find themselves increasingly under pressure to deliver actionable intelligence faster. They struggle to narrow down hypotheses and prioritize their preferred investigative pathway, recognizing the “trial and error” method is a time-consuming approach to building intelligence products.
Compounding this problem is the varying maturity of the analyst skill set. Training is largely focused on one intelligence domain. The reality is many private sector organizations lack adequate resources to hunt and investigate threats because of a shortage of experienced intelligence analysts.
Automating Tradecraft improves the analysis phase of the intelligence cycle in two very important and distinct ways. First, it dramatically reduces the amount of time that intelligence analysts must spend on data acquisition and fusion, freeing them up to focus on analytic tradecraft. Second, it brings new and innovative technologies into the intelligence analysis process. It becomes possible to yield more new discoveries, uncover hidden relationships and generate hypotheses that might otherwise be missed.
Envision the future possibilities by Automating Tradecraft through innovative technologies:
- Uncover evidence-based hypotheses with scored confidence levels to ensure that analysts aren’t led down rabbit holes and dead ends
- Deliver a 360-degree contextual view of entities, enabling analysts to find the most significant path between two entities, rather than simply the shortest
- Replace inefficient “pull” discovery models with a “push” discovery model that automatically alerts analysts to new discoveries within networks (e.g., new connections between formerly separate groups) and hidden relationships
- Reduce training time needed before new analysts can begin delivering value to the organization
Publish: Rapidly deliver intelligence to decision makers
The creation, dissemination and consumption of actionable intelligence are all extremely time‑sensitive tasks. Unfortunately, manual processes and the siloed nature of many organizations often present a significant hurdle to sharing intelligence with the people who need it most.
Furthermore, intelligence products are static and, once produced, often require manual updates and republishing to be of value. This places decision makers at a disadvantage, as the intelligence in use for planning may already be obsolete.
Automating Tradecraft brings order and efficiency to the publishing of intelligence information. By automatically generating interactive reports customizable to different audiences, Automating Tradecraft enables teams to:
- Size and position their intelligence to tell the right story to different audiences
- Slice and present intelligence so that decision makers can quickly search for the data that is most relevant to them
- Quickly share discoveries and activities with teams, management and leadership across the entire organization as well as trusted partners
Automating Tradecraft: IBM’s vision for the future of intelligence analysis
Automating Tradecraft is focused on leveraging technology innovation. With an intelligence analysis platform like IBM Security i2, automation takes over manual tasks without sacrificing the analyst’s ability to control and decide on the intelligence process. In addition, an intelligence analysis platform can also automate the vital task of sharing information across the broader intelligence community.
Organizations and companies that can benefit from Automating Tradecraft include:
National security agencies that need to accelerate their data-to-decision process and scale their intelligence resources more efficiently by enabling analysts to concentrate on analysis rather than data collection
Defense agencies that need to rapidly identify and target actors of interest, uncover hidden relationships and associations, analyze massive data sets and focus on mission success rather than missing data
Law enforcement agencies that must quickly exploit different types of data to discover hidden relationships between entities of interest, automate analytics to detect crimes/criminals faster and use advanced analytic tools to generate “hot” leads
Fraud and financial crime units that need to enable experienced analysts to focus more time on analysis to detect fraud and financial crimes faster, empower “junior” analysts to deliver greater value and publish meaningful intelligence to a broad base of users
Cyber threat teams that need to conduct deeper investigations and proactively hunt for new and hidden threats, quickly analyze disparate data and allow SOC analysts to find hidden connections faster
While physical and cyber attacks have evolved sharply in recent years as criminals grow more sophisticated, both in mode and method of attack, intelligence analysts are still using the same manual processes from well over a decade ago.
IBM’s vision of Automating Tradecraft is the evolution of intelligence analysis and years of technological innovation. We’re helping to give intelligence analysts, investigators and threat hunters a decisive advantage in the fight against terrorism, crime and fraud.
More than good technology, it’s technology for good. Discover how the IBM Security i2 suite can help your organization.