intelligence gathering | The Contracting Education Academy

Twenty-four hours a day, seven days a week, analysts huddle around computer screens in U.S. Air Force facilities around the world scanning for information that might require immediate action.

These analysts are part of the Air Force Distributed Common Ground System (AF DCGS), which is designed to sift through vast amounts of information for “needles in the haystack” that are critical to national security.

Researchers at the Georgia Tech Research Institute (GTRI) are supporting the mission of AF DCGS in a broad range of ways. GTRI is providing expertise from subject matter experts in an array of sensing areas in which GTRI researchers have extensive experience supporting the development and prototyping of new services needed by the Air Force, conducting training and technology transfer activities for DCGS personnel, and providing advice on the information technology that underlies the DCGS to the programmers who maintain and enhance the system.

By modeling the flow of information through the DCGS, GTRI is helping the Air Force continuously improve the system, boosting efficiency and enhancing its ability to bring together the massive data sets that quickly provide critical information.

“For the Air Force analysts sitting at these workstations around the clock, we want to make sure they get the information they need as quickly, accurately, and efficiently as possible,” said Molly Gary, a GTRI principal research scientist who has led the project for nearly five years. “We want to help the Air Force improve the fusion of data so the analysts can more quickly get an understanding of what it all means and provide actionable intelligence to the commanders.”

The DCGS is the primary intelligence, surveillance, and reconnaissance (ISR) platform for the U.S. Air Force. As part of its operation, more than a thousand analysts sift through a broad range of information, including real-time video, geospatial intelligence, intelligence collected by humans in the field, electronic signals, and other sources to create regular reports on what is happening in global trouble spots.

The Air Force system provides globally-integrated ISR capabilities and feeds into subsystems operated by the Army, Navy, Marine Corps, and other agencies that provide information at the unit level.

The system is complex, dating back to the 1960s and involving more than two dozen facilities around the world. DCGS has been built by a number of different vendors, contributing to a “stovepipe” system in which analysts on one part of the system do not necessarily have visibility into what analysts in other parts of the system are doing. Other challenges include disparate hardware and software systems, duplicated applications, differing operating systems, redundant software solutions, network security requirements, and a variety of information technology (IT) procedures.

To address these challenges, the Air Force is adopting an open architecture strategy in which systems are more standardized and the connections between specialized areas are more transparent – with a goal of making the system modular, more efficient and less expensive to operate. As an independent not-for-profit university-based organization, GTRI is helping map out the full system and how it is connected to the flow of data from one part to another – and ultimately provides information useful to warfighters.

“By going to an open architecture system, the goal is to break down the barriers between different stovepipes to realize more efficiencies,” said Louis Tirino, a GTRI senior research engineer who’s also supporting the project. “We can help leverage a lot of existing and new technologies that are available to break down those barriers to bringing data together. Ultimately, this will help reduce costs for the Air Force and ease the management burden.”

Regents Researcher Bill Melvin and Principal Research Engineer Alan Nussbaum teamed together and initiated the partnership with AF DCGS. The program is also supported by GEOINT Specialist and Senior Research Engineer Kyle L. Davis, and SIGINT Specialist and Senior Research Associate Clayton Besse. Several of GTRI’s eight laboratories are involved in different portions of the program.

Over the past six years, GTRI has been engaged in multiple DCGS tasks. Among them was Project Liberty, which developed and deployed a Forward Processing, Exploitation, and Dissemination (FPED) system to analyze real-time, full-motion video, signals intelligence, and other information to provide critical information to field commanders. The system was delivered just eight months after it was proposed.

GTRI’s support to DCGS builds on earlier work done to improve the capabilities of the Nation’s Multi-Disciplinary Intelligence (Multi-INT) system, which monitors incoming data. GTRI’s work in that effort, known as the Multi-INT (MINT) Data Fusion System, helped automate and rapidly transform functions within the intelligence process to maximize the efficiency and effectiveness of analysts working on this task.

MINT also addressed issues of improving network bandwidth and information processing power to help human analysts stay on top of incoming data by focusing on the most significant information. It used the STINGER Graph tool, developed by GTRI, to assist in identifying relations between data.

For the GTRI researchers, the DCGS work is rewarding because it supports the people who risk their lives in the field.

“Ultimately, the entire weapons system is to help the analyst and warfighter do their jobs,” said Tirino. “By breaking down these barriers across the different lanes of incoming information, we can help make the information more readily accessible to the analyst. All of this is here to support the warfighters.”

Source: http://www.news.gatech.edu/2018/05/08/helping-air-force-search-actionable-intelligence-worldwide

Coordinating distributed denial-of-service attacks, displaying new malware code, offering advice about network break-ins and posting stolen information – these are just a few of the online activities of cyber-criminals. Fortunately, activities like these can provide cyber-security specialists with advance warning of pending attacks and information about what hackers and other bad actors are planning.

Gathering and understanding this cyber-intelligence is the work of BlackForest, a new open source intelligence gathering system developed by information security specialists at the Georgia Tech Research Institute (GTRI). By using such information to create a threat picture, BlackForest complements other GTRI systems designed to help corporations, government agencies and nonprofit organizations battle increasingly-sophisticated threats to their networks.

“BlackForest is on the cutting edge of anticipating attacks that may be coming,” said Christopher Smoak, a research scientist in GTRI’s Emerging Threats and Countermeasures Division. “We gather and connect information collected from a variety of sources to draw conclusions on how people are interacting. This can drive development of a threat picture that may provide pre-attack information to organizations that may not even know they are being targeted.”

The system collects information from the public Internet, including hacker forums and other sites where malware authors and others gather. Connecting the information and relating it to past activities can let organizations know they are being targeted and help them understand the nature of the threat, allowing them to prepare for specific types of attacks. Once attacks have taken place, BlackForest can help organizations identify the source and mechanism so they can beef up their security.

Organizing distributed denial-of-service (DDoS) attacks is a good example of how the system can be helpful, Smoak noted. DDoS attacks typically involve thousands of people who use the same computer tool to flood corporate websites with so much traffic that customers can’t get through. The attacks hurt business, harm the organization’s reputation, bring down servers – and can serve as a diversion for other types of nefarious activity.

But they have to be coordinated using social media and other means to enlist supporters. BlackForest can tap into that information to provide a warning that may allow an organization to, for example, ramp up its ability to handle large volumes of traffic.

“We want to provide something that is predictive for organizations,” said Ryan Spanier, head of GTRI’s Threat Intelligence Branch. “They will know that if they see certain things happening, they may need to take action to protect their networks.”

Malware authors often post new code to advertise its availability, seek feedback from other writers and mentor others. Analyzing that code can provide advance warning of malware innovations that will need to be addressed in the future.

“If we see a tool pop up written by a person who has been an important figure in the malware community, that lets us know to begin working to mitigate the new malware that may appear down the road,” Smoak said.

Organizations also need to track what’s being made available in certain forums and websites. When a company’s intellectual property starts showing up online, that may be the first sign that a network has been compromised. Large numbers of credit card numbers, or logins and passwords, can show that a website or computer system of a retail organization has been breached.

“You have to monitor what’s out in the wild that your company or organization owns,” said Spanier. “If you have something of value, you will be attacked. Not all attacks are successful, but nearly all companies have some computers that have been compromised in one way or another. You want to find out about these as soon as possible.”

Monitoring comments on websites can also reveal what kinds of security reputations organizations may have. If the advice is to avoid a particular organization because previous attacks have failed, that can give an organization a sense that its security is good. Attackers often seek the easiest targets, Spanier noted.

Individual organizations could gather the kinds of information monitored by BlackForest, but few organizations have the resources to connect the information. GTRI customizes the system to gather information specific to each user and their industry segment.

“The average organization doesn’t have the means to crawl all of this data and put together the complex algorithms needed to identify the useful information,” Smoak explained. “Because we have the environment and the connectivity, we have what we need to obtain this information.”

By automating much of the work involved in gathering and monitoring information, BlackForest can allow human resources to be used for more challenging information security activities.

“Our goal is to have tools that will help focus the resources so that the most valuable resources are used for the more difficult issues,” said Smoak. “Right now, we tend to find all kinds of security fires the same. This will help us focus on the most important threats.”

BlackForest joins two other GTRI cyber-security systems already available. Apiary is a malware intelligence system that helps corporate and government security officials share information about the attacks they are fighting. Phalanx helps fight the spear phishing attacks that are carried out by tricking email recipients to open malware-infected attachments or follow malicious web links.

Source: http://gtri.gatech.edu/casestudy/blackforest-gtri-aggregates-cyber-threat-informati

Helping the Air Force search for actionable intelligence worldwide

Twenty-four hours a day, seven days a week, analysts huddle around computer screens in U.S. Air Force facilities around the world scanning for information that might require immediate action.

GTRI’s open source intelligence gathering system aggregates threat information to warn of possible cyber attacks

Search this Website