Initially, fusion centers were seen as a top-down approach where national-level intelligence was pushed down to the state level.  However, over the last five years, local and national law enforcement agencies have recognized the value that human sensor input can add to the intelligence mix.  For instance, state, local and tribal police collect information in the course of their normal work-day and enter it into the systems they use throughout the day.

Consider a simple hypothetical scenario. A local police officer tickets a man, parked where he shouldn’t be, who is taking photographs of an oil refinery (he says it’s for a school project). A couple of days later, on the other side of the facility in the adjacent jurisdiction, a state police officer encounters a different man in the same vehicle, also photographing the facility, but this time with a flat tire as an excuse for stopping where he shouldn’t.  Individually, these incidents would most likely be considered minor events. But if the two officers’ reports are pooled, with the right analytical tools, a fusion center analyst can be immediately alerted to uncover patterns, trends and connections between them that might otherwise remain hidden until too late.

While the above scenario is possible from a technology perspective, there are several obstacles that keep agencies and police departments from sharing information — whether it’s about protecting information, lacking technical knowhow or lacking the resources to do so.

“The reality is that local jurisdictions cannot wait for the Department of Homeland Security to inform them of suspicious activity in their area or for local police to request specific case assistance,” said Tim Riley, senior vice president of Business Development at i2. 

Riley, former CIO of the Los Angeles Police Department led the deployment of one of the world’s largest information sharing initiatives in law enforcement.  Built with i2 products, the system contains more than 250 million records that are accessible within seconds to all officers in Los Angeles and Orange County, Calif.  He worked closely with the Los Angeles Sheriff’s Department (LASD) in launching a centralized database that tied their various systems together that led to the development of the Regional Terrorism Information and Integration System (RTIIS). 

A case study published on search.org notes that the RTIIS has helped solve cases across jurisdictions and even state lines, ranging from burglary to tracking down a gang member and providing the Las Vegas Police Department with vital information that helped them secure a warrant for a narcotics dealer.  Captain Scott Edson of the LASD credits this success not only to the sharing of data, but also to the sharing of data that is collected from all levels — a multi-directional information flow. 

Fusion centers were created following the 9/11 attacks as a joint effort between the Departments of Justice and Homeland Security to ensure and facilitate collaboration and information sharing between local agencies, across state lines, and between the state and federal levels, with a particular emphasis on preventing and responding to terrorist and criminal activities. 

More than 50 percent of fusion centers across the U.S. rely on i2 to help prevent and disrupt terrorist and criminal activity — all designed with protections for civil liberties.  To download a copy of i2’s “Fusion Centers and the Sharing of Intelligence” white paper, visit the premium content section of i2’s Web site, provide a valid e-mail address and choose a password.

William J. Lynn III, deputy defense secretary, and Air Force General Ken Chilton, head of the U.S. Strategic Command (STRATCOMM, which encompasses the U.S. Cyber Command) warn of these escalating threats from cyber espionage and computer crimes, and encourage greater cooperation between the federal government and private industry. The U.S. CERT (Computer Emergency Readiness Team) has been developing the Einstein project since 2004, an intrusion detection system (IDS) that monitors the network gateways of government departments and agencies for unauthorized traffic.  Currently dubbed Einstein 2, its pending third generation deployment (Einstein 3) will not only monitor but also actively block and prevent cyber intrusions.  Businesses that are at risk can ask to come under the protection of the Einstein program; for the time being Einstein is a start in the right direction in protecting critical infrastructure businesses.

“Einstein 2 is like a 1999 Mustang with a little rust,” said James Lewis, a cyber security expert and senior fellow at the Washington-based Center for Strategic and International Studies. “For some companies it isn’t a big deal, but for others who haven’t done much to secure their networks, it would be a good idea.”

There still exists considerable policy discussion as to who will administer this program to private industry.  One possible choice would be the Department of Homeland Security (DHS). There is no question that this needs to become as high a priority as the decision enabling the U.S. Cyber Command to lead the way for military cyber defense.  The risks to national security with an exposed private sector infrastructure are too high.

For more information about cyber, listen to an on-demand Webcast — “Sharing and Layering in Cyber Investigations“.

Friday 16 July 2010 will go down as one of the most memorable days in i2’s history, which stretches back over two decades of high achievement in the battle against crime and terrorism.

The Lord-Lieutenant of Cambridgeshire visited our headquarters in Fulbourn, Cambridge to present the Queen’s Award for Enterprise in the Innovation Category 2010.  During his tour of the offices, he had the opportunity to meet many of our staff and find out more about how the company has grown to become the world leader in developing intelligence and investigations solutions.

CEO, Robert Griffin, who received the award on behalf of i2, emphasised the continuing importance of innovation in the face of increasingly sophisticated criminal and terrorist threats.  He also acknowledged that:  “This is a well-deserved tribute to the tremendous efforts of our staff and it also reflects the continuing loyalty of major clients over many years who have also played a highly-valued role in the development of our market-leading solutions.”

And that seems to be the key to i2’s success: in developing products that truly meet today’s and tomorrow’s needs, there’s no substitute for employees and customers working in perfect harmony.

This is a fantastic achievement and provides important external recognition of the success of our focus on innovation, which has been a central pillar of the company’s development strategy since the company was formed back in 1988.

Friday will be a great day for everyone connected with i2.

“Information sharing and collaboration is crucial in attaining cyber threat identification and mitigation” said Ron Plesco, CEO of the National Cyber-Forensics and Training Alliance, a non-profit organization in Pittsburgh, Pa., that brings together academia, law enforcement and industry to share strategies for identifying, mitigating and neutralizing cyber crime.

Drawing on the insights and experience of i2, we have developed a white paper, “Sharing & Layering of Data in Cyber Investigations,”  that explores the impact of cyber crime, the need for multiple data collection and analysis tools and access to relevant data sources to combat it, and the crucial importance of shared information between government agencies, law enforcement and private enterprise as the key to apprehending and convicting the criminals who commit these illegal acts.  A full copy of the white paper is available on the premium content section of the i2 website.  Click this link to register.

By combining key pieces of the i2 Intelligence-Led Operations Platform with components of the Digital Sandbox platform, fusion centers, police departments and federal agencies will be able to:

• Better identify and asses critical infrastructure for risks.
• Leverage the combination of “human sensor” data from law enforcement data collection with automated open source monitoring and prioritization to identify risks.
• Conduct all-source analysis to mitigate threats.

Information Flow Between the Components

This diagram illustrates the information flow between the components and how each system leverages the information power of the other components. The data stored in a COPLINK node provides valuable information for use in the assessment of risk to critical infrastructure components. Within Digital Sandbox Risk Analysis Center, this information is combined with open source and proprietary information in order to assess critical infrastructure risks. The identified critical infrastructure is then pushed back to the COPLINK Activity Correlation Technology (ACT) module for automating suspicious activity alerting and reporting.

Once critical infrastructure is identified in ACT and monitoring begins, all law enforcement information geolocated to buffer zones around the critical infrastructure is evaluated and can be automatically pushed to the RAC where it is combined with open source monitoring to identify potential threats.

As potential threats are identified, the law enforcement data and open source data are available to analysts using Analyst’s Notebook to analyze the information for further action.

I’m personally very excited about this partnership and look forward to further endeavors with Digital Sandbox.  Check out Digital Sandbox’s blog entry on the combined solution as well.

Analyst’s Notebook and iBase are now pre-loaded with World-Check’s extensive database of Politically Exposed Persons (PEP’s) and heightened risk individuals and organisations.  The combination prvovides analysts with immediate access to the world’s most widely adopted open source research and the powerful tools they need to analyse the research in the context of a particular project or investigation.

Read the full press release.

The article mentions four counties that serve as “nodes” for hosting data for surrounding municipalities.  The model is a hybrid warehouse/federated approach that optimizes resources and connectivity and should serve as a model for nationwide information sharing initiatives.  In this approach, local agencies warehouse their data in a single location, which enables data consolidation for speed of access and sophisticated analytics.  Then warehouses are connected using a federated search and consolidation approach, which enables users of one warehouse to automatically search any warehouse they are authorized to search.  This approach is already in use in multiple jurisdictions, including Colorado, San Diego (ARJIS, also mentioned in the article, is a COPLINK node) and Los Angeles.  To learn more about COPLINK and information sharing, check out the recent webcast about one of the ways Captain Scott Edson and the Los Angeles County Sheriff’s department use COPLINK in southern California.   They are doing some pretty exciting things with suspicious activity identification and alerting to participate in the Nationwide Suspicious Activity Reporting (SAR) initiative.

The challenges to nationwide information sharing are a combination of technical and policy questions.  This approach allows agencies to share the information they choose in the manner they choose, and enables regional information sharing initiatives that generally don’t have to overcome the same policy hurdles as larger scale initiatives.  As those agencies grow their regional initiative and see the value, they are able to expand to statewide or nationwide initiatives much more easily by addressing the policy concerns knowing the technology infrastructure is already in place.

This hybrid warehouse/federated approach is a very effective way to promote information sharing from the bottom-up, ensuring that local agencies participate and receive immediate value from the initiative – something that isn’t always the case with top-down approaches.  Check out the i2 website for more on COPLINK and COPLINK A3.

• Disconnect between management and field officers, between civilian and sworn personnel or between investigators and patrol on how and when to analyze and share information.
• Manpower and other resource issues limiting their ability to analyze and exploit vast amounts of data.
• Training to enable better information analysis practices and proficiency with the tools.
• Political friction at the federal, state or local level, notably policies that inhibit thorough investigations or a lack of political will in support of their missions.
• Issues around software deployment, including outdated versions, insufficient software licenses, or deploying too many redundant systems that do not integrate and require repetitive and time-consuming data entry.

I look forward to communicating with the entire i2 family through this medium from time to time, and please do check back for posts by others from across the i2 community.  As always, I welcome your questions, your comments and your feedback — you can e-mail me at Bob.Griffin@i2group.com.