Rajiv Shah - BAE

1 | Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS is a trade mark of BAE Systems plc. (See final slide for restrictions on use.)

BAE SYSTEMS PROPRIETARY

BAE SYSTEMS PROPRIETARY 1

Big Data Approaches for multi-source intelligence, open source and communications intelligence

Rajiv Shah Director – Cyber, Intelligence and Security

2 Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS is a trade mark of BAE Systems plc. (See final slide for restrictions on use.)

|



BAE Systems ˃ Key facts

World leading innovator

Over 80,000 employees worldwide across 6 continents

£16.6bn sales in 2014

£50m+ invested annually in education and skills globally, working with universities worldwide

£11bn+ spent with over 25,000 suppliers globally


|



BAE SYSTEMS APPLIED INTELLIGENCE HAS:

Pedigree in NS / LEA / Military

Been delivering systems like this for 10+ years

Skills in system design, build, support and business change

An understanding of complex security and data handling environments

A modern architecture that’s separable

• This means customers can take parts, layers or all of our solution

Why BAE Systems Applied Intelligence

Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS is a trade mark of BAE Systems plc. (See final slide for restrictions on use.)

|



The IntelligenceReveal Mission Monitor, Identify, Prevent

“Provide those who defend nations, organisations and citizens from physical

or cyber threats with the tools they need to best mitigate risk, identify threats

and disrupt the opportunity to cause harm”


|



What are the problems we are trying to solve?

Exploit all your data from disparate systems

Extract maximum intelligence value

Use automation to identify valuable links and make analysis ‘easy’

Collaborate effectively to ensure less risk of intelligence failure


|



Challenges

• The role of those involved in communications intelligence is becoming more challenging

• New technology, new user behaviours, and new regulations are making it harder for analysts to complete their diverse missions

• New solutions are needed to improve mission effectiveness, the allocation of agency resources, and speed up the gathering and dissemination of valuable intelligence to those who need it

• The challenges to be overcome include:

• External Technology Challenges

• People and Organisational Challenges.


|



Challenges

• Intelligence Agencies, Law Enforcement Organisations and the Military are increasingly trying to analyse multiple types of data from a wide range of sources in order to improve efficiencies and effectiveness

• This is often referred as Multi Source Exploitation

• There are challenges to be overcome including:

• External Technology Challenges

• People and Organisational Challenges


|



Siloed Systems and Data Sources

CCTV Data CCTV Analysis

Tools

Travel Data Travel Analysis

Tools

Target Data Knowledge Base

Data Analysis Tools

Intelligence Reports

Passport Data

Internal

External

Siloed Systems

• Existing analytical systems are often siloed with no integration between them.

• Often other business systems are also separate including Knowledgebase, Core and National systems.

Data Source Integration

• There are also difficulties integrating data sources both within an organisation and especially outside of an organisation.

• The difficulties can be due to:

• Policy

• Ownership

• Lack of benefit to share

• Security and sensitivities


|



Data and Analytical tools

Data

• Increasing data volumes, especially as more devices and things move online.

• Greater variety and types of data, again with more devices and things online, and a greater number of services.

• Rapidly changing data especially as new services and data sources become available.

• Patchiness of data due to being targeted and also due to general patchiness in some acquisition techniques, e.g. CCTV.

Analytical Tools

• Current analytical tools are often complex with unintuitive user interfaces.

• Cost to implement multi source analysis capabilities can be huge with delivery, support and training.

• Some tools can be inflexible to meet customer specific requirements.

• Tools are often required to integrate with many 3rd party products and systems.

Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS is a trade mark of BAE Systems plc. (See final slide for restrictions on use.)

|



IntelligenceReveal Cycle

The IntelligenceReveal lifecycle is a cyclical and sequential process that allows information to be developed into

intelligence and action to be taken.

IR has been designed in a modular way with this cycle in mind to ensure the solution provides appropriate tools at every

stage of the cycle in support of effective decision making in an audit-able and transparent way.


|



Example Dashboard/ Workbench

My Actions You Have 2 Overdue Actions Disseminated to me: 10 Delegated by Me: 3 Overdue: 1 My Teams Actions: 23 Create New Action View All My Actions

My Alerts Add new Alert

0 Unread

My Briefing

4 new items

My Workbench

My Maps

Burglary Car Crime Robbery All in my Area

My Cases

2 new items

Expenses

General Orders

Working Time Recording

Friend Requests

2 new items

My Wall Status: Out on patrol (GC20)

John added you as a friend Alert: Peter Smith is being released from Prison Tomorrow Traffic are looking for new staff

Add status update

BOF2

Iquanta

Overtime Weather

My Links Google Alerts Local Crime Mapping Add NIM Action My Performance Data DIM Agenda Force Intranet BBC News Top ASB locations Top ASB victims Crime series and hotspots

Add new Items

Intelligence Requirements

Latest News The new mobile data solution is going live in the area tomorrow read more…

The new tasking solution saves the force £300k read more…

K Squad make £50 k for charity Supt Smith asks people to stop parking in his space…… John wins the force award

17 new items

BBC News: Cyber criminals target bank….…

12 | Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS is a trade mark of BAE Systems plc. (See final slide for restrictions on use.)



IntelligenceReveal Policing Scenarios


|



Intelligence Led Policing

NIM Tasking

Action Management

User Dashboards

Management Data

Distraction Burglaries

Self Briefing After Holiday

Child safety

Briefing and Tasking

Identification Evaluation Action Outcome

CO

RE I

NTELLIG

EN

CE R

EVEAL

Review

Mapping

Tactical Plans

Alerting

Reducing Harm and Risk

Reducing Crime and Anti-social Behaviour

Tackling Serious and Organised Crime

Increased Efficiency

Financial Savings

Safeguarding

CT National tasking


|



Questions?

Rajiv Shah Director – Cyber, Intelligence and Security BAE SYSTEMS 14 Childers St Canberra City ACT 2601 Australia T: +61 423 643424 Email: [email protected] Copyright © 2017 BAE Systems. All Rights Reserved. BAE SYSTEMS, the BAE SYSTEMS Logo and the product names referenced herein are trademarks of BAE Systems plc. No part of this document may be copied, reproduced, adapted or redistributed in any form or by any means without the express prior written consent of BAE Systems.


|


|



˃ Search

IntelligenceReveal Search and Analysis

• Simple search with choice of: • Single attribute, attribute type, data range, date source.

• Federated search • search directly over data in the external data sources,

without having to bring the data into the IntelligenceReveal stores.

• Results displayed in summary cards

• Relevance ranked results

• Saved searches to run at later date

• Advanced searching including: • Co-location searches looking for other people or assets which

have been in a similar location at a similar time.

• SIM swap searches.

• Geo area search for both locations and events


|



˃ Entity analysis


• Network visualisation • View and analyse entities within Subject of Interest

Management and biographical data on a network chart.

• Expand entity to view related entities.

• Apply multiple different network layouts.

• Filtering of data by: • Boolean / Fuzzy text filters.

• Attribute types.

• Entity details view • Select an entity to view more information associated with it.


|



˃ Event analysis


• Map visualisation • View geographic event data, such as observations of a

phone using map visualisation.

• Swim lane visualisation • View event data, such as phone calls or online activity on a

swim lane or timeline visualisation.

• Grid visualisation • Visualise results from their search within a grid view as a list

of events.

• Filtering of data by: • Boolean / Fuzzy text filters.

• Attribute types.


|



˃ Unstructured text analysis + Export and publish


• Visualisation of: • Geographical data contained within unstructured content, e.g.

Email, web page or report.

• Results from their search within a grid view.

• Temporal data, primarely on time lines, graphs or calendars.

• The actual content itself e.g. Document.

• Multimedia data, primarely images, videos or audio files.

• Documents and extracted entities on a network chart.

• Data can be published / exported as: • Word

• CSV

• Snapshots of key visualisations


|



˃ Manage and store Investigations

IntelligenceReveal Subject Management

• Users can perform the following tasks on investigations: • Create an investigation as a means for collecting SoIs

relating to a specific threat;

• View an investigation, as well as key attributes and related SoIs;

• Update an investigation’s attributes and links;

• Delete an investigation if it is marked as work in progress.


|



˃ Manage and store Subjects of Interest (SoI)

IntelligenceReveal Subject Management

• Users can perform the following tasks on SoI: • SoI creation - create a SoI to represent a person,

organisation, location or asset related to an investigation;

• SoI view – view all of the information related to a SoI including recorded attributes, assets and connections;

• SoI update – add additional information to a SoI;

• SoI deletion – delete a SoI if it is marked as work in progress;

• SoI-based alerts – receive notifications when a SoI or investigation record has been updated;

• SoI search – search for SoIs within SoI Management;

• SoI favourites – add SoIs and investigations to their favourites;

• SoI builder – create investigations and SoIs based on data found in Search and Event Analysis.

Rajiv Shah - BAE

Law

Transcript of Rajiv Shah - BAE