Fusion of Intelligence Information: A Bayesian Approach

Elizabeth Paté-Cornell presents a classical probabilistic Bayesian model that she believes can be utilized by the intelligence community to aid in the fusion of intelligence information. The awareness of the need for such fusion is apparent in the wake of September 11, 2001, which the author suggests the probability of impending attacks can be found through a Bayesian analysis. The author's two major arguments for the use of the Bayesian model in the IC, particularly related to terrorist attacks, is that it allows for the computation of the posterior probability of an event given the probability of the event prior to observing signals, and the quality of the signals based on the probabilities of false positives and false negatives.

Summary:
The author begins by discussing the problems associated with a fusion of information within the US intelligence community, namely difficulties in ensuring internal communications and the difficulties in merging the content of multiple signals, some more sharp than others, some dependent or independent of others. This research claims that Bayesian analysis can be applied to help solve the difficulties associated with the latter and is explained in terms of identifying the probability of an impending terrorist attack. It should be noted the author does not claim the model will better detect impending terrorist attacks, rather that it can increase the probability that an attack plan is foiled through guiding "clear thinking at a time when the amount of information is large and confusing and intuitions can be seriously misleading" (Paté-Cornell, 2002, p. 454).

The elements of Paté-Cornell's Bayesian model can be explained through the following notations:

 

Namely, the event of interest throughout the article is an impending terrorist attack. Through the model, the author presents formula that addresses both the prior probability of the event occurring before reading signals, such as intercepted telephone conversations, as well as the quality of the signals. The formula, as appears in the following figure, considers what alternatives to the event of interest could occur in conjunction with the signal, a very important thing to consider in the intelligence field.

Additionally, the formulas the author presents address the chances the signals observed are false positives, or that some signals has been missed (false negatives), and how these affect the probability of a future terrorist attack. The probability of false positives can be calculated by considering the prior probability of the impending attack without considering the signals, in conjunction with the rate at which the signal occurs during normal sensor operation when the event does not occur. She explains that her definition of false positives and its application in Bayesian analysis is most useful to the intelligence community because of its consideration of the prior probability of the event, especially considering how drastically the prior probability has increased post-September 11.

Estimating the prior probability of an impending attack can be considered as a combination of the intention of the enemy to attack, the effective planning of that attack (ie. the ability of the perpetrators to coordinate a plan and avoid detection), and the successful implementation of the plan on a given day (ie. the ability of the perpetrators to carry out the plan and avoid target's safeguards). The author argues that the identification of these probabilities alone is of use to the intelligence community given the chance to reduce the probability of an attack attempt through various measures hitting these areas (ie. cutting flow of funds or increasing security).

Critique:
The research applies a Bayesian model by using hypothetical numerical illustrations for the interpretation and fusion of intelligence information and could be strengthened through the use of real-life numerical examples, though sensitive in nature. Additionally, the author switches between examples for multiple formulas, sometimes relating it back to the overarching theme of terrorist attacks, while other times relying on the unrelated example of testing chemicals for poison. This back-and-forth detracts from the overall readability of the research and does not add to the application of the model to the intelligence community. The author uses good examples of potential signals used intelligence but does not carry them throughout the research.

The author further admits some limitations of the research. First, the assumption that both the event and the signals are black and white, either they occur or they do not occur, which is not always the case, particularly in the intelligence community. Further, the research assumes that the likelihood of false signals, whether positive or negative, remains the same throughout time, also unlikely in the intelligence field. Finally, many of the sources of data for such a model are difficult to accurately quantify, including the frequency of past observations, reliability data for sensors or links, or expert opinions. For instance, how can we accurately, and quantitatively, determine the reliability of human intelligence?

Overall, the research is very interesting and provides insight into the intelligence community and process. Admittedly, the approach only helps solve the second half of the information fusion, not aiding in the means of internal communication among the intelligence community, however, any reduction in uncertainty, particularly through objective means, helps the success rate of thwarting plans of terrorists attacks, or other such problems addressed by the intelligence community.

Source: 
Paté-Cornell, E. (2002). Fusion of Intelligence Information: A Bayesian Approach. Risk Analysis: An International Journal, 22(3), 445-454.

Game Theory-Based Identification of Facility Use Restriction for the Movement of Hazardous Materials Under Terrorist Threat

Summary:
Reilly, Nozick, Xu, and Jones (2012) developed a model of interactions among government, terrorists, and carriers of hazardous materials using game theory. Their intention was to understand how governments might prohibit certain travel routes for carriers shipping hazardous materials, how the carrier might decide which routes to take in response to the prohibitions and the threat of terrorism, and how terrorists might target available links and in what frequency. An extension of a two-person, non-zero sum game, Reilly et al. constructed a  non-cooperative, non-zero sum three-person game in which the government is the leader and both the carriers and terrorists are followers.

The idea of the research is that governments will respond to threat levels of terrorist activities by restricting the transportation of hazardous materials that could place the greater population at risk. These restrictions would likely come in the form of prohibited travel routes for carriers to reduce risk. In reaction to these restrictions, carriers must decide which routes to travel while considering travel time and consequence measure, a combination of population exposure and accident probability. Terrorists meanwhile react to government restrictions by choosing targets whose access will not be impeded by such route restrictions. The research operates under the assumption that the terrorists will be equally aware of route restrictions as carriers will be.

A case study applying this to the rail systems used by carriers of hazardous materials found 259 links which could be considered of interest to the government in terms of risk restriction. The research considers the change in expected payoff for terrorists upon restrictions, compared to the change for carriers. In some surprising cases, the expected payoff for terrorists increases with government restrictions, while other times it returns to the same point as no restrictions, though at a substantial expected loss for carriers who cannot transport a percentage of their total carloads due to the restrictions. This shows that despite government's best intentions, route restrictions may further exacerbate threats.

Critique:
The research by Reilly et al. only represents the interactions between the three parties for the movement of hazardous materials by a single carrier. While this creates reasonable rules to predict carrier and terrorist actions with regards to a maximum allowable expected payoff for the terrorist, it significantly limits the scope and utility of the research in the intelligence and policy fields. As the authors note, to improve the research the formulation and solution procedure should be expanded to handle multiple carriers with several origins and destinations. Additionally, the current research lacks depth in that it only considers single attacks by terrorist organizations, rather than coordinated attacks. Given the maximum profit-seeking nature of terrorists, this inclusion would also substantially improve the utility of the research.

The research, or perhaps the limitation of game theory, also fails to include the albeit unlikely scenario that government restrictions on particular routes would cause either carriers to cancel shipments altogether and/or for terrorists to change targets away from hazardous materials if the expected value is not significant enough. In some of the cases presented in the findings, the carriers project substantial loss, though this application of game theory does not account for the potential political backlash carriers may inflict on government, complicating the goals of government. It is narrow-minded to assume that any government will strictly look to minimize security threats without considering the economic and political backlash such closures would have. I do not consider this a failure of this particular research, rather a weakness of game theory itself.

Source: Reilly, A., Nozick, L., Xu, N., and Jones, D. (2012). Game theory-based identification of facility use restriction for the movement of hazardous materials under terrorist threat. Transportation Research Part E, 48(1), 115-131. Retrieved from http://www.sciencedirect.com/science/article/pii/S1366554511000810

Modeling Behavior of the Cyber Terrorist

According to the article “Modeling Behavior of the Cyber Terrorist” by Gregg Schundel and Bradley Wood, it is not clear whether the Cyber-Terrorist is real or simply a theoretical class of adversary. However, this work is based on the assumption that the Cyber-Terrorist is a very real potential threat to modern information systems.

The Experiment
In order to red team an unknown, potential adversary, a set of parameters are set for the red team to follow based on the Defense Advanced Research Project’s Agency’s (DARPA) understanding of terrorist behavior:

• The cyber-terrorist is believed to have a level of sophistication somewhere between that of a sophisticated hacker and a foreign intelligence organization.
• This adversary is assumed to be able to raise funds on the order of hundreds of thousands to a few million dollars, and he is willing to spend these funds to accomplish his mission.
• This adversary is assumed to be able to acquire all design information on a system of interest.
• This adversary is assumed to be very risk averse. Premature detection is a serious negative consequence for the cyber-terrorist.
• This adversary has specific targets or goals in mind when they attack a given system.
• The adversary will also expend only the minimum amount of resources needed to accomplish their mission.
• The cyber-terrorist is assumed to be professional, creative, and very clever. They will seek unorthodox and original methods to accomplish their goals.

Findings
The Information Design Assurance Red Team (IDART) spent most of its time gathering intelligence on the target system. Their results were only considered successful if the team met their objectives and preserved stealth. In this study the red team followed the same basic process repeatedly, and gave up before mounting an attack with a risk threshold that was too high.

Conclusion
DARPA’s experience suggests some improvements to the process that they are using to model the cyber-terrorist adversary including the use of additional red teams, improving the scientific method used to record and test red team behavior, incorporating verified terrorist behavior, war-gaming cyber terrorist scenarios, and improving the library of possible approaches to difficult threats.