TOP SECRET//COMINT//REL 10 RT Initiative
 Overview Dr. James Heath
 
 Program Management & Advisors: COL Bob Harms / COL Barb Trent / Michelle Gerhard 
 Architects: / Mark Ross Presented by TOP SECRET//COMINT//REL TOP SECRET//COMINT//REL Why Innovate? • Volume & convergence – Front-end filters data – Reaching limits on legacy systems • Latency – Processing, storing, and query – Difficult to enable tactical operations • Analyst Limitations – Non-integrated tools – Collaboration limited – Knowledge-bases are limited TOP SECRET//COMINT//REL TOP SECRET//COMINT//REL 10 RT Overview • Real-time, distributed architecture for mobile (tactical) and fixed (national) operational environments • Provides – – – – Access to more comprehensive data in near real-time Integrated analytical workflow with complementary tools Real-time alerting, both national and tactical Integration across national-to-tactical SIGINT capabilities • Expected Results: Order of magnitude improvements in real-time SIGNIT architecture for the U.S. Cryptologic System, focused on national to tactical intelligence, enabling better decisions in less time. TOP SECRET//COMINT//REL Annex A Version 1.6 Remote Linguistic Support Elements CSTs Voice Processing Overflow ists rnspts ueues (TF-24) (410) Queries I Tasking Feedbac NSA-Georgia Target Knowledge Linguistic Support Pre-deployment Training Alerts/ Refined Data CSG MNC-1 (CASE) (CORP) (Marines) COBRA FOCUS Target Knowledge Tool Knowledge Target Knowledge Linguistic Support MOC & Dragon Tamers Initial TTP Development TTP Maturation as needed Pre-deploy Training Base Develop Best Practices Host TTP & Best Practices Library I SECRET//COMINT//REL I -, ::i. () 0 Qo (Product Line TOPls) Tool Tradecraft Ideas New Tool Recommendations 3 '"O < TTP Testing te New Aforithms ~"As r~) ~ti, l&.Trlining (Vans in Baghdad) Open Positions: xxx A&P (NSA-W) -CD a. C - CJ> ..... CJ> CD ''lfTrJ;P S Con "'U -, )> 0 SIGINT Development GREEN DRAGON & RAD Elements Tradecraft and Tool Recommendations Analytic/Governance Advice Algorithm (data-mining) development Apply new TTPs at the National Level a. TOP SECRET//COMINT //REL System Block Diagram - Overview Generator#1 [trailer] Automatic Redundant Power Switchover 275KW 380V3P 50Hz Primary Power Generator#2 [trailer] ATS[connex] I Auto-Transfer! 380V,3P, 50Hz ! ACl---------J :I lu C: rllf : l2 40Ton ' 0 275KW 380V,3P, 50Hz ( Redundant Power I 200 UPSConnex 'Boot'Van 40Ton 50gpm, 50Hz Chiller 45degF [Connex, Water chmer#2 I L---{100KWGrowth} D 'Ops'Van D •User Space •36" Desks= 8 Users • Desktop Workstations with UPS D 2T [I] [I] [I] [I] • Chilled Water for Processor 'Processing' Yao • Server Room • Processing Racks (up to 7) •Comms and Support Racks (1) • Closed Loop Cooled Racks 5T TOP SECRET//COMINT //REL [Connex] chmer#t - • Chilled Water for Room Cooling Chiller I 100KWUPS 208V,3P, 50Hz • Security 'Screen' • Fan-out for Water Lines • Controlled Environmental Transition 50gpm, 50Hz 45degF Water TOP SECRET//COMINT//REL RT 10 Node Architecture Ingestion, Validation, Normalization Inline Algorithms (e.g. Dy namite , ...) GOLDMINER Dimensional Database .......___. Queue Fed Algorithms ( e.g. HLT Feed, ...) DNR DNI ro..,- -, Query-Fed Algorithms Other Data ( e.g. SRC, ...) ._.....--. Alert Management and Alert Notification VoiceRT RT10 Applications RT10 Geo-T ArcGIS x.x Named Area of Interest Sorting Hat/Lead RaptorT Renoir , Ana lyst Notebook Action TOP SECRET //COMINT //REL TOPSECRET//COMINT//20291123 RT 10 Iraq SPIN 5 (01 Oct-31 [ [ [ [ JUGGERNAUT MATTERHORN OBEUSK Billing Records [1J [Ll [Ll [Ll Dec) Ingestion, Validation, Normalization Inline Algorithms (e .g. Dynamite, ...) GOLDMINER Dimensional Database GSM PSTN i.,i_---1 ro..,- -, Queue Fed Algorithms ( e.g. HLT Feed, ...) Alert Management and Alert Notification Action VoiceRT RT10 Applications Entity Database GeoT SORTING LEAD SORTING HAT RT 10 Deployments TOP SECRET//COMINT//REL 10 RT in Baghdad, Iraq • Baghdad, Iraq – Enable find-fix-finish operations • Provide immediate access to national / tactical collect • Integrate collection with geospatial alerting • Automatically correlate target behavior with collection, ie pattern-of-life • Prototype barrier monitoring systems – Expected results • Near-real-time data and advanced analytical tools provided to in-country units enable tactical decisions • VoiceRT provides alerting on spoken selectors, speaker identification, language identification, and content mining • Checkpoint data provides SIGINT tie to targets TOP SECRET//COMINT//REL TOP SECRET//COMINT//REL 10 RT Geospatial - GeoT • Geospatial awareness – GeoT • Thin client similar to Google Maps and TIVO – Satellite imagery / other map layers – Overlay collection in real-time • Integrated with targeting database – Analyst defines named areas of interest – Can receive alerts when targets are detected in area • Display the health and coverage of SIGINT system – Where are our blind spots? TOP SECRET//COMINT//REL TOP GeoT al-Time Collection Scenarios Event Flten'n- Decision 5 ?art Alert Mane-omen: Tool Mane-omen: EIILH IIHI laructs I 0 Watch .-1 Tr? I edit urn: - l] Done Local irtranet TOP SECRET //COMINT //REL GeoT & Collection Status RT-10 t c:ICSH t Cl Naltonal f ~ lnfras. tru cu.re , DJuggemaut DObeli.i.. C,A,r Interf- ...-n Dt1ou . t t C, fec:t 1col f C,A1r l nle rfoce DMT Cl Basel 1ne D 1r-CBR At.ho«- CBR D D A11• Ce II t CIIR c:IPST N , c:INotlonal t C:, lnfrM t r ucure Dw TOP SECRET //COMINT //REL TOP SECRET //COMINT //REL IntegratedTargetDatabase ~ R.TIO Portal - Miaosoft Internet EMplorer Go Sou rce )Jugg ernaut Phone 11 E- ma il Phon e l soo/o..:.] c onf. ) 50 % 11 Address Not es c onf. Conf. ..!J I soo/o.:.1 Conf . ) 50% .:) IM S I IP c onf . ) 50% ..:::] c onf . ) 50% ..:::] Con f. F'req uen cy City c on f. I soo/o.:.1 1soo/o.:.1 d con f. IM EI MAC Addr. l soo/o..:.] Conf . )50 % .:.] s erial # )50% con f . .:) Countr y Conf. J50 % .:.] :g :g :8 ;s .:J Eepand All I c ollapse All + J' + Source /? X " X Qua dras poct re Goldminer ., + + .? + .? !i'ioonc . lo~rn et TOP SECRET//COMINT//REL 10 RT Geospatial Integration • Logical views – SORTING HAT (R62) • Integrated SIGINT query – Historical SIGINT reports (Innovisions Testflight) – GLOBAL REACH – GOLDMINER / RT10 – Social Relationship Clustiner (GCHQ/R62) • Approximates social network analysis • Uses 11 algorithms to qualitatively connect targets – Analyst’s Notebook and Renoir (InfoVis) TOP SECRET//COMINT//REL TOP SECRET //COMINT //REL SORTING HAT (R62) MiUIIISIHRilhhliii,i,Si:li#·ilffifMd@i Ute Edit \liew Iools !)lestions Benoir D ~ ~IXI""' rnEl rna]10 [• l~~LSe=h .- €', I"" v GI.®. e.©.] G El Se:orch Fwotihrs T I li!lli,oo, -Mi,o,:ft ! ! ... lfil "" "' JOU otes ... ~ (l.(Ouan,mt • N•.. !a, Jmcc nsde U~ sO~TINGHATG... l!i'.Jaet_al_oct;Ne.b •.. ! l ~ ~ io,ss •M TOP Social Relationship Clustering R62 Demonstrator I 2053 5370 3931 - 4 . 71730 4532 1919 I 303 45620 ?8?6 775 RE 1471 1 :c 6691 {-22:22 1333- 327 4293 15153 4137 7557 7 1 27 )746 5999 A 16369 1170 1 7331 13339 6973 7276 3247 6320 20760 31546 20076157 3530 A [am 12139 9513 27417 10033 Big] v, 63093 596 753 139 - 13765 3413 Scramble I Shake [7 Hidden Links Relationships External Clusters [7 Freeze 50+ 4U 3U 20 10 All TOP SECRET//COMINT//REL ANB Integration (InfoVis) Renoir w/in SORTING HAT Analyst’s Notebook TOP SECRET//COMINT//REL TOP SECRET//COMINT//REL 10 RT Geospatial Integration • Geospatial transform for a logical view? – Single selector • Last detected activity (or that within area of interest) • All activity (or that within area of interest) • Others: timeline view, color coded based on activity, area of interest, etc. – Graph • Some variation of single selector with graph overlaid • Every instance of activity between two callers – What transformation does the analyst expect? TOP SECRET//COMINT//REL TOP SECRET//COMINT//REL Precise Geolocation of Handset • Increasing precision with GSM geolocation – RT10 is situated at front-end • More access to timing advance data – Several RT10 and agency efforts • Manipulate GSM infrastructure to have data from multiple cell towers • SHARPFOCUS-2 (S327) • TOGA (RT10 - NRO/Penn State) TOP SECRET//COMINT//REL TOP TD 0 8 9 Co TOP SECRET//COMINT//REL Automated Analysis • SORTING LEAD (R62) – Characterizes GSM behavior • Based on location, time-of-day, callee, etc. • Identifies – When target has multiple phones – When target has swapped phones – When target deviates in behavior – Correlate DNI persona to GSM handset • Enable tactical operations, tracking of DNI targets • Help with internet café geolocation problem TOP SECRET//COMINT//REL TOP DNI Correlation Example QSpaceiTme Analysis 2006.01.23 at08124215 Pause TOP Questions? TOP