In the wake of the events on September 11, 2001, IST-021's parent body, the NATO Research and Technology Organization, tasked several of its technical groups to address problems of security and defence against terror attacks. Accordingly, IST-021 requested that the Vis-N/X consider the subject of information visualisation needs for intelligence and counter-terror during its 2003 workshop. This became the central theme of that workshop.
The meeting and workshop were held March, 2003 at Pennsylvania State University. This was the most successful Vis-N/X meeting to date, due in no small measure to the enthusiasm and momentum generated at the NATO workshop "Massive Military Data Fusion and Visualisation: Users talk with Developers" held in Halden, Norway, the previous September.
At Penn State, some 29 experts from seven NATO nations met over three days, and discussed a variety of provocations surrounding the uses of visualization for counterterror. Of the five syndicate topics at Halden, three were chosen as topics for further syndicate meeting, discussion and report. The Halden topics chosen were: Personal Decision Support Aids for Special Operations; Information Visualisation for Counter Intelligence; Information and Data Source Discovery, in a NATO or coalition context; and, Information Taxonomy for Presentation, Selection and Design. The result consists of three reports: Councill et al. on Special Operations [MSWord, PowerPoint], Zeltzer et al concerning visualization needs for counterterror-directed intelligence gathering [MS Word, PowerPoint], and Clark et al concerning the future needs and challenges of a common operating picture for defensive information warfare (D/IW)[HTML, PowerPoint].1
Councill et al. summarized the work of the Halden Syndicate on Special Operations, and then elaborated on some aspects of it, stressing the need to be sensitive to the needs of Special Operations personnel for equipment that is light, easy to understand, and informative. Four stages were considered by the Halden Syndicate: Protection, Detection, Reaction, and Recovery. Councill et. al. concentrated on the requirements for the Reaction stage, when Special Operations personnel must deal with an ongoing terrorist situation.
One of the issues considered was that of equipment requirements. Computers sensitive to being dropped, for example, are inadmissible even if they provide superlative displays, whereas hardcopy maps and plans remain useful even after having been bullet-pierced.. On the other hand, a system that allowed a soldier to superimpose onto the exterior of a building its (virtual) interior could be very useful if the building is one in which terrorists are believed to be hiding. The report emphasises the need to do research using the experience of actual Special Operations personnel who have encountered real-world situations.
Zeltzer et al stressed and treated the domain for counter-terror intelligence gathering as consisting of a large number of potential data sources, including communications, open source, commercial transactions, and personal observable behaviour of persons and organizations. They write,
Some of these may already be source material for conventional, ongoing C4ISR data gathering, especially in the indications and warning (I&W) intelligence arena. Indeed, much of the intelligence analysis we discuss here can be considered to be an I&W activity intended to recognize emerging terrorist threats. [I]n any counter-terror I&W system, the data sources enumerated and discussed in the Halden Syndicate report would of course be supplemented by all other conventionally available intelligence sources, including, but not limited to, aerial imagery, overhead imagery, signals intelligence and electronic intelligence.
The ultimate goal is to understand for the counter-terror intelligence domain the information visualization challenges, the available technology solutions, and areas where research is required.
When considering such visualization issues, however, it is necessary to identify the user community and its information environment. This was the focus of the N/X Syndicate. In broad terms, an attempt was made to sketch out the information architecture of the counter-terror intelligence domain, to consider the visualization modalities that would be applied at various nodes in the counter-terror intelligence information architecture, and to suggest an overall schema for the fusion of counter-terror intelligence.
Zeltzer et al parse visualization architectures used for counter-terror Intel as operating in predictive/forensic, exploratory, confirmatory, and production situations, environments and applications. Special attention is given to NetCentric intelligence operation, envisioning networked operation-support elements in a classic Pandemonium structure [Selfridge, 1959].
Clark et al produced a thoughtful report concerning the needs, and possibilities [and challenges] in developing the most useful form[s] of common operating picture. Alluding to a Broad Agency Announcement from DARPA concerning effective visualization for information-assurance as an indicator of the heightened state of interest in this arena among the NATO community, they identified three key areas for future research:
Exploration vs. Search in D/IW visualisations This topic seeks to support the prevention of O/IW attacks by complementing visualisation with hypothesis formation and elaboration regarding system vulnerabilities and adversary capabilities for exploiting them. Here the combination of visualisation with hypothesis formation is the key to anticipating unprecedented attacks
Countermeasures to O/IW We mentioned monitoring/controlling as an activity useful in tracking and identifying perpetrators. Ideally, this would be but a first step in taking the fight to the IW adversary by, in turn, identifying his/her system vulnerabilities and exploiting them as a follow-on to the tracking and identification function afforded by the monitoring/controlling mode of D/IW perception.
Revisiting the theoretical foundations of distributed system security This topic follows from the observation that system vulnerabilities are not all of a general nature and that some systems are subject to attack by virtue of the user base that they support, the information that these users store in the system and its sensitivity. Here the locus of research addresses unauthorized access attacks (i.e., attacks other than denials-of-service). It involves not so much the system as it does the users (problem solvers). Vulnerability in this case is problem-centric vs. system-centric authorization of access. The promise is that, by assuming a problem-centric stance, techniques may be evolved that may ease the general difficulty of enforcing access control by forcing the adversary to follow problem solver (team) from system to system (2nd order user content security). The problem-solving users engage in a spread spectrum use of different systems as infrastructure for problem solving in ways that the adversary cannot readily follow.
The three Syndicate reports are well worth reading. I note with interest that they both usefully feed into the topics for discussion at the NATO workshop on "Visualization and the Common Operating Picture", scheduled for September 2004 in Canada.
Neither this commentary, nor even a study of all the documents from the workshop can do justice to the flavour of the discussions, however. A participant said, it was the throw-away lines, the ones no-one meant to be recorded or considered important, that give the flavour of work, use, and research in information visualization and that were the most interesting.
1 Topic-numbering appearing in the Syndicate reports and slides reflects the numeric labels given to those topics at Halden.