Data sharing starts on the Web
- By Wilson P. Dizard III
- Jun 16, 2004
Bill Spalding, Intelligence information sharer
Bill Spalding, CIO of the interagency Terrorist Threat Integration Center, has supervised the creation of an information architecture for the intelligence community's main nerve center for homeland security intelligence gathered overseas.
This month, TTIC started its phased move into a new building located next to CIA headquarters in Langley, Va. It will share this location with the FBI-managed Terrorist Screening Center, which is coordinating the merger of terrorist watch lists.
The center will use Web services to coordinate the sharing of information among more than 2,600 counterterrorism officials. In addition to finding technologies to promote data-sharing, TTIC also is working with other agencies to set standards that will make the job easier and more efficient.
Spalding has held a wide range of program management and arms control positions within the CIA during the last 18 years. He earned a bachelor's degree in electrical engineering from the University of Texas at Austin and a master's in national security studies from Georgetown University.
Spalding described the structure and function of TTIC during an interview with GCN senior editor Wilson P. Dizard III at CIA headquarters. nGCN: TTIC appears able to search across multiple databases and allow its account holders to share relevant information. What technology do you use to do this?
SPALDING: TTIC uses the latest Web technologies we can. We use standards for exchanging information within the [center], which includes folks from the Defense and Justice departments They participate in the same processes that we do.
In many cases where there are no standards, we are helping establish them. This covers all kinds of metadata for promoting information sharing. All the government agencies are working toward this end, and especially Defense and Justice.GCN: How is the intelligence community handling originator-controlled information?
SPALDING: The intelligence community traditionally has used this marking of originator controlled, or Orcon, which limits the dissemination of intelligence reports. But it's interesting to note that the intelligence community has reduced the percentage of terrorism-related Orcon documents by about half since the latter part of 2001, from approximately 11 percent down to 6 percent.GCN: What types of advanced analytic tools, also called data mining tools, do you use to extract data from repositories? What are the pitfalls of using these applications?
SPALDING: Unfortunately I can't give you the specific names of the tools, but I can give you the background.
We have designed a technical architecture that allows TTIC to quickly employ the latest tools for a wide range of analysts' needs. These tools come from a wide range of vendors as well as other government agencies.
They help analysts collaborate, produce reports, perform link analysis, apply geospatial techniques, etc.
Our goal in my TTIC CIO organization is to give them the sophisticated analytic tools and search capabilities that can be applied to many terabytes of data available to the federal government and to create knowledge from existing information.
As far as data mining is concerned, we adhere to all federal laws, directives and regulations concerning the use of any information. We have an architecture that lets the analysts choose the actual tools they need to do their jobs.GCN: Does TTIC have its own links to the various intelligence community databases, or does it receive processed information from analysts in other agencies?
SPALDING: We do directly link into whatever networks and databases we need to carry out our jobs, and we receive a combination of processed and unprocessed information.
To be clear, on the mission side, we don't engage in any collection activity. We are dependent upon other organizations to do that for us. The diverse representation in TTIC and the native access to parent organization data enables TTIC analysts to reach back to a broad range of federal agencies to clarify any questions they may have about the information they receive.GCN: TTIC is said to link to 14 data networks or more. How does the staff use its technology to integrate this data and produce intelligence products useful to the customers?
SPALDING: I am not able to tell you the tradecraft or the specific technologies that are used. But I can tell you that TTIC analysts have unprecedented access to information that is allowing them to gain a comprehensive understanding of terrorist threats to U.S. interests at home and abroad.
Most importantly, [it allows us] to provide information and related analysis to those responsible for detecting, disrupting and deterring the attacks. [TTIC] will be using a federated search capability to reach across the various databases that are on these various networks.
TTIC is also piloting a tool that will enable analysts to move pieces of information'including their classification, originating agency and other key metadata'into a central workspace to form their judgements. We are using a technology to assist analysts with downgrading key pieces of information from top secret to secret or whatever to assure that the information can be provided to the widest audience possible.GCN: How do you link to your thousands of intelligence customers, how often and what type of intelligence do you provide, and what agencies are these customers located in?
SPALDING: TTIC's primary means of communication with its customers is a top-secret Web site called TTIC Online. We are currently in the process of rolling out a secret version that will exponentially expand our customer base. We also provide terrorism-related [bulletins], cable traffic, situation reports and bulletins from a variety of agencies.
It's not just TTIC that publishes on TTIC Online. We currently have more than 75 different product types from 15 different agencies on the site. All the information is searchable using a variety of entities.
TTIC Online is currently available at 120 different agencies representing the intelligence, military, law enforcement and homeland security communities. There are more than 3.5 million terrorism-related documents available through the Web site at a variety of classification levels from all the different communities.
The number [of users] is actually over 2,600'they're basically at every federal department or agency involved in counterterrorism. The goal is to get it out to lower classification levels and to reach more in DHS and FBI that are working terrorism-related issues.
But it's also interesting to note that under Homeland Security Presidential Directive Number 6, TTIC is responsible for integrating and maintaining a single repository of all appropriate U.S. government terrorist information in support of a streamlined government system for watch listing.
TTIC has approximately 138,000 known or suspected terrorist identities cataloged. This information is provided to the FBI's Terrorist Screening Center, which serves the federal, state and local officials that are the front line of law enforcement, consular, immigration and border personnel. We are in the process of upgrading and expanding this capability, and it will be available through TTIC Online to whoever needs it at whatever classification level.GCN: How is TTIC's technology structure managed?
SPALDING: We have an interagency board that guides all the IT decisions we make. Even that is a big cultural change. It's created a network for swapping ideas and leveraging technologies and entire program concepts.
The amount of change that's happening is understated. We may be taking it for granted, because people are working together who never even knew the other existed.GCN: What is your view of the importance of Web services? How do Web services fit into your deployment and development of intelligence at TTIC?
SPALDING: It's crucial. Everything I mentioned here is 110 percent dependent on and currently utilizes Web services. If it ain't Web, we ain't doing it, it's as simple as that.
You think of all standards and protocols and everything that that means'that's the entire future of information sharing. And it affects not just computers but whatever it might be down the line as far as devices that our ultimate customers might be utilizing.
We are not inventing our own. We are using commercial standards. We are using commercial practices. We buy the best and latest we can in order to get our mission accomplished. This isn't 1974. We are not writing stuff from scratch.