MITRE | The Edge | Homeland Defense

Home > News & Events > MITRE Publications > The Edge >

As Cold War threats have diminished, a new set of threat types has emerged into the forefront. These threats present unique difficulties and pose a greater homeland defense challenge than previously encountered. They include weapons of mass destruction in the hands of terrorists; Internet hackers attacking the nation’s critical infrastructure; global environmental changes that cause an increase in natural catastrophes; the worldwide spread of infectious diseases; the widespread contamination of food, water, and the environment; global organized crime; and narcotics. These are basically worldwide threats that can impact any country at the national, regional, and local levels. In the United States, most of these threats are the responsibility of many segmented organizations across federal, state, and local governments. The result is that no unified information capability exists to support the mission for overall protection management for homeland defense.

But many of these potentially catastrophic threats present a critical need for rapid indications and warnings (I&W) similar to the Strategic Air Command’s I&W function during the Cold War. Thus, the challenge for homeland defense is immense. The solution is long overdue.

Homeland Defense Information Service

A concept was initiated at MITRE in June 2000 to develop an internal MITRE prototype information service for homeland defense. Several teams were established to develop an internal Homeland Defense Information Service (HDIS) Web site, the HDIS information domain watches, and the HDIS information technology applications.

The HDIS owes a lot to the well established Intelink, a secure, Web-based repository of information that provides uniform access to intelligence information. In 1993, the Intelligence Community called upon MITRE to help standardize the way intelligence information was disseminated to its customers. Our sponsors approved our concept of using emerging Web technology to tie together all of the United States intelligence capability, and asked us to prototype the concept—with real intelligence information. Based on MITRE’s long association with the Intelligence Community, and with MITRE people working at U.S. government sites around the world, we were able to quickly set up servers and content that could be shared over the classified intelligence network. The prototype was a phenomenal success.

Using now-familiar Web techniques, Intelink provides an Intelligence Community “information space” where analysts and operations users can browse for needed information, thus eliminating the need for unique systems. Intelink became operational in December 1994, when then Deputy Secretary of Defense John Deutch and Director of Central Intelligence James Woolsey jointly declared Intelink as the strategic direction for all Intelligence Community “finished intelligence” dissemination systems.

Web technology presents the best opportunity to rapidly develop and deploy an integrated information infrastructure for homeland defense that can provide synergy along with the necessary all-source information, collaboration, and multicultural perspective on the diverse set of threats.

Homeland Defense Information Service (HDIS)
A strawman HDIS structure was formulated and applied to information management functions. Within several weeks, a beginning HDIS capability evolved. The intent is to build the prototype to such a level of robustness that it can be made available to a set of external users for test and evaluation. The vision is to build a show-the-way exemplar HDIS that could support all appropriate government users at local, state, regional, and national levels. The exemplar would provide all applicable threat information domains, with all-source information in a secure infrastructure.

The HDIS Cyber Analyst
As envisioned, a key capability in HDIS is support for analysts responsible for threat management and consequence management using all-source information. The goal is to build into HDIS analytical tools that help analysts discover and visualize information and collaborate with other analysts for optimum decision making. The support tools provide a “sixth sense” for rapidly finding information and analyzing the information space.

HDIS Web Site
The HDIS Web site is the entry point into a collection of web resources and tools for managing threats and consequences and exploring I&W. The HDIS structure is populated with links to a variety of open source materials (e.g., news reports, historical documents, and online communities of interest) organized by “watch” category. These are valuable resources for fulfilling the homeland defense mission and are mostly static, with some news feeds for automatically collected information providing more up-to-date information. The tools facilitate accessing information and sharing it among analysts.

HDIS Analyst Support Tools
Keeping track of what is happening in the world is no easy task. Many military and civilian command centers rely on CNN and other news agencies to stay informed and even put television monitors in prominent places to watch late breaking news. The HDIS analyst tools also help with discovering information, but they don’t stop there; they provide capabilities for managing and analyzing the information through custom software and software integration.

For example, the I&W activity helps trained analysts to find open source news reports that could indicate a potential threat to citizens. Each watch, as shown on the HDIS homepage, has a set of indicators or triggers used to convey the level of concern regarding a specific type of event. The status of the indicator is changed to reflect the news reports associated with it. For example, the biological watch analyst is responsible for monitoring the spread of disease and the use of biological weapons. Indicators in the biological watch include outbreak, suspicious deaths, pathogen threat, etc. Given that each watch is monitoring a different area, the indicators in each area are different. Indicators may have a status of normal, meaning no real concern; possible, meaning an incident is possible; or probable, meaning an incident is inevitable or has already occurred. A biological watch analyst who comes across a report of three deaths caused by the West Nile virus might change the indicator status to reflect heightened concern, perhaps by changing it to possible.

Software was written to help the analyst find reports and maintain indicators. Watch analysts have work screens for discovering new reports or events, associating them with indicators, changing the status of indicators, and producing reports. The Watch Indicator interface is designed for easy integration with link, timeline, or geospatial analysis software.

Another individual, perhaps a state governor, uses a high-level view—the Watch Summary—of the watches to monitor changes and to take appropriate action when necessary. HDIS serves as a live situation report, allowing the governor to stay abreast of local or national concerns.

Indications and Warnings Implementation
The custom software written for indications and warnings consists of two interactive views. One provides synoptic views of all the watches and their status, the other shows the information for one watch.

The watch analyst’s screen is split into two parts: event discovery and watch indicators. Event discovery is supported by a search engine operating on a focused collection of documents. After doing a search, the analyst can drag an interesting article and drop it on an indicator where it will be stored. An analyst who believes the article should trigger the indicator will press the status bar at the appropriate location to change the indicator status. From the same screen, the analyst can create reports or change the status of the watch.

Future versions of the HDIS software will use technology developed by the Defense Advanced Research Projects Agency (DARPA) Translingual Information Detection Extraction and Summarization (TIDES) project for enhanced information retrieval and report discovery. There will also be a profile mechanism to push information to analysts based on preset criteria.

The Warning Summary view displays all the watches and their statuses, with access to more detail. All the indicators for every watch are shown on the right side of the display. The displays show events that have been associated with the indicators. All the data seen in this view can be passed to other applications. This information sharing technique was initially developed for the DARPA Translingual Information Detection, Extraction, and Summarization Portal prototype, to pass query results from multiple search engines to the Geospatial News On Demand Environment (GeoNODE), which provides a more effective basis for navigating and reasoning over an ever increasing news space.

Powered by a Java server, the system tracks all the watches, their indicators, and events and reports. It stores data in XML format and serves it to clients over the Web. The client software uses Microsoft’s Internet Explorer support for XML handling, and JavaScript to present highly interactive and dynamic pages.

Defending the U.S. homeland requires an extensive worldwide I&W and information management system. MITRE believes application of current technology can make HDIS a reality across national, state, and local government.

For more information, please contact Rod Holland using the employee directory.

	Solutions That Make a Difference.® Copyright © 1997-2013, The MITRE Corporation. All rights reserved. MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.
	Privacy Policy \| Contact Us