Tackling the changing terror threat: Why Big Data Analytics holds the key

One of the key findings of David Anderson's annual review into UK terrorism concerned the changing terror threat and, in particular, the growing prevalence of smaller, self-organised plots. Anderson referenced the fact "we are not now seeing the big spectaculars" of 9/11 or the 2006 airline liquid bomb plot while at the same time highlighting that "lone actors" and "low-tech" plots were more difficult to detect.

On reading his report, I was reminded of Donald Rumsfeld's famous comment at a post 9/11 US Department of Defence news briefing in 2002.

"As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns -- the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones."

Rumsfeld's speech was mocked across the media at the time. Yet, what he said encapsulated the challenge back then and even more accurately describes the changing terrorist threat facing the UK today. In the 1990s, when Northern Ireland was the key focus of the UK counter terror efforts, the world was one of organised plots involving known groups of individuals, known financing routes and arms dealing networks etc. The intelligence services were typically working with 'known knowns'. This meant that they had something to work with from the outset, people they could begin to track and monitor.

In the post 9/11 world, the working practices of the agencies had to rapidly change to give greater focus to the 'known unknowns'. The key objective was to fill in the knowledge gaps associated with the new, unfamiliar threat from religious extremism we faced; developing a picture of the terrorist networks involved, understanding how they worked together, were trained and gathering new intelligence to counter the threats.

Both of the above assume you have a starting point. That is a known organisation or set of individuals that can lead to other intelligence. So with these organised threats, national security agencies are in a position to ask targeted questions about an organisation, its modus operandi, who its members are, who they interact with etc. Exploring the data available and gathering new data is, of course, the key to success in all cases. But, in these examples it is about asking specific questions of the vast quantities of data available, to build up the intelligence picture, identifying the known unknowns and then gathering further data to fill in the gaps. National security agencies are typically very proficient at this and it is largely due to their proficiency that we have not had an attack on UK soil involving multiple deaths since the London bombings of 2005.

Dealing with a New Challenge

However, the issue that agencies face in the new terror environment, identified by David Anderson is that they are now more often dealing with 'unknown unknowns', in the case of Islamist terrorism, with plots inspired by Al Qaeda rather than organised by them.

They are now having to come to terms with these more elusive, often hidden threats. Yet these threats are real and continue to pose a risk to the public. Rumsfeld once again hit the nail on the head in a later 2002 speech on the topic.

"Simply because you do not have evidence that something exists does not mean that you have evidence that it doesn't exist. And yet almost always, when we make our threat assessments, when we look at the world, we end up basing it on the first two pieces of that puzzle, [the known knowns and the known unknowns] rather than all three."

Today with the changing terror threat, it is becoming increasingly urgent that this situation changes. But as these 'unknown unknowns' groups are low profile and operating independently either as small isolated cells or even individuals acting alone, how do agencies identify these individuals in the vast waves of data available to them?

The real challenge of this scenario is you simply do not know what question to ask, because you don't know who or what to look for. The traditional methods of surveillance and monitoring no longer apply, so where do you start?

The answer is that you need to start adopting a smarter approach and start looking for indicators and the unusual. This is where Big Data analytics really comes into its own. Of course, everyone leaves a data footprint and so there will be data about these individuals out there, whether through bank accounts, travel patterns, call records or online activity, for example. It is this type of Big Data that can be the agencies' best source of intelligence. In this changed landscape, Big Data analytics is their greatest weapon. The advantage of advanced analytics in this context is that you do not need to know what you are looking for. You don't need to conduct a specific search of the data or ask a specific question.

The technology will find information of interest - it can identify behaviour in the right kind of area – individuals spending time online looking at information about bomb-making or visiting hate-based websites, unusual travel patterns and associations for example.

Applying Analytical Techniques

In the context of the new terrorism environment, identified by David Anderson in his report, it gives them the opportunity to flag up individuals that should be of concern to them through their behaviour and not just because they are connected to networks or groups known to be of interest to the authorities. Analytics gives you a place to start - it pushes the needle from the haystack and that is likely to be so crucial in countering the changing nature of the threats we face this decade. Ultimately, it gives agencies the opportunity to unveil these unknown unknowns, 'the difficult ones' so presciently identified by Donald Rumsfeld over a decade ago.

Joanne Taylor is the Director of Public Security at SAS for EMEA and AP.

Images: Flickr (MDGovpics, {Guerrilla Futures | Jason Tester})