SlideShare a Scribd company logo

Operation Nighthawk.PDF

IBM/KMA One GENWI
IBM/KMA One GENWI
1 of 4
Download to read offline
Analytics IBM Software Government Special Operations Forces (SOF) from friendly countries use joint training exercises, such as Operation Nighthawk, to improve their own capabilities and to ensure that they can work together to counter cross-border and multi-national threats. Operation Nighthawk was a 2014 multinational SOF training exercise, bringing together 1,600 personnel from military and police forces from more than 10 countries. The goal was to simulate a fast-paced deployment of SOF units to an active hotspot, and train both field operatives and support staff to plan and conduct special operations. Finding fast answers from big volumes of data Reporting to the central command team responsible for controlling the exercise were six Special Operations Task Groups (SOTGs) – four land/army, one maritime and one air (largely helicopter support). Each SOTG consisted of both field operatives and support staff. The exercise included elements of hostage taking, piracy, insurgency and terrorism. A key objective was for the intelligence teams to be able to identify and target key leaders within insurgency networks and terrorist cells. Operation Nighthawk Rapidly analyzing large volumes of multi-source data to provide live operational intelligence Overview The need Coordinating the activities of Special Operations Forces requires analysts to analyze a vast flow of multi-source data in real-time, build up and share intelligence, and help define the next targets. The solution Working with IBM® Global Business Services® and IBM Business Partner Blue Light, the exercise command team used IBM i2® solutions to create a central intelligence repository, complete with powerful analytical capabilities. The benefit Increases efficiency, enabling limited resources to be focused on key targets. Helps analysts process extreme volumes of data to rapidly reveal hidden connections buried within massive datasets. “During one operation an analyst received apparently unassociated data from multiple sources, and used IBM i2 Enterprise Insight Analysis to conduct an investigation upon which an operational decision was made. This was data to decision in less than 15 minutes,” says a Nighthawk Exercise Intelligence Lead.
Analytics IBM Software Government 2 To enable the identification and prioritization of targets for ongoing operations, intelligence staff participating in the multi-day exercise were required to collect, organize and analyze data, and then disseminate the resulting information to multiple teams. All operations were intelligence-driven and the command team deliberately designed a complicated scenario producing extreme quantities of highly diverse data for the intelligence teams to process and analyze. Deadlines were tight throughout: in the realm of Special Operations, planning cycles are typically very short. Operations must be approved, often by a local judge, and it is vital to have all data and derived intelligence readily available for rapid analysis. Any time wasted in searching for the relevant information could mean missed opportunities to apprehend suspects or prevent attacks. During the exercise, teams were expected to fully analyze evidence within a matter of hours so that the next operational targets could be identified. Large volumes of diverse data (documents, emails, audio files, video files, websites) from multiple sources made this a major challenge. Putting the pieces together with analytics The Nighthawk Exercise Intelligence Lead comments: “Gathering and processing information is challenging enough, but understanding which information is the most important is even harder, particularly when the full picture is fragmented across multiple sources and across complex and evolving networks of suspects. We chose IBM i2 technologies to enable us to visualize connections and transactions across these networks, helping our analysts cut through the noise and focus on the best leads.” The central command team selected IBM i2 Enterprise Insight Analysis to power a central intelligence repository, proving an aggregated view of information that helped improve situational awareness across the SOF units participating in the exercise. In addition, the command team deployed IBM i2 Analyst’s Notebook® Premium to give analysts visualization tools that make it easier to find key information in large volumes of complex data. This solution helped analysts piece disparate data into a cohesive intelligence picture, identifying key individuals, events, connections and patterns that might otherwise have remained hidden. Solution components Software • IBM® i2® Enterprise Insight Analysis Services • IBM Global Business Services® IBM Business Partner • Blue Light LLC
Analytics IBM Software Government 3 Testing the solution For this particular exercise, the analysts were working on a network comprising more than 5,000 mobile phones. To mimic a real-life deployment, analysts were given a constant flow of data and orders and were expected to plan and execute a number of overlapping missions. The planning model used was called F3EAD. This acronym stands for: Find (identify the target), Fix (gather the required evidence), Finish (capture or nullify the target), Exploit (collect and organize evidence gathered in the field, such as maps, computers, mobile phones, notebooks, weapons and more), Analyze (establish patterns of life, relationships, ownership of vehicles and items, and then identify areas for further investigation), and finally Disseminate (document and share findings). During the exercise, the joint teams used the central intelligence repository to store the results of the Exploit stage, making the data available over secure web-based search or through i2 Analyst’s Notebook. This tool was then used to identify important relationships and help analysts understand where each person or item of interest fitted into the bigger picture. By pushing the results of this analysis back into the central repository, each team could easily share its new insights with other participants. Revealing hidden connections to take down targets Using the IBM technologies helped analysts on multiple teams manage large volumes of diverse data arriving in a constant flow, pick out the most interesting or significant information, and analyze it against the backdrop of the evidence already gathered to see connections and reveal the bigger picture. In turn, this enabled the analysts to steer field operatives towards the most relevant next targets, in the process gathering more information to feed back into the growing picture of the entire operational scenario. As a concrete example of this intelligence cycle, field operatives recovered a paper notebook from a hostage taker onboard a ship early in the exercise. The contents were placed in the central repository, but no matches were found initially. The following day, the owner of a phone referenced in the notebook was captured. When it was established that the owner of the phone was a high-ranking pirate leader, the joint teams were able to establish a link between this pirate leader and a low-ranking pirate, thereby taking the first steps towards revealing the command structure of the pirate network. “IBM i2 technologies help our analysts to analyze data rapidly and brief field operatives for the next stages of engagement.” — Exercise Intelligence Lead
© Copyright IBM Corporation 2015 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America May 2015 IBM, the IBM logo, ibm.com, Analyst’s Notebook, Global Business Services, and i2 are trademarks of International Business achines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. SWC14131-USEN-02 Please Recycle As the exercise progressed, more evidence was gathered and more links revealed, helping the joint teams to plan missions to disable the network. The Social Network Analysis capabilities of i2 Analyst’s Notebook played a key role here, highlighting the most important nodes in the command structure. By focusing resources on these nodes, security forces were able to disable the whole structure more easily. In previous exercises, information would end up in static reports shared by email. Identifying relationships between people and other forms of evidence was then dependent on analysts manually trawling through and noticing matches: a laborious and time-consuming process. Using the IBM i2 technologies, this process of cross-matching was automatic and took place in real time, providing a live view of the whole operational scenario as it evolved. The Nighthawk Exercise Intelligence Lead concludes, “Using IBM i2 technologies enabled our joint task groups to work faster and more intelligently, helping them to identify relevant targets in a timely manner. In particular, the shared intelligence repository enabled us to collaborate in ways that were not practical previously, promoting better understanding between different SOF units and improving our joint capabilities.” About IBM Analytics IBM Analytics offers one of the world’s deepest and broadest analytics platform, domain and industry solutions that deliver new value to businesses, governments and individuals. For more information about how IBM Analytics helps to transform industries and professions with data, visit ibm.com/analytics. Follow us on Twitter at @IBMAnalytics, on our blog at ibmbigdatahub.com and join the conversation #IBMAnalytics.

Recommended

180 184
180 184180 184
180 184
Editor IJARCET
 
IG- SpecialReview(12-17-12)
IG- SpecialReview(12-17-12)IG- SpecialReview(12-17-12)
IG- SpecialReview(12-17-12)
Michael Palinkas
 
Data Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do FiberlinkData Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do Fiberlink
Product Marketing Services
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
Ollie Whitehouse
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
Andrew Case
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 

Recommended

180 184
180 184180 184
180 184
Editor IJARCET
 
IG- SpecialReview(12-17-12)
IG- SpecialReview(12-17-12)IG- SpecialReview(12-17-12)
IG- SpecialReview(12-17-12)
Michael Palinkas
 
Data Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do FiberlinkData Encryption Is Hard To Do Fiberlink
Data Encryption Is Hard To Do Fiberlink
Product Marketing Services
 
Cyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics LectureCyber Incident Response & Digital Forensics Lecture
Cyber Incident Response & Digital Forensics Lecture
Ollie Whitehouse
 
4.content (computer forensic)
4.content (computer forensic)4.content (computer forensic)
4.content (computer forensic)
JIEMS Akkalkuwa
 
My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)My Keynote from BSidesTampa 2015 (video in description)
My Keynote from BSidesTampa 2015 (video in description)
Andrew Case
 
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Adversary Emulation and Its Importance for Improving Security Posture in Orga...
Digit Oktavianto
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
Spyglass Security
 
Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
Nicholas Davis
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
Splunk
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
Spyglass Security
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
Centre for Strategic Cyberspace + Security Science
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
00heights
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
JacklynTsai
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET Journal
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
Seamus Tuohy
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
Vishal Tandel
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
Akash Sarode
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
Andreanne Clarke
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
Bob Radvanovsky
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
Dhruv Majumdar
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
Katie Nickels
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
Priyanka Aash
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
Kranthi
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
Online
 
IinformEx 2012 Showcase Presentation
IinformEx 2012 Showcase PresentationIinformEx 2012 Showcase Presentation
IinformEx 2012 Showcase Presentation
scott_silaika
 
Ibm Withdrawal Of Support
Ibm Withdrawal Of SupportIbm Withdrawal Of Support
Ibm Withdrawal Of Support
Julie Rampello
 

More Related Content

What's hot

Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
Splunk
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
Spyglass Security
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
Resilient Systems
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
Infocyte
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
Seamus Tuohy
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
Kranthi
 

What's hot (20)

Threat Hunting with Splunk
Threat Hunting with SplunkThreat Hunting with Splunk
Threat Hunting with Splunk
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Operational Security Intelligence
Operational Security IntelligenceOperational Security Intelligence
Operational Security Intelligence
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a BreachCSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
CSCSS Case Study - Peoples Republic of China- Anatomy of a Breach
 
How To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat IntelligenceHow To Turbo-Charge Incident Response With Threat Intelligence
How To Turbo-Charge Incident Response With Threat Intelligence
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
CTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat IntelligenceCTI ANT: Hunting for Chinese Threat Intelligence
CTI ANT: Hunting for Chinese Threat Intelligence
 
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local GovernmentTIG / Infocyte: Proactive Cybersecurity for State and Local Government
TIG / Infocyte: Proactive Cybersecurity for State and Local Government
 
IRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud EnvironmentIRJET- Analysis of Forensics Tools in Cloud Environment
IRJET- Analysis of Forensics Tools in Cloud Environment
 
Practical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence CollectionPractical and Actionable Threat Intelligence Collection
Practical and Actionable Threat Intelligence Collection
 
honey pots introduction and its types
honey pots introduction and its typeshoney pots introduction and its types
honey pots introduction and its types
 
Threat hunting in cyber world
Threat hunting in cyber worldThreat hunting in cyber world
Threat hunting in cyber world
 
What's behind a cyber attack
What's behind a cyber attackWhat's behind a cyber attack
What's behind a cyber attack
 
10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation10th SANS ICS Security Summit Project SHINE Presentation
10th SANS ICS Security Summit Project SHINE Presentation
 
Bsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat HuntingBsides 2019 - Intelligent Threat Hunting
Bsides 2019 - Intelligent Threat Hunting
 
Threat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CKThreat-Based Adversary Emulation with MITRE ATT&CK
Threat-Based Adversary Emulation with MITRE ATT&CK
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes06 Computer Image Verification and Authentication - Notes
06 Computer Image Verification and Authentication - Notes
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 

Viewers also liked

Thecapstoneexperience
ThecapstoneexperienceThecapstoneexperience
Thecapstoneexperience
debbie5410
 
Digital dependency and privacy2
Digital dependency and privacy2Digital dependency and privacy2
Digital dependency and privacy2
Ashley Marty
 
White nights distimo pres
White nights distimo presWhite nights distimo pres
White nights distimo pres
Richard Pidgeon
 
Distimo app promotion summit 11.7
Distimo app promotion summit 11.7Distimo app promotion summit 11.7
Distimo app promotion summit 11.7
Richard Pidgeon
 
What makes SnapRetail's emarketing system better?
What makes SnapRetail's emarketing system better?What makes SnapRetail's emarketing system better?
What makes SnapRetail's emarketing system better?
Freedom Boat Club
 
Sin circuito sanmartiniano...
Sin circuito sanmartiniano...Sin circuito sanmartiniano...
Sin circuito sanmartiniano...
escuela14de9
 

Viewers also liked (13)

IinformEx 2012 Showcase Presentation
IinformEx 2012 Showcase PresentationIinformEx 2012 Showcase Presentation
IinformEx 2012 Showcase Presentation
 
Ibm Withdrawal Of Support
Ibm Withdrawal Of SupportIbm Withdrawal Of Support
Ibm Withdrawal Of Support
 
Thecapstoneexperience
ThecapstoneexperienceThecapstoneexperience
Thecapstoneexperience
 
Digital dependency and privacy2
Digital dependency and privacy2Digital dependency and privacy2
Digital dependency and privacy2
 
Chemical Development \'09
Chemical Development \'09Chemical Development \'09
Chemical Development \'09
 
Aol dam taxonomy
Aol dam taxonomyAol dam taxonomy
Aol dam taxonomy
 
Aol dam taxonomy
Aol dam taxonomyAol dam taxonomy
Aol dam taxonomy
 
White nights distimo pres
White nights distimo presWhite nights distimo pres
White nights distimo pres
 
Distimo app promotion summit 11.7
Distimo app promotion summit 11.7Distimo app promotion summit 11.7
Distimo app promotion summit 11.7
 
Distimo G Star Presentation
Distimo G Star PresentationDistimo G Star Presentation
Distimo G Star Presentation
 
What makes SnapRetail's emarketing system better?
What makes SnapRetail's emarketing system better?What makes SnapRetail's emarketing system better?
What makes SnapRetail's emarketing system better?
 
Maximo KPI Maintenance & Asset Reliability Support Workshop IMC 2013 presenta...
Maximo KPI Maintenance & Asset Reliability Support Workshop IMC 2013 presenta...Maximo KPI Maintenance & Asset Reliability Support Workshop IMC 2013 presenta...
Maximo KPI Maintenance & Asset Reliability Support Workshop IMC 2013 presenta...
 
Sin circuito sanmartiniano...
Sin circuito sanmartiniano...Sin circuito sanmartiniano...
Sin circuito sanmartiniano...
 

Similar to Operation Nighthawk.PDF

Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
ijtsrd
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
IJMIT JOURNAL
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
IJMIT JOURNAL
 
TASK 1In regards to part 1 of this assessment, please read t.docx
TASK 1In regards to part 1 of this assessment, please read t.docxTASK 1In regards to part 1 of this assessment, please read t.docx
TASK 1In regards to part 1 of this assessment, please read t.docx
mattinsonjanel
 
An Overview Of The Singularity Project
An Overview Of The Singularity ProjectAn Overview Of The Singularity Project
An Overview Of The Singularity Project
alanocu
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
David Kearney
 
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
AIRCC Publishing Corporation
 

Similar to Operation Nighthawk.PDF (20)

icuWorkbench - Use cases
icuWorkbench - Use casesicuWorkbench - Use cases
icuWorkbench - Use cases
 
Comparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction ToolsComparative Analysis of Digital Forensic Extraction Tools
Comparative Analysis of Digital Forensic Extraction Tools
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 
A Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows SystemsA Novel Methodology for Offline Forensics Triage in Windows Systems
A Novel Methodology for Offline Forensics Triage in Windows Systems
 
Use of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network securityUse of network forensic mechanisms to formulate network security
Use of network forensic mechanisms to formulate network security
 
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITYUSE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
 
Crime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic ProtectorCrime Investigation with Cybernetic Protector
Crime Investigation with Cybernetic Protector
 
TASK 1In regards to part 1 of this assessment, please read t.docx
TASK 1In regards to part 1 of this assessment, please read t.docxTASK 1In regards to part 1 of this assessment, please read t.docx
TASK 1In regards to part 1 of this assessment, please read t.docx
 
Josh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner EventJosh Diakun - Cust Pres - Splunk Partner Event
Josh Diakun - Cust Pres - Splunk Partner Event
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
Social Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligenceSocial Media Monitoring tools as an OSINT platform for intelligence
Social Media Monitoring tools as an OSINT platform for intelligence
 
Use Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiencyUse Exabeam Smart Timelines to improve your SOC efficiency
Use Exabeam Smart Timelines to improve your SOC efficiency
 
Review on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptxReview on Cyber Forensics - Copy.pptx
Review on Cyber Forensics - Copy.pptx
 
Siek 2016v3 (003)
Siek 2016v3 (003)Siek 2016v3 (003)
Siek 2016v3 (003)
 
Honeypot- An Overview
Honeypot- An OverviewHoneypot- An Overview
Honeypot- An Overview
 
Implementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity modelImplementing CSIRT based on some frameworks and maturity model
Implementing CSIRT based on some frameworks and maturity model
 
An Overview Of The Singularity Project
An Overview Of The Singularity ProjectAn Overview Of The Singularity Project
An Overview Of The Singularity Project
 
EDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-iltaEDRM Foundational e-Discovery Practices-ilta
EDRM Foundational e-Discovery Practices-ilta
 
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
Efficient Attack Detection in IoT Devices using Feature Engineering-Less Mach...
 

Operation Nighthawk.PDF

  • 1. Analytics IBM Software Government Special Operations Forces (SOF) from friendly countries use joint training exercises, such as Operation Nighthawk, to improve their own capabilities and to ensure that they can work together to counter cross-border and multi-national threats. Operation Nighthawk was a 2014 multinational SOF training exercise, bringing together 1,600 personnel from military and police forces from more than 10 countries. The goal was to simulate a fast-paced deployment of SOF units to an active hotspot, and train both field operatives and support staff to plan and conduct special operations. Finding fast answers from big volumes of data Reporting to the central command team responsible for controlling the exercise were six Special Operations Task Groups (SOTGs) – four land/army, one maritime and one air (largely helicopter support). Each SOTG consisted of both field operatives and support staff. The exercise included elements of hostage taking, piracy, insurgency and terrorism. A key objective was for the intelligence teams to be able to identify and target key leaders within insurgency networks and terrorist cells. Operation Nighthawk Rapidly analyzing large volumes of multi-source data to provide live operational intelligence Overview The need Coordinating the activities of Special Operations Forces requires analysts to analyze a vast flow of multi-source data in real-time, build up and share intelligence, and help define the next targets. The solution Working with IBM® Global Business Services® and IBM Business Partner Blue Light, the exercise command team used IBM i2® solutions to create a central intelligence repository, complete with powerful analytical capabilities. The benefit Increases efficiency, enabling limited resources to be focused on key targets. Helps analysts process extreme volumes of data to rapidly reveal hidden connections buried within massive datasets. “During one operation an analyst received apparently unassociated data from multiple sources, and used IBM i2 Enterprise Insight Analysis to conduct an investigation upon which an operational decision was made. This was data to decision in less than 15 minutes,” says a Nighthawk Exercise Intelligence Lead.
  • 2. Analytics IBM Software Government 2 To enable the identification and prioritization of targets for ongoing operations, intelligence staff participating in the multi-day exercise were required to collect, organize and analyze data, and then disseminate the resulting information to multiple teams. All operations were intelligence-driven and the command team deliberately designed a complicated scenario producing extreme quantities of highly diverse data for the intelligence teams to process and analyze. Deadlines were tight throughout: in the realm of Special Operations, planning cycles are typically very short. Operations must be approved, often by a local judge, and it is vital to have all data and derived intelligence readily available for rapid analysis. Any time wasted in searching for the relevant information could mean missed opportunities to apprehend suspects or prevent attacks. During the exercise, teams were expected to fully analyze evidence within a matter of hours so that the next operational targets could be identified. Large volumes of diverse data (documents, emails, audio files, video files, websites) from multiple sources made this a major challenge. Putting the pieces together with analytics The Nighthawk Exercise Intelligence Lead comments: “Gathering and processing information is challenging enough, but understanding which information is the most important is even harder, particularly when the full picture is fragmented across multiple sources and across complex and evolving networks of suspects. We chose IBM i2 technologies to enable us to visualize connections and transactions across these networks, helping our analysts cut through the noise and focus on the best leads.” The central command team selected IBM i2 Enterprise Insight Analysis to power a central intelligence repository, proving an aggregated view of information that helped improve situational awareness across the SOF units participating in the exercise. In addition, the command team deployed IBM i2 Analyst’s Notebook® Premium to give analysts visualization tools that make it easier to find key information in large volumes of complex data. This solution helped analysts piece disparate data into a cohesive intelligence picture, identifying key individuals, events, connections and patterns that might otherwise have remained hidden. Solution components Software • IBM® i2® Enterprise Insight Analysis Services • IBM Global Business Services® IBM Business Partner • Blue Light LLC
  • 3. Analytics IBM Software Government 3 Testing the solution For this particular exercise, the analysts were working on a network comprising more than 5,000 mobile phones. To mimic a real-life deployment, analysts were given a constant flow of data and orders and were expected to plan and execute a number of overlapping missions. The planning model used was called F3EAD. This acronym stands for: Find (identify the target), Fix (gather the required evidence), Finish (capture or nullify the target), Exploit (collect and organize evidence gathered in the field, such as maps, computers, mobile phones, notebooks, weapons and more), Analyze (establish patterns of life, relationships, ownership of vehicles and items, and then identify areas for further investigation), and finally Disseminate (document and share findings). During the exercise, the joint teams used the central intelligence repository to store the results of the Exploit stage, making the data available over secure web-based search or through i2 Analyst’s Notebook. This tool was then used to identify important relationships and help analysts understand where each person or item of interest fitted into the bigger picture. By pushing the results of this analysis back into the central repository, each team could easily share its new insights with other participants. Revealing hidden connections to take down targets Using the IBM technologies helped analysts on multiple teams manage large volumes of diverse data arriving in a constant flow, pick out the most interesting or significant information, and analyze it against the backdrop of the evidence already gathered to see connections and reveal the bigger picture. In turn, this enabled the analysts to steer field operatives towards the most relevant next targets, in the process gathering more information to feed back into the growing picture of the entire operational scenario. As a concrete example of this intelligence cycle, field operatives recovered a paper notebook from a hostage taker onboard a ship early in the exercise. The contents were placed in the central repository, but no matches were found initially. The following day, the owner of a phone referenced in the notebook was captured. When it was established that the owner of the phone was a high-ranking pirate leader, the joint teams were able to establish a link between this pirate leader and a low-ranking pirate, thereby taking the first steps towards revealing the command structure of the pirate network. “IBM i2 technologies help our analysts to analyze data rapidly and brief field operatives for the next stages of engagement.” — Exercise Intelligence Lead
  • 4. © Copyright IBM Corporation 2015 IBM Corporation Software Group Route 100 Somers, NY 10589 Produced in the United States of America May 2015 IBM, the IBM logo, ibm.com, Analyst’s Notebook, Global Business Services, and i2 are trademarks of International Business achines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml. This document is current as of the initial date of publication and may be changed by IBM at any time. Not all offerings are available in every country in which IBM operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING WITHOUT ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. IBM products are warranted according to the terms and conditions of the agreements under which they are provided. SWC14131-USEN-02 Please Recycle As the exercise progressed, more evidence was gathered and more links revealed, helping the joint teams to plan missions to disable the network. The Social Network Analysis capabilities of i2 Analyst’s Notebook played a key role here, highlighting the most important nodes in the command structure. By focusing resources on these nodes, security forces were able to disable the whole structure more easily. In previous exercises, information would end up in static reports shared by email. Identifying relationships between people and other forms of evidence was then dependent on analysts manually trawling through and noticing matches: a laborious and time-consuming process. Using the IBM i2 technologies, this process of cross-matching was automatic and took place in real time, providing a live view of the whole operational scenario as it evolved. The Nighthawk Exercise Intelligence Lead concludes, “Using IBM i2 technologies enabled our joint task groups to work faster and more intelligently, helping them to identify relevant targets in a timely manner. In particular, the shared intelligence repository enabled us to collaborate in ways that were not practical previously, promoting better understanding between different SOF units and improving our joint capabilities.” About IBM Analytics IBM Analytics offers one of the world’s deepest and broadest analytics platform, domain and industry solutions that deliver new value to businesses, governments and individuals. For more information about how IBM Analytics helps to transform industries and professions with data, visit ibm.com/analytics. Follow us on Twitter at @IBMAnalytics, on our blog at ibmbigdatahub.com and join the conversation #IBMAnalytics.