Anika Torruella wrote an in-depth article for Jane’s International Defence Review. The article is called “Hunting for the signal in the noise” and discusses SOCMINT (social media intelligence) and its role in modern warfare. It will be available in the September edition of the magazine but if you are a subscriber to Jane’s you can already access the full article here: https://janes.ihs.com/Janes/Display/1780778
Here is an exert from the article. Thanks to the International Defence Review for allowing us to re-post.
Date Posted: 04-08-2016
Publication: Jane’s International Defence Review
Author: Anika Torruella
SOCMINT capabilities and integrating the unexpected
In response many militaries have rapidly formed mission groups and new SOCMINT capabilities to engage specifically with social media platforms. As the more rigid structure of traditional warfare breaks down in response to the advances of the information age, modern militaries are evolving doctrine and acquisition processes, refocusing training and research, and harnessing emerging technologies to adapt.
“I think I would need to highlight the main change in cyber – I think the main change today is a growing awareness. We are constantly seeing the evolution of threats: there are more threats, there is more data, there is more connectivity – more of everything,” said Peshin. “But the main change in the past five years is that people understand that cyber is important, people understand that there is a threat, and people understand that they need to be careful when they are operating within cyberspace.”
Australia, Israel, the United Kingdom, and the United States have developed capabilities to specifically address social media monitoring and engagement, and to collect and analyse SOCMINT. The Israel Defense Forces’ (IDF’s) Spokeperson Unit has been engaging with YouTube, Twitter, and Facebook since 2008. In 2015 the British Army’s Security Assurance Group was reformed into the 77th Brigade, which has adopted non-lethal warfare capabilities such as planning support focusing on the behavioural analysis of actors, audiences, and adversaries and media operations and special affairs.
These types of special forces develop capabilities where social media activity can be monitored and tagged to identify, survey, and track potential threats. Broader public discourse can also be monitored to provide indicators that match potential threats with real-time events and security issues. Social networks can be mapped and profiled as a whole to identifying key nodes that are the origin or target of information.
For instance, web-based search engine Echosec, datamines about 500 open-source data feeds and was designed to highlight users of public media posting publically in real time. Militaries use Echosec to help identify the sources of potential leaks and pinpoint the time and location of social media posts.
“We filter things spatially, number one, so we know where [posts are located] and we work with some of the world’s experts on geographic information systems to be able to present that data in a palatable way,” Karl Swannie, founder and CEO of Echosec Systems told IHS Jane’s . “We also filter through time because the temporal slice of time in a particular area is critical. So if I’m looking for something like the coup attempt that happened in Turkey [in July 2016], I am only looking for information on that date in that particular area, and that filters it down quite dramatically.”
Wikistrat used a similar real-time social media monitoring method to identify and track the movements of on-the-move armoured vehicles and troops in Ukraine during the Russian annexation of Crimea in 2014. Notably, Wikistrat’s method was crowd sourced, that is it was open to anyone willing to contribute, similar to how Wikipedia has developed its knowledge base. Images, video clips, and geographical location data were verified, and filtered through an online service called Checkdesk, an open source toolkit for curating, verifying and publishing user-generated content online, and the data was hosted through another data publishing and visualisation platform called Silk.
Leidos has also developed several tools to exploit publically available information designed to analyse and visualise open source data, including closed social networks used by intelligence agencies to index unusual communication anomalies and highlight unusual activities of intelligence peers.
On the battlefront, misleading information or bogus locations can be tagged to social media posts in an attempt to deceive adversaries or draw them into a vulnerable position. However, untrained warfighters may also leak information through linked technology. “A lot of these [military] facilities, their staff have non-disclosure agreements. We saw in a lot of cases where staffers were bleeding out information like never before. It is amazing what people will post,” Swannie said. “You can have a physical fence around a facility, but there has never been a way to have a digital fence around a facility. The people responsible for these bases, these airports, [etc.], have never had a way to look at this data before … and there has been no way to monitor it.”
According to Swannie, leaks have also grown over the past five years as a result of the gamification of many types of social media platforms where “you become more of an asset if you check-in more than other people”. Leaks can also be produced when specialists post specific details of projects they have worked on to boost the visibility of their profile on discussion forums or career-building sites. Such examples suggest that the social media activities that have affected recent mission strategies will continue to do so.
Modern attempts to control the sharing and distribution of personal information through social media platforms may prove unsuccessful. As a result the volume, speed, and diversity of monitored information can create super large datasets and information streams where discerning manageable, actionable content is difficult.
‘Big data’ refers to the increasing amount of digital information created by the proliferation of web-based platforms and their growing internet user base. Mobile web access, cloud-based systems, the Internet of Things, GPS and other location services, traffic, public sentiment, individual comments, popularity ratings, data trends (whether human-generated, naturally occurring, or as a result of algorithms), and even publically available up-to-the-minute weather, road, and public transportation line conditions, are all a part of the large scale and diversity of SOCMINT generated today. Modern forces that excel at collecting large amounts of data may find that they are unable to realise the critical benefits as not all of the data is useful, vital, or actionable. Although automated tools can tag and monitor data, not all of it may be associated with actual individuals or events.
“That’s the big data challenge,” said Peshin. “And today a lot of companies are engaged in trying to find a solution for several challenges within social media.” Peshin described these challenges as verifying that someone on social media is who they say they are, even if several social media accounts are associated with the same person (identity resolution); pinpointing where the owner of an account is physically located (geolocation attribution); and then associate an adverse action to a specific perpetrator (assign retribution).
“Once you have the building blocks of identity resolution, you know the physical entity behind the virtual entity, and once you know their location, you are able to attribute an action to a perpetrator,” said Peshin. “Once you are able to do that, once technology allows us to do that, then we will be able to mitigate a lot of the threats in cyberspace, because this would mean that there would not be an action without a reaction … and once the cost of the action rises, there will be less of these actions.”
The US Air Force Research Laboratory Information Directorate issued a solicitation in August 2015 for its USD9.9 million Multi-Source Information Extraction and Network Analysis (MUSIENA) programme, which is aimed at developing analytical tools and algorithms to address “key challenges in multi-source fusion and social media exploitation empowering the analyst with high performance, high accuracy and easily adaptable tools for threat assessment, explanation, and anticipation surrounding individuals of interest, groups and events” and deliver “rapidly customisable, learning-based text extraction to provide deeper understanding of the information that can be pulled from multi-source unstructured text”.
The US Defense Advanced Research Projects Agency (DARPA) released the first results of its Memex programme in 2015, which is aimed at developing next-generation search technologies that interact with shared information and improve “content discovery, information extraction, information retrieval, user collaboration and other key search functions” including discovering non-traditional content in the deep web and domain-specific content in dark web networks like Tor, I2P and Freenet.
Enabling technologies such as domain customisation, complex event extraction, speech analysis, and text exploitation also address the challenges of creating dynamic, questionable information from billions of social media posts generated by millions of users. Advances in open-source data mining, artificial intelligence, and deep machine learning (advanced algorithms that decipher complex network architectures) are also being applied to big data problems. Militaries may be able to adapt to the digital transformation of modern warfare by investing in deep analysis tools to exploit information nodes, extract key trends and patterns to support operational planning and ultimately harness social media as an instrument of national power.