Documents

Preston Business Processes

Jun. 7 2016 — 8:20a.m.

/24
1/24

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 PRESTON Business Processes Version 1.0 Synopsis The purpose of this document is to present a brief study of the PRESTON Business Processes. Signature Creator: Approver(s): Date (TPS) (OPA-SSOS) (OPA-SSOS) (TFE) 1 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 Distribution (H/OPA-SSOS) (OPP-LEG) (OPA-SSOS) (H/GSOC) (OPA-SSOS) (GSOC) (OPA-SSOS) (GSOC) (OPA-SSOS) (GSOC) (OPA-SSOS) (GSOC) (OPA-SSOS) (GSOC) (TFE) (R41) (TFE) (OPD-GTE) (TFE) (OPA-BUDE SSO) (TPM) (OPA-SCAR) (NTAC) (ITSERV) (NTAC) (ITSERV) (NTAC) (ITSERV) (OPA-ACD SMT) (OPA-ACD) (OPA-ACD Dataflow) (OPA-ACD) (OPI-BROK) Document Amendment History Version Date R&A 0.5 17 April 2007 - 0.6 8 May 2007 Yes 1.0 8 May 2007 - Amendments Updated following review with PRESTON Ops. Updated following formal review (reference PRR Sigmod/00184CPO/4502/SIG006 400/16) First formal issue Soft Copy References File References for this document when issued: vob:/preston/tech/analysis/preston-business-analysis.doc 2 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 Contents 1 INTRODUCTION.................................................................................................5 1.1 Objectives ..........................................................................................................5 1.2 Glossary.............................................................................................................5 2 USE CASES .......................................................................................................6 2.1 Use-Case Model Overview................................................................................6 2.2 Actors.................................................................................................................6 2.3 Use cases ..........................................................................................................6 3 USE CASE: ENABLE INTERCEPTION .............................................................7 3.1 Brief description................................................................................................7 3.2 Basic flow ..........................................................................................................8 3.3 Alternate flows ..................................................................................................8 4 USE CASE: DISABLE INTERCEPTION ..........................................................10 4.1 Brief description..............................................................................................10 4.2 Preconditions ..................................................................................................10 4.3 Basic flow ........................................................................................................10 4.4 Further detail ...................................................................................................10 5 USE CASE: PRODUCE INTELLIGENCE ........................................................11 5.1 Brief description..............................................................................................11 5.2 Preconditions ..................................................................................................12 5.3 Basic flow ........................................................................................................12 5.4 Alternate flows ................................................................................................12 6 USE CASE ANALYSIS.....................................................................................13 6.1 Enable interception.........................................................................................13 6.2 Produce intelligence .......................................................................................17 6.3 Business Workers and Business Actors ......................................................18 6.4 Business Entities ............................................................................................19 3 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 6.5 Organisational responsibilities......................................................................21 7 DERIVED USE CASES ....................................................................................22 7.1 Collection system ...........................................................................................22 7.2 Stream routing.................................................................................................23 4 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 1 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 INTRODUCTION 1.1 Objectives This document presents analysis on the PRESTON business processes. This analysis can be used: • To understand how business change affects the system. • To derive requirements for the development. • To derive test cases to verify the correctness of the development. The objectives of this document are: • To present the PRESTON business processes. • To describe how the business processes are implemented using the PRESTON systems. • To derive use cases from the business processes. 1.2 Glossary GCHQ Government Communications Headquarters. NTAC National Technical Assistance Centre. 5 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 2 2.1 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 USE CASES Use-Case Model Overview The Business Use Case Model for PRESTON is presented in the diagram below. Interception authority Enable interception Disable interception Intelligence analyst Target Produce intelligence 2.2 Actors The Use Case Model describes the following actors: Interception authority The interception authority is responsible for approving the interception warrants placed on targets. Target The target is a potential source of intelligence. Intelligence analyst The intelligence analyst is responsible for delivering intelligence from intercepted target communications. 2.3 Use cases The Use Case Model describes the following Use Cases: Enable interception This use case describes how the Intelligence analyst enables an interception service. Disable interception This use case describes how the Intelligence analyst terminates use of an interception service. Produce intelligence This use case describes how an Intelligence analyst produces intelligence from a Target's intercept. 6 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 3 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 USE CASE: ENABLE INTERCEPTION Enable interception Interception authority : Intelligence analyst Intelligence analyst : Interception authority : Inter ception capa bil ity Identify communication address Intention to target? no yes Request feasibi li ty Draft warrant Conduct feas ibi li ty check no Feasi b le ? Add to schedule Comp lete warrant Consider warrant Approval granted? no yes Prepare collection request Advise Provisi on communi catio n address 3.1 Brief description This use case describes how the Intelligence analyst enables an interception service. 7 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 3.2 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 Basic flow The use case begins when an intelligence analyst wishes to place a target on cover. {Identify communication address} The analyst identifies the target's communication address. For some types of communication, it will be necessary to check the subscriber's identity with the Tasking manager, to verify that the communication address is indeed the property of the target. [Should this include a subscriber check use case?] The analyst requests a feasibility study describing the communication address. The analyst initiates drafting of a warrant application in conjunction with the OPPLEG. {Conduct feasibility check} A feasibility check is performed, in conjunction with the data provider. The communication address is added to the warrant schedule. The warrant is completed, and sent to OPP-LEG. The warrant is sent to the FCO WLD for approval. {Consider warrant} FCO WLD considers the case for the warrant. The WLD apartment advises GCHQ and the interception capability that interception is approved. A collection request form [MIDDLESEX GREEN] is prepared for submission. The communication address is advised to the interception capability and interception begins. The use case ends. 3.3 Alternate flows 3.3.1 No intention to target At {Identify communication address}, if there is no intention to target based on information gained. The use case ends. 3.3.2 Not feasible to intercept At {Conduct feasibility check} if the interception is not feasible. 8 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 The use case ends. 3.3.3 Warrant not approved At {Consider warrant}, if the case for warrantry is not strong enough. The use case ends. 9 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 4 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 USE CASE: DISABLE INTERCEPTION Intelligence analyst : Intelligence analyst Request termination 4.1 Disable interception : I nterce ption capabi lity Term inate interception Brief description This use case describes how the Intelligence analyst terminates use of an interception service. 4.2 Preconditions • 4.3 Target intercept has been enabled. Basic flow The use case begins when an Intelligence analyst wishes to terminate use of an interception warrant. The Intelligence Analyst notifies the tasking authority that the interception is to be terminated. The interception capability is de-tasked, and intercept ceases. The use case ends. 4.4 Further detail There is a follow-up legal process involving OPP-LEG and FCO/WLD where the number(s) are formally removed from the warrant schedule (or the whole warrant is cancelled). 10 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 5 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 USE CASE: PRODUCE INTELLIGENCE Produce intelligence Target : Intelligence analyst : Interception capability Intelligence analyst : Target Communicate Deliver intercept Review intercept Derive intelligence no Reportab le? yes Is sue report 5.1 Brief description This use case describes how an Intelligence analyst produces intelligence from a Target's intercept. 11 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 5.2 Preconditions 5.3 • The communication address has been targeted. • The interception capability has been tasked as a result of a warrant. Basic flow The use case begins when a target communicates using a communication address which is on cover. The target communicates using an intercepted communication resource. The interception capability intercepts the communication, and forwards the intercept to the interception reception centre, where the intercept is processed and forwarded to the Intelligence analyst. The Intelligence analyst reviews the communications intercept, {Derive intelligence} The intelligence analyst analyses the communication and derives information which may be of intelligence value. The Intelligence analyst issues intelligence as intelligence reports. The use case ends. 5.4 Alternate flows 5.4.1 Intercept not reportable At {Derive intelligence} if the communication intercept contains no intelligence. The use case ends. 12 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 6 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 USE CASE ANALYSIS This section looks at the most significant Business Use Cases, and scenarios which realise those use cases. 6.1 Enable interception The Enable interception use case is commonly implemented in one of two ways. Either: • The intercept source is delivered to SD for analysis, before being tasked for operational collection. I use 3 scenarios to describe this process: Enable delivery, Perform survey, Migrate to collection. • The intercept source is well understood and can be immediately tasked for operational collection. The Enable delivery and Enable collection scenarios are used. 6.1.1 Enable delivery The initial enabling of the intercept source is illustrated using the sequence diagram below. The diagram introduces two new roles: Interception capability The interception capability provides the means to intercept a target's communications. Interception is normally possible when empowered by an approved warrant. Tasking manager The Tasking manager is responsible for ensuring the continuing delivery of intercept derived from warrants from the Target to the Intelligence analyst. The Interception capability describes the interception role, which is usually performed by the CSPs on our behalf – once we have presented them with a warrant. The Interception capability is sometimes owned by NTAC, and is available as a service to us (again, a warrant is required to use the service). The Tasking manager is responsible for all communication with the CSP or NTAC on behalf of the Intelligence Analyst. 13 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes : Intelligence analyst Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 : Interception a utho rity : Interception capability : Ta sking manage r Identify target( ) Identify interception case( ) Coll ate s upporting evidence( ) Produce warrant( ) Review warrant( ) Manage add task request( ) Raise warrant schedule( ) Enable interception( ) Che ck intercept de li very( ) This scenario describes how the intercept is enabled only. At this stage, no tasking is applied, nor is the intercept routed to a particular location. The Tasking manager ensures that the intercept is delivered correctly. 6.1.2 Perform survey For the Perform survey scenario, two new roles are introduced: Stream routing The Stream rouing is responsible for delivery of intercept to the appropriate party for processing. SD analyst The SD analyst is responsible for maintaining an understanding of the Target's communication technology, and ensuring that the system can continue to process the Target's communications. The Tasking Manager manages the routing of the intercept to the SD analyst using 14 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 the Stream routing function. : Intelli gence ana lyst : Tasking manager Route to SD analyst : Stream routing : SD anal ys t Add stream route( ) Conduct survey( ) Assess intelligence value( ) Develop processing configuration( ) The SD analyst performs a survey and provides the Intelligence analyst with information to allow them to Assess the intelligence value of the new intercept source. If the signal is going to be tasked for operational collection, the SD analyst also develops a processing configuration which will allow the intercept source to be tasked operationally. 6.1.3 Migrate to collection For this scenario, I introduce 3 new roles: System administrator The System Administrator is responsible for maintaining the processing systems to ensure their continued contribution to the interception process. Collection manager The Collection manager is responsible for ensuring the continued delivery of processed intercept items from raw intercept. Collection system The collection system is responsible for processing a target's raw intercept and delivering the processed intercept items to an Intelligence Analyst, thus enabling them to produce intelligence. The Tasking manager manages the migration of the intercept source to operational collection tasking. 15 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes : Tasking manager : System a dmini strator Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 : Collection manager : Collection system : Stream routing Update LIID tasking( ) Migrate processing configuration( ) Inform configuration migrated( ) Ad d tasking req uest( ) Implement collection task( ) Begin stream processing( ) Modify stream route( ) The System Administrator migrates the tasking configuration to the operational system. The Collection manager manages the Collection system, and so is responsible for addition of the processing task, along with day-to-day monitoring of the task. 16 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 6.1.4 Enable collection This scenario describes how the intercept source is enabled for operational collection with a survey stage. The Tasking manager manages this migration – this scenario is very similar to the Migrate to collection scenario. : Tasking manager : Stream routing : Collection manager : Collection system Update LIID tasking( ) Add tas king request( ) Implement collection task( ) Begin stream processing( ) Add stream route( ) Route to collection system 6.2 Produce intelligence 1: Communicate( ) 6: Issue report( ) 3: Route intercept( ) : Stream routing 4: Process intercept( ) : Target : Intelli gence analyst 2: De liver intercept( ) 5: Derive intelligence( ) : Interception capability : Collection system This scenario illustrates how the Interception capability, Stream routing and Collection system collaborate to deliver intercept to the Intelligence analyst. 17 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 6.3 Business Workers and Business Actors Target Communicate() Stream routing Add stream route() Delete stream route() Modify stream route() Route intercept() Interception capability Enable interception() Disable interception() Deliver intercept() Coll ectio n syste m Collection manager Taski ng man ager Raise warrant schedule() Check intercept delivery() Manage add task request() Manage delete task request() Update routing instruction() Add tasking request() Delete tasking request() Inform configuration migrated() Update LIID tasking() Implement collection task() Delete collection task() Process intercept() Begin stream processing() End stream processing() SD analyst Conduct survey() Develop processing configuration() System administrator Migrate processing configuration() Interception authority Review w arrant() Intelligence analyst Identify target() Identify interception case() Collate supporting evidence() Produce warrant() Assess intelligence value() Derive intelligence() Issue report() The roles identified can be represented as Business Workers in RUP (Rational Unified Process). The diagram above shows the Business Actors and Business Workers along with their roles. An association is shown between Actors and Workers which interact. 18 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 6.4 Business Entities Ta skin g manager Raise warrant schedule() Check intercept delivery() Manage add task request() Manage delete task request() Update routing instruction() Add tasking request() Delete tasking request() Inform configuration migrated() Update LIID tasking() Stream rou te Add route() Delete route() Collection manager Implement colle cti on ta sk() Dele te colle ction ta sk() Collection Task 1 Add task() Delete task() Proce ssing task 1 Add task() Delete task() Business entities represent ways in which the business stores and exchanges information in order to do its work. The diagram above introduces three Business Entities. Stream route A stream route describes an instruction to deliver intercept to a particular intercept processing function. Collection task A collection task describes an intercept collection task at a high level. It describes the target's details, the resources to use, and the configuration to use. Processing task The Processing task describes an instruction to a Collection system to process intercept. The Stream route is used to route a PRESTON intercept source from its point of reception at GCHQ to its processing location. No processing occurs on the intercept stream until it is routed to its correct location. E.g. a task on the TERRAIN system, or to an analyst performing offline analysis. The Processing task is a low-level processing instruction for a Collection system to process a source of intercept. The Collection task is a high-level instruction, and is used to communicate operational tasking information from the Tasking manager to the Collection manager e.g. a task on HANGER LANE. 19 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Tasking manager Raise wa rrant sch edule () Check intercept delivery() Manag e add task req uest() Manag e delete task request() Update routi ng instru ction() Add tasking requ est() Delete tasking req uest() Inform configuration m igrated() Update LIID tasking() Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 Intelli gence an alyst Identify target() Identify i ntercepti on case() Collate supporting evidence() Produce warrant() Asse ss intel ligence va lue() Derive intelli gence() Issue rep ort() Interception authority Review w arrant() Warrant Warrant schedule Create () 0..* Create() Approve() The Warrant schedule and Warrant entities are shown in the above diagram. Warrant A warrant names the target and states the purpose(s) for which the warrant has been issued. It is usually issued by a Secretary of State. In exceptional circumstances it may be issued by a senior official, providing this has been expressly authorised by a Secretary of State. Warrant schedule A warrant schedule lists the selection factors which can be used in the interception. A warrant can have a number of schedules. 20 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 6.5 Organisational responsibilities NTAC GCHQ Interception capability SD analyst System administrator Stream routing Collection manager Coll ectio n system Ta ski ng manage r Most of the roles discussed here are specific to GCHQ’s business. NTAC’s service is the provision of the interception capability. Currently, the roles are fulfilled thus: Interception capability This is a service which CSPs are mandated to provide under RIPA. NTAC manages the delivery of these services for all UK agencies. System administrator This role is fulfilled by TSS-ISS for PRESTON. SD analyst OPD-GTE are mainly responsible for survey of PRESTON data, but this role is also shared with SD staff at Bude or Scarborough to share the load. Collection manager This role is fulfilled by GSOC who provide 24hr monitoring of the collection systems. Stream routing The NHIS router product provides this function. Collection system The TERRAIN product performs processing for PRESTON. Tasking manager PRESTON OPS (CADWELL PARK) manage PRESTON tasking. 21 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes 7 Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 DERIVED USE CASES 7.1 Collection system The following section briefly describes the Use Cases which apply to the Collection system. Begin stream processing Collection manager End stream processing Stream routing Process intercept Intellig ence analyst The following Use Cases are derived: Begin stream processing This use case describes how the Collection manager initiates processing of an intercept stream. End stream processing This use case describes how the Collection manager terminates processing of an intercept stream. Process intercept This use case describes how the stream routing function delivers intercept to the Collection system for processing, and delivery to the Intelligence analyst. The following actors have been defined previously: Collection manager The Collection manager is responsible for ensuring the continued delivery of processed intercept items from raw intercept. Stream routing The Stream routing is responsible for delivery of intercept to the appropriate party for processing. Intelligence analyst The intelligence analyst is responsible for delivering intelligence from intercepted target communications. 22 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 7.2 Stream routing The following section briefly describes the Use Cases which apply to the Stream routing. Add stream route Taski ng mana ger Delete stream route Modify stream route Route intercept Interception capabi lity Coll ection system The following Use Cases are derived: Add stream route This use case describes how a Tasking manager adds a new stream route instruction to the Stream routing's routing table. Delete stream route This use case describes how a Tasking manager deletes an existing stream route instruction from the Stream routing's routing table. Modify stream route This use case describes how a Tasking manager modifies an existing stream route instruction in the Stream routing's routing table. Route intercept This use case describes how the Stream routing routes intercept received from the Interception capability to the appropriate Collection system in accordance with the routing instructions. The following actors have been defined previously: Tasking manager The Tasking manager is responsible for ensuring the continuing delivery of intercept derived from warrants from the Target to the Intelligence analyst. 23 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

SECRET STRAP 1 PRESTON Business Processes Sigmod/00003CPO/4502/SIG010900/23 8 May 2007 Interception capability The interception capability provides the means to intercept a target's communications. Interception is normally possible when empowered by an approved warrant. Collection system The collection system is responsible for processing a target's raw intercept and delivering the processed intercept items to an Intelligence Analyst, thus enabling them to produce intelligence. 24 of 24 This information is exempt from disclosure under the Freedom of Information Act 2000 and may be subject to exemption under other UK information legislation. Refer disclosure requests to GCHQ on SECRET STRAP 1

Filters SVG