Menwith initiatives maximizing our access

salame nu. MHS Initiatives Maximizing our Access Inlemel Development and Exploitation (INDEX) Technical Director

TOP SECRET//COMINT//REL TO USA, FVEY Optimizing the Traffic Fairy Working across the IC to enhance tools with the lessons we learn. • • • • ASPHALT BLACKTOP TARMAC GTE / INDEX : Collect it all : Survey it all : Process it all : Exploit it all MHS Environment • • • • • • • 102 Satellites visible 56 Tasked satellites 178 Transponders (800 MHz) 51 GHz of Coarse BW 17 GHz of Occupied BW 8793 Signals Source: 2008 ROADBED Pull Building Prototypes to Help us “Learn by Doing” TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY ASPHALT : “Collect-it-all” “Why Can’t We Collect All The Signals, All The Time? Sounds like a good summer homework project for Menwith!” LTG Keith Alexander talking about FORNSAT during a 16 June 2008 visit to MHS – ASPHALT Approach / Principles • • • • Focus on the middle 90% Attack the Bottlenecks Stress Scalability Experience to inform • Minimize Complexity – – – • Open, Service Oriented Architecture – – • Strong Use of Standards Loosely Coupled Components Simplified Deployments, Maintenance, and Operations “Best of Breed” component selection Heterogeneous components Packetized Signal Distribution – – Near lossless & distortion free distribution Enables a “data center” based solution TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY BLACKTOP : “Survey it all” Today: MHS Surveys ~1K signals each month Goal: Survey ~9K* signals every 2 weeks by Nov. 2010 The Plan: • Partner with existing tool providers to build a better survey suite – – – • DARKQUEST (NSA) Spider (NRO) SHAREDVISION / QUEST EVIL EYE (GCHQ) ROADBED Add new capabilities to enhance corporate tools – – Improve TDMA Detection Incorporate new algorithms (e.g. Best guess demodulator) – Do more than just demodulate • Understand the target in context • Use survey to automatically drive sustained collection Know our environment! * There are approximately 9000 signals in the viewable arc at MHS, so this equates to all signals in our environment. TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY TARMAC: “Process-it-all” ASPHALT, NOSEYPARKER, Torus antenna & new missions will produce more data than ever. How can we scale up our access processing? TARMAC is a Study to use Special Source Access Techniques in the FORNSAT / OH Realm: • Supports GCHQ’s OneIP Initiative • Produces Single Line Records (SLRs) from MHS IP collection • SLRs are sent to BLACKHOLE event database at GCHQ • Query Focused Datasets (QFDs) are derived from this data to support analytic efforts It’s all about the metadata! ≈ 6,000,000 events / day TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY GTE at MHS : “Exploit it All” • Develop pioneering collection capability across the SIGINT community • Established at MHS April 2010 • Increase value of MHS access • DNR data from NOSEYPARKER & Specials forwarded to Knowledge Bases • 175 MHS DNI links surveyed / day • Protocol exploitation & development • Internet Application Protocol analysis • 80+ XKEYSCORE Signatures • Personal security products • Mobile internet applications TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY Access - Challenges <2009 2011 >2011 ~140 Sigs processed out of ~9000 ~ 1.5% ~3000 Sigs processed out of ~9000 ~ 30% ~9000 Sigs processed out of ~9000 ~ 44% Full-Take Metadata Survey Menwith Hill Station • Automatic promotion of data based on broad tasking authority • If we can promote internally, why not across access? • Need visibility of other accesses – does that include health and wealth? TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY MHS Initiatives Maximizing our Access Questions? XXXXXXXXXX Internet Development and Exploitation (INDEX) Technical Director TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY What’s Next for ASPHALT? BASSQUEST Tech Transfer • • • NSA FORNSAT “Access-it-all” Architecture Radio service based on ASPHALT principles Yakima is the first scheduled deployment Keep Improving the Prototype • Add more demodulators – – • Demonstrate cross-access support – – • R4 GNU Software radio GRANDPIANO (Generic TDMA Architecture) NOSEY PARKER Overhead Incorporate Geolocation Techniques – – – DIRNSA’s VSAT Geolocation Task Coarse OH / FORNSAT Geolocation (FOGHORN) APPARITION Collaboration BASSQUEST Architecture TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY Organizing a Night Out MUTANT BROTH Where is my target? When does he access the Internet? MEMORY HOLE: Who uses Search Term “X”? SOCIAL ANIMAL: Who is my target communicating with? KARMA POLICE: Which selectors have visited which websites? TOP SECRET//COMINT//REL TO USA, FVEY

TOP SECRET//COMINT//REL TO USA, FVEY (U) “IP data” in from TURBLENCE “Stage 0” front-end MHS Mission Ops. Finding Targets with Metadata TELLURIAN. Running PPF apps to generate SLR’s or Presence Events (TDI’s) O/P Single Line Records “SLR’s” Also ingest “Event Data” into MHS CLOUD. Request from JCE to test the Cloud’s QFD capability. GCHQ / MHS IPT / TOPI Analyst MAILORDER: SLR’s Events Data sent to GCHQ. SOCIAL ANIMAL: Who is my target communicating with? BLACK HOLE: Database that Stores SLRs Every 24 hours a subset of the SLRs (“events”) are extracted, indexed and loaded into databases known as QFDs KARMA POLICE: Which selectors have visited which websites? access ;;;;;;;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;;;;;;;;;; ;;;;;;;;;;;;; MUTANT BROTH : Where is my target? When does he accessthe Internet? AUTO ASSOC: Automated alias identification seen on same IP within “Short Timeframe” on multiple occasions. MEMORY HOLE: Who uses Search Term “X”? TOP SECRET//COMINT//REL TO USA, FVEY