Documents
RT Initiative Overview
Jan. 19, 2018
TOP SECRET//COMINT//REL
10
RT Initiative
Overview
Dr. James Heath
Program Management & Advisors: COL Bob Harms / COL Barb Trent /
Michelle Gerhard
Architects:
/ Mark Ross
Presented by
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT Initiative
Overview
Dr. James Heath
Program Management & Advisors: COL Bob Harms / COL Barb Trent /
Michelle Gerhard
Architects:
/ Mark Ross
Presented by
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
Why Innovate?
• Volume & convergence
– Front-end filters data
– Reaching limits on legacy systems
• Latency
– Processing, storing, and query
– Difficult to enable tactical operations
• Analyst Limitations
– Non-integrated tools
– Collaboration limited
– Knowledge-bases are limited
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
Why Innovate?
• Volume & convergence
– Front-end filters data
– Reaching limits on legacy systems
• Latency
– Processing, storing, and query
– Difficult to enable tactical operations
• Analyst Limitations
– Non-integrated tools
– Collaboration limited
– Knowledge-bases are limited
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Overview
• Real-time, distributed architecture for mobile (tactical) and
fixed (national) operational environments
• Provides
–
–
–
–
Access to more comprehensive data in near real-time
Integrated analytical workflow with complementary tools
Real-time alerting, both national and tactical
Integration across national-to-tactical SIGINT capabilities
• Expected Results: Order of magnitude improvements in
real-time SIGNIT architecture for the U.S. Cryptologic
System, focused on national to tactical intelligence,
enabling better decisions in less time.
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Overview
• Real-time, distributed architecture for mobile (tactical) and
fixed (national) operational environments
• Provides
–
–
–
–
Access to more comprehensive data in near real-time
Integrated analytical workflow with complementary tools
Real-time alerting, both national and tactical
Integration across national-to-tactical SIGINT capabilities
• Expected Results: Order of magnitude improvements in
real-time SIGNIT architecture for the U.S. Cryptologic
System, focused on national to tactical intelligence,
enabling better decisions in less time.
TOP SECRET//COMINT//REL
Annex A
Version 1.6
Remote Linguistic
Support Elements
CSTs
Voice Processing
Overflow
ists
rnspts
ueues
(TF-24)
(410)
Queries I
Tasking
Feedbac
NSA-Georgia
Target Knowledge
Linguistic Support
Pre-deployment Training
Alerts/
Refined
Data
CSG
MNC-1
(CASE)
(CORP)
(Marines)
COBRA FOCUS
Target Knowledge
Tool Knowledge
Target Knowledge
Linguistic Support
MOC & Dragon Tamers
Initial TTP Development
TTP Maturation as needed
Pre-deploy Training Base
Develop Best Practices
Host TTP & Best Practices Library
I SECRET//COMINT//REL
I
-,
::i. () 0
Qo
(Product Line TOPls)
Tool Tradecraft Ideas
New Tool Recommendations
3
'"O
<
TTP Testing
te New Aforithms
~"As r~)
~ti,
l&.Trlining
(Vans in Baghdad)
Open Positions: xxx
A&P (NSA-W)
-CD a.
C
-
CJ> .....
CJ> CD
''lfTrJ;P
S
Con
"'U
-,
)> 0
SIGINT Development
GREEN DRAGON
& RAD Elements
Tradecraft and Tool Recommendations
Analytic/Governance Advice
Algorithm (data-mining) development
Apply new TTPs at the National Level
a.
Annex A
Version 1.6
Remote Linguistic
Support Elements
CSTs
Voice Processing
Overflow
ists
rnspts
ueues
(TF-24)
(410)
Queries I
Tasking
Feedbac
NSA-Georgia
Target Knowledge
Linguistic Support
Pre-deployment Training
Alerts/
Refined
Data
CSG
MNC-1
(CASE)
(CORP)
(Marines)
COBRA FOCUS
Target Knowledge
Tool Knowledge
Target Knowledge
Linguistic Support
MOC & Dragon Tamers
Initial TTP Development
TTP Maturation as needed
Pre-deploy Training Base
Develop Best Practices
Host TTP & Best Practices Library
I SECRET//COMINT//REL
I
-,
::i. () 0
Qo
(Product Line TOPls)
Tool Tradecraft Ideas
New Tool Recommendations
3
'"O
<
TTP Testing
te New Aforithms
~"As r~)
~ti,
l&.Trlining
(Vans in Baghdad)
Open Positions: xxx
A&P (NSA-W)
-CD a.
C
-
CJ> .....
CJ> CD
''lfTrJ;P
S
Con
"'U
-,
)> 0
SIGINT Development
GREEN DRAGON
& RAD Elements
Tradecraft and Tool Recommendations
Analytic/Governance Advice
Algorithm (data-mining) development
Apply new TTPs at the National Level
a.
TOP SECRET//COMINT //REL
System Block Diagram - Overview
Generator#1 [trailer]
Automatic
Redundant
Power
Switchover
275KW
380V3P 50Hz
Primary Power
Generator#2 [trailer]
ATS[connex]
I
Auto-Transfer!
380V,3P, 50Hz !
ACl---------J
:I lu
C:
rllf
: l2
40Ton
' 0
275KW
380V,3P, 50Hz
( Redundant
Power
I
200 UPSConnex
'Boot'Van
40Ton
50gpm,
50Hz
Chiller 45degF
[Connex, Water
chmer#2
I
L---{100KWGrowth}
D
'Ops'Van
D
•User Space
•36" Desks= 8 Users
• Desktop Workstations with
UPS
D
2T
[I]
[I]
[I]
[I]
• Chilled Water
for Processor
'Processing'
Yao
• Server Room
• Processing Racks (up to 7)
•Comms and Support Racks (1)
• Closed Loop Cooled Racks
5T
TOP SECRET//COMINT //REL
[Connex]
chmer#t
-
• Chilled Water for
Room Cooling
Chiller
I
100KWUPS
208V,3P, 50Hz
• Security 'Screen'
• Fan-out for Water
Lines
• Controlled
Environmental
Transition
50gpm,
50Hz
45degF
Water
TOP SECRET//COMINT //REL
System Block Diagram - Overview
Generator#1 [trailer]
Automatic
Redundant
Power
Switchover
275KW
380V3P 50Hz
Primary Power
Generator#2 [trailer]
ATS[connex]
I
Auto-Transfer!
380V,3P, 50Hz !
ACl---------J
:I lu
C:
rllf
: l2
40Ton
' 0
275KW
380V,3P, 50Hz
( Redundant
Power
I
200 UPSConnex
'Boot'Van
40Ton
50gpm,
50Hz
Chiller 45degF
[Connex, Water
chmer#2
I
L---{100KWGrowth}
D
'Ops'Van
D
•User Space
•36" Desks= 8 Users
• Desktop Workstations with
UPS
D
2T
[I]
[I]
[I]
[I]
• Chilled Water
for Processor
'Processing'
Yao
• Server Room
• Processing Racks (up to 7)
•Comms and Support Racks (1)
• Closed Loop Cooled Racks
5T
TOP SECRET//COMINT //REL
[Connex]
chmer#t
-
• Chilled Water for
Room Cooling
Chiller
I
100KWUPS
208V,3P, 50Hz
• Security 'Screen'
• Fan-out for Water
Lines
• Controlled
Environmental
Transition
50gpm,
50Hz
45degF
Water
TOP SECRET//COMINT//REL
RT 10 Node Architecture
Ingestion, Validation, Normalization
Inline Algorithms
(e.g. Dy namite , ...)
GOLDMINER
Dimensional Database .......___.
Queue Fed Algorithms
( e.g. HLT Feed, ...)
DNR
DNI
ro..,- -, Query-Fed Algorithms
Other Data
( e.g. SRC, ...)
._.....--. Alert Management and
Alert Notification
VoiceRT
RT10 Applications
RT10 Geo-T
ArcGIS x.x
Named Area of Interest
Sorting Hat/Lead
RaptorT
Renoir , Ana lyst Notebook
Action
TOP SECRET//COMINT//REL
RT 10 Node Architecture
Ingestion, Validation, Normalization
Inline Algorithms
(e.g. Dy namite , ...)
GOLDMINER
Dimensional Database .......___.
Queue Fed Algorithms
( e.g. HLT Feed, ...)
DNR
DNI
ro..,- -, Query-Fed Algorithms
Other Data
( e.g. SRC, ...)
._.....--. Alert Management and
Alert Notification
VoiceRT
RT10 Applications
RT10 Geo-T
ArcGIS x.x
Named Area of Interest
Sorting Hat/Lead
RaptorT
Renoir , Ana lyst Notebook
Action
TOP SECRET //COMINT //REL
TOPSECRET//COMINT//20291123
RT 10 Iraq SPIN 5 (01 Oct-31
[
[
[
[
JUGGERNAUT
MATTERHORN
OBEUSK
Billing Records
[1J
[Ll
[Ll
[Ll
Dec)
Ingestion, Validation, Normalization
Inline Algorithms
(e .g. Dynamite, ...)
GOLDMINER
Dimensional Database
GSM
PSTN
i.,i_---1
ro..,- -,
Queue Fed Algorithms
( e.g. HLT Feed, ...)
Alert Management and
Alert Notification
Action
VoiceRT
RT10 Applications
Entity Database
GeoT
SORTING LEAD
SORTING HAT
TOP SECRET //COMINT //REL
TOPSECRET//COMINT//20291123
RT 10 Iraq SPIN 5 (01 Oct-31
[
[
[
[
JUGGERNAUT
MATTERHORN
OBEUSK
Billing Records
[1J
[Ll
[Ll
[Ll
Dec)
Ingestion, Validation, Normalization
Inline Algorithms
(e .g. Dynamite, ...)
GOLDMINER
Dimensional Database
GSM
PSTN
i.,i_---1
ro..,- -,
Queue Fed Algorithms
( e.g. HLT Feed, ...)
Alert Management and
Alert Notification
Action
VoiceRT
RT10 Applications
Entity Database
GeoT
SORTING LEAD
SORTING HAT
RT 10 Deployments
RT 10 Deployments
TOP SECRET//COMINT//REL
10
RT
in Baghdad, Iraq
• Baghdad, Iraq
– Enable find-fix-finish operations
• Provide immediate access to national / tactical collect
• Integrate collection with geospatial alerting
• Automatically correlate target behavior with collection, ie
pattern-of-life
• Prototype barrier monitoring systems
– Expected results
• Near-real-time data and advanced analytical tools provided to
in-country units enable tactical decisions
• VoiceRT provides alerting on spoken selectors, speaker
identification, language identification, and content mining
• Checkpoint data provides SIGINT tie to targets
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
in Baghdad, Iraq
• Baghdad, Iraq
– Enable find-fix-finish operations
• Provide immediate access to national / tactical collect
• Integrate collection with geospatial alerting
• Automatically correlate target behavior with collection, ie
pattern-of-life
• Prototype barrier monitoring systems
– Expected results
• Near-real-time data and advanced analytical tools provided to
in-country units enable tactical decisions
• VoiceRT provides alerting on spoken selectors, speaker
identification, language identification, and content mining
• Checkpoint data provides SIGINT tie to targets
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Geospatial - GeoT
• Geospatial awareness
– GeoT
• Thin client similar to Google Maps and TIVO
– Satellite imagery / other map layers
– Overlay collection in real-time
• Integrated with targeting database
– Analyst defines named areas of interest
– Can receive alerts when targets are detected in area
• Display the health and coverage of SIGINT system
– Where are our blind spots?
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Geospatial - GeoT
• Geospatial awareness
– GeoT
• Thin client similar to Google Maps and TIVO
– Satellite imagery / other map layers
– Overlay collection in real-time
• Integrated with targeting database
– Analyst defines named areas of interest
– Can receive alerts when targets are detected in area
• Display the health and coverage of SIGINT system
– Where are our blind spots?
TOP SECRET//COMINT//REL
TOP
GeoT al-Time Collection
Scenarios
Event Flten'n- Decision 5 ?art Alert Mane-omen: Tool Mane-omen:
EIILH IIHI
laructs I 0 Watch
.-1 Tr? I
edit urn:
-
l] Done Local irtranet
TOP
GeoT al-Time Collection
Scenarios
Event Flten'n- Decision 5 ?art Alert Mane-omen: Tool Mane-omen:
EIILH IIHI
laructs I 0 Watch
.-1 Tr? I
edit urn:
-
l] Done Local irtranet
TOP SECRET //COMINT //REL
GeoT & Collection Status
RT-10
t
c:ICSH
t Cl Naltonal
f
~ lnfras. tru cu.re
,
DJuggemaut
DObeli.i..
C,A,r Interf-
...-n
Dt1ou .
t
t
C, fec:t 1col
f C,A1r l nle rfoce
DMT
Cl Basel 1ne
D 1r-CBR
At.ho«- CBR
D
D A11• Ce II
t
CIIR
c:IPST N
, c:INotlonal
t
C:, lnfrM
t r ucure
Dw
TOP SECRET //COMINT //REL
TOP SECRET //COMINT //REL
GeoT & Collection Status
RT-10
t
c:ICSH
t Cl Naltonal
f
~ lnfras. tru cu.re
,
DJuggemaut
DObeli.i..
C,A,r Interf-
...-n
Dt1ou .
t
t
C, fec:t 1col
f C,A1r l nle rfoce
DMT
Cl Basel 1ne
D 1r-CBR
At.ho«- CBR
D
D A11• Ce II
t
CIIR
c:IPST N
, c:INotlonal
t
C:, lnfrM
t r ucure
Dw
TOP SECRET //COMINT //REL
TOP SECRET //COMINT //REL
IntegratedTargetDatabase
~
R.TIO Portal - Miaosoft
Internet
EMplorer
Go
Sou rce )Jugg ernaut
Phone
11
E- ma il
Phon e
l soo/o..:.]
c onf. ) 50 %
11
Address
Not es
c onf.
Conf.
..!J
I soo/o.:.1
Conf . ) 50% .:)
IM S I
IP
c onf . ) 50% ..:::]
c onf . ) 50% ..:::]
Con f.
F'req uen cy
City
c on f.
I soo/o.:.1
1soo/o.:.1
d
con f.
IM EI
MAC Addr.
l soo/o..:.]
Conf .
)50 % .:.]
s erial #
)50%
con f .
.:)
Countr y
Conf.
J50 % .:.]
:g
:g
:8
;s
.:J
Eepand All I c ollapse All
+ J'
+
Source
/? X
" X
Qua dras poct re
Goldminer
.,
+
+ .?
+ .?
!i'ioonc
.
lo~rn et
TOP SECRET //COMINT //REL
IntegratedTargetDatabase
~
R.TIO Portal - Miaosoft
Internet
EMplorer
Go
Sou rce )Jugg ernaut
Phone
11
E- ma il
Phon e
l soo/o..:.]
c onf. ) 50 %
11
Address
Not es
c onf.
Conf.
..!J
I soo/o.:.1
Conf . ) 50% .:)
IM S I
IP
c onf . ) 50% ..:::]
c onf . ) 50% ..:::]
Con f.
F'req uen cy
City
c on f.
I soo/o.:.1
1soo/o.:.1
d
con f.
IM EI
MAC Addr.
l soo/o..:.]
Conf .
)50 % .:.]
s erial #
)50%
con f .
.:)
Countr y
Conf.
J50 % .:.]
:g
:g
:8
;s
.:J
Eepand All I c ollapse All
+ J'
+
Source
/? X
" X
Qua dras poct re
Goldminer
.,
+
+ .?
+ .?
!i'ioonc
.
lo~rn et
TOP SECRET//COMINT//REL
10
RT
Geospatial Integration
• Logical views
– SORTING HAT (R62)
• Integrated SIGINT query
– Historical SIGINT reports (Innovisions Testflight)
– GLOBAL REACH
– GOLDMINER / RT10
– Social Relationship Clustiner (GCHQ/R62)
• Approximates social network analysis
• Uses 11 algorithms to qualitatively connect targets
– Analyst’s Notebook and Renoir (InfoVis)
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Geospatial Integration
• Logical views
– SORTING HAT (R62)
• Integrated SIGINT query
– Historical SIGINT reports (Innovisions Testflight)
– GLOBAL REACH
– GOLDMINER / RT10
– Social Relationship Clustiner (GCHQ/R62)
• Approximates social network analysis
• Uses 11 algorithms to qualitatively connect targets
– Analyst’s Notebook and Renoir (InfoVis)
TOP SECRET//COMINT//REL
TOP SECRET //COMINT //REL
SORTING HAT (R62)
MiUIIISIHRilhhliii,i,Si:li#·ilffifMd@i
Ute Edit \liew Iools !)lestions Benoir
D
~ ~IXI""'
rnEl rna]10
[• l~~LSe=h
.-
€',
I"" v GI.®. e.©.]
G El Se:orch Fwotihrs T
I li!lli,oo, -Mi,o,:ft
!
!
... lfil "" "' JOU otes ... ~ (l.(Ouan,mt • N•..
!a, Jmcc nsde
U~ sO~TINGHATG... l!i'.Jaet_al_oct;Ne.b •..
! l<lJl;jla
<,;>
~ ~ io,ss •M
TOP SECRET //COMINT //REL
SORTING HAT (R62)
MiUIIISIHRilhhliii,i,Si:li#·ilffifMd@i
Ute Edit \liew Iools !)lestions Benoir
D
~ ~IXI""'
rnEl rna]10
[• l~~LSe=h
.-
€',
I"" v GI.®. e.©.]
G El Se:orch Fwotihrs T
I li!lli,oo, -Mi,o,:ft
!
!
... lfil "" "' JOU otes ... ~ (l.(Ouan,mt • N•..
!a, Jmcc nsde
U~ sO~TINGHATG... l!i'.Jaet_al_oct;Ne.b •..
! l<lJl;jla
<,;>
~ ~ io,ss •M
TOP
Social Relationship Clustering
R62 Demonstrator
I
2053 5370 3931
-
4
. 71730 4532
1919 I
303 45620
?8?6 775
RE
1471 1
:c 6691 {-22:22
1333-
327 4293 15153
4137
7557 7 1 27
)746 5999 A
16369 1170 1
7331 13339 6973
7276
3247 6320
20760
31546 20076157 3530
A
[am
12139
9513 27417
10033
Big] v, 63093 596
753
139 -
13765
3413
Scramble I Shake [7 Hidden Links Relationships External Clusters [7 Freeze
50+ 4U 3U 20 10 All
TOP
Social Relationship Clustering
R62 Demonstrator
I
2053 5370 3931
-
4
. 71730 4532
1919 I
303 45620
?8?6 775
RE
1471 1
:c 6691 {-22:22
1333-
327 4293 15153
4137
7557 7 1 27
)746 5999 A
16369 1170 1
7331 13339 6973
7276
3247 6320
20760
31546 20076157 3530
A
[am
12139
9513 27417
10033
Big] v, 63093 596
753
139 -
13765
3413
Scramble I Shake [7 Hidden Links Relationships External Clusters [7 Freeze
50+ 4U 3U 20 10 All
TOP SECRET//COMINT//REL
ANB Integration (InfoVis)
Renoir w/in SORTING HAT
Analyst’s Notebook
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
ANB Integration (InfoVis)
Renoir w/in SORTING HAT
Analyst’s Notebook
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Geospatial Integration
• Geospatial transform for a logical view?
– Single selector
• Last detected activity (or that within area of interest)
• All activity (or that within area of interest)
• Others: timeline view, color coded based on activity, area of
interest, etc.
– Graph
• Some variation of single selector with graph overlaid
• Every instance of activity between two callers
– What transformation does the analyst expect?
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
10
RT
Geospatial Integration
• Geospatial transform for a logical view?
– Single selector
• Last detected activity (or that within area of interest)
• All activity (or that within area of interest)
• Others: timeline view, color coded based on activity, area of
interest, etc.
– Graph
• Some variation of single selector with graph overlaid
• Every instance of activity between two callers
– What transformation does the analyst expect?
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
Precise Geolocation of Handset
• Increasing precision with GSM geolocation
– RT10 is situated at front-end
• More access to timing advance data
– Several RT10 and agency efforts
• Manipulate GSM infrastructure to have data from
multiple cell towers
• SHARPFOCUS-2 (S327)
• TOGA (RT10 - NRO/Penn State)
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
Precise Geolocation of Handset
• Increasing precision with GSM geolocation
– RT10 is situated at front-end
• More access to timing advance data
– Several RT10 and agency efforts
• Manipulate GSM infrastructure to have data from
multiple cell towers
• SHARPFOCUS-2 (S327)
• TOGA (RT10 - NRO/Penn State)
TOP SECRET//COMINT//REL
TOP
TD
0
8
9
Co
TOP
TD
0
8
9
Co
TOP SECRET//COMINT//REL
Automated Analysis
• SORTING LEAD (R62)
– Characterizes GSM behavior
• Based on location, time-of-day, callee, etc.
• Identifies
– When target has multiple phones
– When target has swapped phones
– When target deviates in behavior
– Correlate DNI persona to GSM handset
• Enable tactical operations, tracking of DNI targets
• Help with internet café geolocation problem
TOP SECRET//COMINT//REL
TOP SECRET//COMINT//REL
Automated Analysis
• SORTING LEAD (R62)
– Characterizes GSM behavior
• Based on location, time-of-day, callee, etc.
• Identifies
– When target has multiple phones
– When target has swapped phones
– When target deviates in behavior
– Correlate DNI persona to GSM handset
• Enable tactical operations, tracking of DNI targets
• Help with internet café geolocation problem
TOP SECRET//COMINT//REL
TOP
DNI Correlation Example
QSpaceiTme Analysis
2006.01.23 at08124215
Pause
TOP
DNI Correlation Example
QSpaceiTme Analysis
2006.01.23 at08124215
Pause
TOP
Questions?
TOP
TOP
Questions?
TOP