DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
(U//FOUO) The Intelligent SIGINT Network of the Future
FROM:
Network Analysis Center (S31SD)
Run Date: 10/04/2004
(S//SI) Wouldn't it be great if SIGINT, in near real-time, provided alerts to war fighters on the
ground telling them when and where high-value targets were active on the Global Net? What if
a system existed that could dynamically update tasking selectors based on current target
activity? What if there was one place an analyst could go to monitor target activity from a wide
variety of SIGINT accesses? If you think capabilities like these are still years away from being a
reality, we'd like to take a moment to tell you about TRAFFICTHIEF.
(TS//SI) TRAFFICTHIEF is a service that interconnects disjoint collection systems from active,
passive, and warranted SIGINT accesses via a central messaging service. These collection
systems pass messages containing SIGINT "events" of interest to a central server to provide
near real-time alerts of targets on the Global Net. These event messages are processed by a
centralized TRAFFICTHIEF server and can be forwarded to analysts for action or to other
collection systems to automatically update tasking selectors. An expert system provides
"intelligence" to the TRAFFICTHIEF network by appropriately routing the messages through the
central server.
(S//SI) Started in July 2003 as a rapid prototype development, TRAFFICTHIEF has been
operational on a 24/7 basis since February 2004. It has quickly become a critical link between
SIGINT collection and ground operations in Iraq, and has helped enable the capture of several
high-priority Counter-terrrorism targets.
(S//SI) But why stop there? By combining information from a wide variety of access points with
a variety of target knowledge bases, the possibilities are virtually limitless. For instance
TRAFFICTHIEF could be used to:
Integrate survey and network characterization results with target monitoring in order to
steer the SIGINT collection system in real time. In addition to allowing us to narrow in on
targets of interest, this would improve the efficiency of our limited collection resources
and drastically reduce the amount of traffic that analysts need to sift through in order to
find their targets' communications.
Provide qualitative metrics for collection systems and observed links based on the types
of SIGINT events generated.
Supplement SIGINT events with knowledge gained from open source and previous
analysis.
The TRAFFICTHIEF team is currently working on ways to make these enhancements a reality.
(S//SI) In a very short time, TRAFFICTHIEF has proven the value of transforming our SIGINT
collection architecture into an intelligent network. By combining information from a diverse set
of collection assets, it truly has the potential to revolutionize the way that we do business. If you
are a target analyst, TRAFFICTHIEF can help you track your targets more efficiently. If you are a
system developer, TRAFFICTHIEF can help you move your metadata across the SIGINT system.
If you are developing a target knowledge base, TRAFFICTHIEF can increase the relevance of
your analysis by supplementing collection with your data. So take a moment to look over the
information available on the TRAFFICTHIEF web page to see how you can get involved today.
"(U//FOUO) SIDtoday articles may not be republished or reposted outside NSANet
without the consent of S0121 (DL sid_comms)."
DYNAMIC PAGE -- HIGHEST POSSIBLE CLASSIFICATION IS
TOP SECRET // SI / TK // REL TO USA AUS CAN GBR NZL
DERIVED FROM: NSA/CSSM 1-52, DATED 08 JAN 2007 DECLASSIFY ON: 20320108