Predicting Terror Attacks

Ancient civilizations, such as the Chaldeans, tried to predict the future by studying the movement of the planets and stars. Today’s intelligence analysts face a similarly daunting task as they try to predict future terrorist movements by sifting through thousands of reports, data bits, tips, records, and electronic transmissions.

Creating a methodology for detecting constellations of evidence is a top priority for the intelligence community. The RAND Corporation may have found a way to do just that.

Its Atypical Signal Analysis and Processing (ASAP) schema works like this: Information on “watched entities”—people, places, things, and financial services suspected as being relevant to terrorist activity against infrastructure or commerce—is gathered from external sources. This entails collection of reports from field agents, not data mining, says John Hollywood, lead author of the RAND report on ASAP.

This data is supplemented by “precedent-setting phenomena,” which are basically descriptions of suspicious behavior by observers, such as the presence of certain students at flight schools or the appearance of an SUV with 10 cell phones inside shortly before a hotel bombing in Kenya in late 2002.

This information goes into a central pool. For this process to find anomalies, ASAP must maintain profiles of normal behavior in such fields as international commerce and hazardous-materials shipment.

Next, “automated detection agents” would filter the information in search of out-of-the-ordinary signals, such as abnormal trends. These signals would become stars in the constellation or, as RAND puts it, the “dots” in a “connect the dots” exercise.

Once these dots are identified, software looks for relationships between the dots. It also performs “backsweeping,” or searching for previously unremarkable data that relate to the dots. It might also help discard data wrongly linked together, explains Hollywood, such as, in the Washington-area sniper shootings, the presence of a white box-truck or van, which set back the investigation.

When dots are linked, “hypothesis agents can be tasked to create possible interpretations for the linked dots and to create corresponding testing plans to determine whether the hypotheses are correct,” according to a RAND description of the process. These agents determine which phenomena should get priority for follow-up investigation. The highest-priority results are sent to analysts.

Finally, the approach notifies analysts when other analysts are looking at related pieces of information, and it opens channels of communications between them.

Full implementation of ASAP is years away, says Hollywood. Yet he adds that ASAP can be put to use immediately with manual processes substituting for automated ones, until the latter can eventually be plugged in.