The Increasing Threat to the Global Energy Supply

The Increasing Threat to the Global Energy Supply

This month’s attack on Saudi Arabia’s Abqaiq oil processing facility, which is the world’s largest and accounts for five percent of global oil supplies, resulted in one of the biggest oil price increases  ever recorded. 

More importantly, it demonstrated that the world’s energy infrastructure is vulnerable, can be severely disrupted and is an increasingly likely target for bad actors.

Recent Attacks Reinforce the Threat

Other recent examples – of both cyber and physical attacks – reinforce the threat.

In 2008, an alleged cyber attack blew up an oil pipeline in Turkey, shutting it down for three weeks.  In 2015, a Distributed Denial of Service (DDos)  attack brought down a section of the Ukrainian power grid — for just six hours, but substations on the grid had to be operated manually for months.  Another attack in the Ukraine occurred just a year later, reportedly carried out by Russian actors. And, the Abqaiq facility itself had been the target of a thwarted Al Qaeda suicide bomber attack in 2006.

Threats to Physical Security

A 2018 report by the United Nations Office of Counter-Terrorism outlined the most intuitive physical threats to critical infrastructure, including the energy sector, involved the use of explosives or incendiary devices, rockets, MANPADs, grenades and tools to induce arson.

That same report noted that the energy sector has witnessed sustained terrorist activity through attacks perpetrated by Al Qaeda and its affiliates on oil companies’ facilities and personnel in Algeria, Iraq, Kuwait, Pakistan, Saudi Arabia and Yemen.

Increasing Intensity of DDoS Attacks

In addition to physical threats, it is estimated that by 2020, at least five countries will see foreign hackers take all or part of their national energy grid offline through Permanent Denial of Service (PDoS) attacks. And, DDoS attacks like those in the Ukraine are becoming increasingly severe.  Studies show that the number of total DDoS attacks decreased by 18 percent year-over-year in Q2 2017.  At the same time, there was a 19 percent increase in the average number of attacks per target.

U.S. is the “Holy Grail”

Disruption of the U.S. power grid is considered the “holy grail,” and experts predict that the energy industry could be an early battleground, not only the power sector, but the nation’s pipelines and the entirety of the supply chain. 

In fact, last year the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) publicly accused the Russians of cyberattacks on small utility companies in the United States.  In a joint Technical Alert  (TA), the agencies said Russian hackers conducted spear phishing attacks and staged malware in the control rooms with the goal of gathering data to create detrimental harm to critical U.S. infrastructure.

900 “Vulnerabilities” Found in the U.S. Energy Systems

This specific incident aside, DHS’s Industrial Control System Computer Emergency Response Team found nearly 900 cyber security vulnerabilities in U.S. energy control systems between 2011 and 2015, more than any other industry.  It’s not surprising that the international oil sector alone is expected to increase investments on cyber defenses by $1.9 billion this year. 

Investment in Physical Security Will Reach $920 billion

With any disruption to the global or national energy supply having serious implications for virtually all industries, especially critical ones like healthcare, transportation, security, and financial services, one report projects that the global critical infrastructure protection market will be worth $118 billion by 2028.

Physical security is expected to account for the highest proportion of spending, and cumulatively will account for $920 billion in investment.

Artificial Intelligence: A Security “Pathway” for the Future

Experts suggest that these investments should include next generation technologies for both physical and cyber security purposes. As one expert put it: “Automation, including via artificial intelligence, is an emerging and future cyber security pathway.”

In addition to the role that automation, artificial intelligence and machine learning can bring to identifying and predicting a physical or cyber attack, research shows that it can also help manage the rising costs associated with it. A study found that only 38 percent of companies are investing in this technology – even though after initial investments, it could represent net saving of $2.09 million.

Learn more about AI-driven Radiance and how it can help identify and predict physical and cyber threats to the energy infrastructure.

The Role of AI in National Security

The Role of AI in National Security

In July, Florida resident Tayyab Tahir Ismail was sentenced to 20 years in prison for distributing information pertaining to explosives online.

According to a press release issued by the FBI, Tahir posted bomb making instructions on the Internet, and on a social media platform. His goal was for that information to be used to create a weapon of mass destruction in support of violent jihad.

Social Media, IoT, Attack Planning and Radicalization

Use of the Internet and social media to propagate radical views, share information related to a terror attack or plan for an attack is well documented.

Technology as a Double-Edged Sword

GAO’s findings echoed those of a report just one year earlier from the Office of the Director of National Intelligence (ODNI), which noted that technology “will be a double-edged sword. On the one hand, it will facilitate terrorist communications, recruitment, logistics, and lethality. On the other, it will provide authorities with more sophisticated techniques to identify and characterize threats….”

The RAND Corporation furthers this analysis of technology’s role in prevention activities, finding that early phase terrorism prevention activities should include monitoring online content advocating violence, and messaging to encourage communities to identify radicalized individuals for intervention.

United Nations:  Internet Can Aid in Counter-Terrorism

Against this backdrop, the United Nations recently found that the significant amount of knowledge about terrorist organizations activities on the Internet can aid in counter-terrorism efforts, and that new technologies are helping proactively prevent, detect and deter terrorist attacks.

AI and machine learning are technologies that continue to take center stage in the identification of online threats and prevention of catastrophic events, whether it’s from Islamic or right-wing extremists.

AI Can Help Assess Threats and Enhance Situational Awareness

In fact when it comes to enhancing situational awareness (SA), and better detecting and discerning real attacks from false alarms, the Center for Strategic and International Studies (CSIS) noted that “AI applications for all-source data fusion, front-line analysis, and predictive analytics promise the potential to unlock new insights and effectively enhance strategic SA.”

The organization went on to say that the vast amounts of open-source data available through media, social media and the Internet of Things provides new indicators that are relevant to SA. Importantly, AI data mining can process large amounts of this information quickly and efficiently increase precision in the detail and quality of information collected.  

The Radiance Solution

That’s exactly where technologies like Lumina’s Radiance platform come into play.  Radiance’s Open Source Intelligence (OS-INT) includes more than 6,500 terms related to potential national security risks and threats. The platform conducts nearly 135,000 searches across all publicly-available data on the web, correlating names with these terms and cross-referencing over 1 million queries into Lumina’s proprietary databases of risk.  A search of this magnitude – done manually – would take more than a year to complete.

Learn more about our edge-to-edge risk detection through Radiance OS-INT, Internet Intelligence (NET-INT) and our Human Intelligence (HUM-INT) mobile app, S4.

Try Radiance for free today.

Assessing Safety Protocols in Public Venues

Assessing Safety Protocols in Public Venues

As the summer draws to a close and students return to campus, schools across the country are incorporating active shooter response training into their procedures and protocols.  The drills are just one component of overall safety preparedness efforts, being undertaken at the state, federal and local levels.

STRONG Ohio Plan Includes Social Media Scans

While response trainings on school campuses have become an increasingly common practice, the focus is even more pronounced in light of the recent mass shooting attacks in Dayton and El Paso.

In response to the shootings in Ohio, Governor Mike DeWine unveiled his STRONG Ohio plan, designed to reduce gun violence. The state created a School Safety Center, which will review school emergency management plans and offer risk threat and safety assessments, consolidate school safety resources on saferschools.ohio.gov, promote the use of a tip line to anonymously report suspected threats and scan social media and websites to identify people suggesting acts of violence. 

Increased Arrests for Threatening Comments

Increased precautions aren’t just being taken at schools, and for good reason.  Following those tragic events, the FBI ordered a new threat assessment to thwart future mass attacks in the country.

Since that time, more than 25 people have been arrested for making threats to commit mass shootings – and that number does not include the three mall shooting scares in California over the weekend.

Public Venues Enhancing Security and Reviewing Response Plans

Sports venues like the Raven’s M&T Bank, and Camden Yard, home to the Orioles, announced enhanced security measures in August and retailers across the country are reviewing their safety procedures, which as Target noted in a public statement include team member training, partnerships with law enforcement and the use of technology.

Use of technology is not unique to private corporations.  Even before the recent shootings, the FBI issued a request for proposal for a social media early alerting to mitigate multifaceted threats. 

Tips for Personal Safety

The Department of Homeland Security offers tips for all of us to follow when we’re in public locations.

  • Be Prepared: Take notice of surroundings and identify potential emergency exits. Be aware of unusual behaviors and report suspicious activities to security or law enforcement.
  • Take Action: If an attack occurs, run to the nearest exit and conceal yourself while moving away from the dangerous activity. If you can’t exit to a secure area, protect yourself by seeking cover.
  • Assist and React: Call 9-1-1, remain alert and stay aware of the situation. Help with first aid when it is safe, and follow instructions once law enforcement arrives.

Part of your preparation can include downloading for free Lumina’s See Something Say Something app. It’s a crowd-sourced, mobile application that allows users to confidentially report concerns in real time.  

You can learn more about S4 and download it here. It’s one part of our comprehensive, AI-driven risk management platform, Radiance.

Why AI and Tech Can Help Predict the Next Mass Shooting

Why AI and Tech Can Help Predict the Next Mass Shooting

 After the tragic mass shootings in Texas and Ohio, President Trump called on social media companies and local, state and federal agencies to “develop tools that detect mass shooters before they strike.

The appeal mirrored those of the French and New Zealand prime ministers after the attacks in Christchurch, New Zealand and Negombo, Sri Lanka.  Both committed to ending the use of social media to promote terrorism. 

Radicalization and the Internet

The rationale behind these efforts was straightforward. Recent attacks around the globe demonstrate the role social media and the Internet can play in helping people become radicalized, research and plan for mass violence, and as was the case of Christchurch, incite extremism by distributing images from an attack.

Research confirms the concerns.  Between 2005 and 2016, social media played a role in the radicalization of nearly 70 percent of Islamist extremists and more than 40 percent of far-right extremists, according to a research brief by the National Consortium for the Study of Terrorism and Responses to Terrorism.  The study also found that more than 25 percent of Islamic extremists used social media to plan a domestic terror attack or travel to a foreign conflict zone.

Counter-Terrorism and the Internet

While the Internet has become a platform for extremists, it also provides opportunities to prevent and counter acts of terrorism.  A United Nations report on The Use of the Internet for Terrorist Purposes, found that a significant amount of knowledge about the activities of terrorist organizations can be found on the Internet, aiding in counter-terrorism efforts.  Importantly, the report went on to say that increasingly sophisticated technologies are helping proactively prevent, detect and deter terrorist activity involving use of the Internet.

 Enter the Critics

Despite these facts, critics point to what they say is technology’s inability to effectively monitor terrorist content online.  Some cite the limited resources and expertise in law enforcement to manage and respond to digital evidence in real time.  Others lament the
scale of data added to the Internet daily, and the associated challenges of detecting specific threats – the so-called needle in the haystack – in time to stop a planned attack.  

The arguments aren’t new. 

While tech companies highlight the power of artificial intelligence and machine learning to help detect threat, at a hearing on global terrorism this summer, one person testified before the House Intelligence and Counterterrorism Subcommittee that with AI “there is much more artificial than intelligent.”

 The Case for AI

The reasons behind mass shootings around the globe are multi-faceted, but not unsolvable. 

And, while we agree with the critics that existing social media listening technologies are not adequate, we know that our AI-driven
Radiance
platform is.

Radiance’s key differentiator is that it brings power of Open Source Intelligence (OS-INT), Internet Intelligence (NET-INT) and our See Something Say Something app (HUM-INT) for edge-to-edge risk detection. Radiance scours the web prioritizing current behaviors to predict future action.  

 We can find the needle in the haystack (quickly)

Our OS-INT component finds that needle in the haystack because it is continuously ingesting all open source data and filtering out all the “noise” with our proprietary behavioral affinity models (BAMs).  These filters measure the data against terms and phrases associated with violent extremism, lone wolf attacks and other threats to global security.

 It’s not what’s been posted. It’s what’s been read

What a person is reading on the Internet is exponentially more valuable in predicting future behavior than what they may post or react to online. NET-INT hunts the web, identifying, cataloguing and continuously monitoring IP addresses researching a full spectrum of risk-related content.

 A 360-degree view

Other risk reporting apps operate in a vacuum. Information is sent to the authorities without context or insight.  By integrating our See Something Say Something app with our OS-INT and NET-INT components, Radiance provides much clearer insights and more actionable intelligence to respond to the reported threat.

 

Give Radiance a Free Trial Today.

Waiting in Line at Airport Security This Summer?        AI Could Make Screening More Effective and Efficient.

Waiting in Line at Airport Security This Summer? AI Could Make Screening More Effective and Efficient.

With summer air travel expected to hit a new record between June 1 and August 31 this year, travelers should expect to see longer lines at security checkpoints.

To address these challenges, the Transportation Security Administration (TSA) is hiring an additional 2,000 employees and employing new technologies like automated screening lanes and computed tomography

360-degree Security View

As these changes move forward, implementing artificial intelligence and machine learning technologies can also help reduce wait times and increase the effectiveness of security screening.

In fact, experts suggest that AI and big data analytics can move the screening process from the current single point in time analysis to a 360-degree view of a person’s behavior over a broader time range by linking data sets to identify risky behavior even before a potential bad actor gets to the airport.

This thinking is in line with the recommendations from the White House’s 2018 National Strategy for Aviation Security (NSAS).  NSAS highlighted the importance of strengthening aviation domain awareness through integration of open-source data into existing air surveillance and law enforcement intelligence, collection and analysis of advanced and anticipatory information, and layered and risk-based security measures.

The International Air Transport Association is also working on a program to facilitate the exchange of critical security data.  According to the Director General and CEO Alexandre de Juniac, “This is similar to the way that our safety colleagues work with data to do predictive risk analysis. This tool will provide early detection of changes to security environments in different parts of the world, so we can effectively deal with emerging threats and the impacts of changes to security procedures.”

The Role of AI

AI-driven technologies, like Lumina’s Radiance platform are another facet to the solutions being implemented in the U.S. and globally.

Radiance has the ability to comprehensively mine unstructured data sources, whether across the open web, or among disparate, legacy data systems. It ingests, integrates and analyzes those data sets, searching against more than 6,500 terms related to aviation security.

The platform conducts nearly 135,000 searches across all publicly-available data on the web, correlating names with these associated risk behaviors and cross-referencing over 1 million queries into Lumina’s proprietary databases of risk. 

Then add to this open source search internal data sets such as passenger bookings and travel history – or in the case of insider-threats, employee-related data – and airline and airport security experts have an important tool to help predict and prevent threats.

Looking ahead

To be sure, integrating AI driven technologies like Radiance are not a thing of the far of future. Research shows that 66% of airlines and 79% of airports plan to implement these capabilities across a wide variety of use cases by 2021. In fact, AI in aviation was valued at $152 million in 2018 and expected to increase to $2.2 billion by 2025.  And, passengers are ready for these technologies to help expedite their time at  airport security and make their travel more seamless. An online poll of UK passengers found that 68 percent of respondents would welcome AI at airports, and another study found 65 percent would share additional personal information to speed up processing at the airport.

Learn more about Radiance’s capabilities for the airline industry here.

Modernizing the Security Clearance Process through Machine Learning and AI

Modernizing the Security Clearance Process through Machine Learning and AI

Late last month, President Donald Trump signed an Executive Order transferring responsibility for security clearance screening from the Office of Management and Budget to the Defense Department. 

The Administration had previously called the clearance process a target for government reform, noting in 2018 that “background investigations are critical to enabling national security missions and ensuring public trust in the workforce across the Government.”

The Administration’s efforts are part of an ongoing focus on reforming the clearance process, and reducing the existing backlog. 

That is because the current backlog peaked at 725,000 open investigations in 2018, with some Americans waiting more than 500 days just to start their first day at work.  As part of these efforts, the Federal Government hired 2,500 additional investigators in 2018 to address the backlog.


Re-thinking Security Clearance

In addition to the Executive Order, in February, Senator Mark Warner (D-VA), reintroduced The Modernizing the Trusted Workforce for the 21st Century Act (S.314).

The legislation calls for a major overhaul of the system.

It also sets targets to reduce the backlog to 200,000 by the end of 2020, and shorten the time required to issue a secret level clearance to 30 days or fewer and top secret level clearance to 90 days. 

The legislation also establishes the “clearance in person” or “one-clearance” concept. This would enable – within two weeks or fewer – clearances to follow employees who change agencies.

Similarly, the legislation calls for continuous evaluation. It would move from the existing periodic reviews, to dynamic and ongoing reviews in the future.

In many ways, these recommendations represent a complete re-thinking of the security clearance process.

As Senator Warner notes in his legislation, technologies will play a critical role in preventing, detecting and monitoring threats. He also notes the role data integration and analytics can play in expediting or focusing
re-investigations through delta reporting and continuous evaluation. 


An Antiquated System

As many security experts have pointed out, the current system is not only time consuming and slow, it is also out of sync with how people live today.  For example, as it currently works, a field investigator is assigned to confirm information from the applicant’s form, and to make sure that individual does not represent a threat to national security.

These determinations are based on the 13 adjudicative guideline criteria, which among others include, financial considerations, foreign preference and influence, alcohol consumption, and drug involvement.

To be sure, 50 years ago, interviews with neighbors, colleagues and other associates could help provide meaningful insights into our lives and habits.  But today, we share these very same insights publicly, willingly and knowingly across a variety of online platforms, making the Internet a useful, but largely untapped resource.


Challenges to Reform

In fact, according to Gary Reid, Director of Defense Intelligence patterns of life, including scans of public-facing social media could one day be considered.

A significant challenge is the volume of data on the web. 

With more than 2.5 quintillion bytes of data created on the Internet every day, searching for relevant content can be like looking for the proverbial needle in a haystack.


The role of AI and Machine Learning

One way to solve for this is through machine learning and AI capabilities – a super-charged web search, allowing for all that publicly available, open-source data to be searched for risk behaviors – in this case, associated with the 13 established adjudicative guidelines.

But rather than having to weed through thousands of pages of search results, these technologies can quickly synthesize the data and cull out high priority risks associated with guideline selectors. 

As a result, analysts receive the most critical data first, helping streamline their search process and gather the most relevant information.


Call it the Radiance Solution
              

Lumina’s AI-powered Radiance technology is specifically designed to overcome the challenges of massive unstructured data ingestion, evaluation, and prioritization. This provides a rapidly deployable, scalable and user-friendly solution for the security clearance process. 

The technology is comprised of three modules, for edge-to-edge risk detection.


Radiance Open Source Intelligence (OS-INT)

OS-INT is a deep-web listening tool that uses machine learning and artificial intelligence to assess and prioritize risk.  OS-INT scours publicly available data across the entire Internet, correlating names entered into the system with content related to its exclusive behavioral risk profiles (BRPS). It then cross-references that information with more than one million queries into Lumina’s proprietary databases of risk.  And, unlike social media monitoring, OS-INT is not reliant on a single platform or social media API, allowing for continuous ingestion of all open source data.

OS-INT’s security clearance bundle includes more than 16,220 terms related to the adjudicative guidelines. OS-INT performs nearly 325,000 searches across the entire web. It then correlates names with associated risk behaviors. Similar results would take an individual running a manual web query more than 18 years to read and analyze.

OS-INT completes searches in an average of 4-5 minutes, providing prioritized, high resolution, and actionable results. In addition, the system allows for continuous monitoring and evaluation, mapping previous results against results from more recent queries.

The configuration of BRPs only collects publicly available information, within the scope of the investigation. And, it does not use account creation or digital interaction with a person of interest. As a result, the collection of information adheres to Security Executive Agent Directive 5 guidelines.


Radiance Internet Intelligence (NET-INT)

NET-INT’s proprietary algorithms continuously identify, monitor, capture, and prioritize IP addresses exhibiting anomalous behavior across multiple risk dimensions.  In addition, its massive system of data ingestion has the capability to catalogue, index and redeploy Internet content related associated with the adjudicative guidelines.

The system captures an IP addresses’ pattern of life data, prioritizing anomalous behavior. NET-INT also screens IP addresses associated with an entity or person of interest against all IP addresses displaying anomalous behavior collected over the system’s lifespan. 

NET-INT’s continuous monitoring of a POI’s Internet research behavior then helps predict emergent behavior indicative of a violation of the guidelines.


Radiance Human Intelligence (HUM-INT)

HUM-INT is powered by the S4 app, a crowd-sourced, mobile application that allows users to confidentially report concerns in real time. The S4 app can be configured as a workplace tool, allowing employees to submit information related to potential risk behaviors exhibited by co-workers. A centralized management portal allows clients to access real-time threats to geo-fenced facility locations.


The Way Forward

As Washington continues its efforts to reduce the security backlog, and modernize the existing process, machine learning and artificial intelligence will play an important role.

Senator Warner recently said, “There is much more we can do to reform decades-old policies and processes to reflect today’s threat environment, adapt to the dynamic of a modern mobile workforce, and capitalize on opportunities offered by modern information technology.”