Find and fix: The front-end of the kill chain

Blog

August 31, 2017

WARFARE EVOLUTION BLOG. I can speak to this topic with some level of experience. My old military intelligence unit, Army Security Agency (ASA) was the military arm of the National Security Agency (NSA). Our primary mission was to find, identify, fix, and track every significant military unit on the planet, including both our enemies and our allies. As Sun Tzu is credited with saying (or maybe it was Machiavelli, or Petrarch, or Michael Corleone): "Keep your friends close, and your enemies closer."

What we did with our training and primitive equipment back then compressed the kill chain down to days and hours. Today, those tasks are being done by very powerful computers and algorithms, and that change promises to speed-up the kill chain significantly. We covered the evolution of the kill chain in a previous article, so let’s work with the 5F model here: Find, Fix, Fire, Finish, Feedback. As you have seen, each of these sequential phases can be divided into more detailed operational elements. So, let’s break-down "find and fix".

Find and fix

There are many ways to find enemy targets, starting with HUMINT (human intelligence). Captured combatants and local informants can tell intelligence people a lot about the location and details of potential enemy targets, but that’s the domain of field intelligence and the Central Intelligence Agency (CIA) people. "Pocket lint," the things found on captured soldiers, can tell us many things too. Next is the IMINT (imaging intelligence) that we collect from unmanned aerial vehicles (UAVs), reconnaissance planes, and satellites (fine, medium, and coarse intelligence respectively).

The problem with IMINT is that we have thousands of hours of video, along with tons of still images, but not enough analysts to view it and report actionable findings in a timely fashion. By the end of this year, the Department of Defense's (DoD’s) Project Maven plans to implement 75 lines of Python code in our IMINT platforms, that can identify 38 classes of objects (like tanks, artillery, troops, missiles, convoys, etc) in Iraq and Afghanistan. Target identification will be accomplished in seconds without the efforts of human analysts. Additionally, IMINT systems capture the faces of people in the images. Analysts must look at those faces in the video and determine if they are known terrorists, enemy commanders, or other persons of interest, and that takes time. Additional work is occurring now on facial recognition software, that can positively identify known human targets without an analyst in the loop.

To read more Warfare Evolution Blogs by Ray Alderman, click here.

There’s a longer-term aspect to IMINT information: persistent surveillance, used to identify unusual lifestyle patterns and behaviors of certain people over time, that fit the profile of terrorist activity. This type of surveillance can also discover safe houses and improvised explosive device (IED) factories by counting the number of people, boxes, and vehicles that visit a specific location. But again, that takes many hours for human analysts to study the video and come to any conclusions.

Then, we have SIGINT (signals intelligence). RF intercept systems capture the signals from enemy radios and cell phones, recording the voice or digital traffic while fixing the location of the device. An interpreter must listen to the voice recordings, translate the conversations, and report any salient information. The problem, again, is that we have thousands of hours of intercepted voice and not enough interpreters fluent in the language of the enemy. Additional work on voice recognition and language interpretation software is ongoing in the intelligence community. But this is tricky work, considering that there are different dialects and regional accents associated with each language. Just look at the Chinese language for example: it has five basic dialectical groups, with more than 200 unique dialects. Interpreting an intercepted cellphone conversation can establish the identity of the caller and associate him with that phone too.

Identification is one of the sub-elements of the "find" function. In addition to recording the cellphone conversations, the phone number and SIM card data (for Global System for Mobile Communication (GSM) phones) are also collected by the RF intercept system. If a terrorist or an enemy soldier continually uses the same phone, we can identify him whenever he makes or receives a call. That’s why terrorists use many different phones or they swap-out SIM cards regularly. However, if we target all conversations in an area, and run the recordings through a voice-print algorithm, we can identify him and match him to his new phone in a matter of minutes.

Another method used in the "find" phase is analysis of social media accounts. Many terrorists and enemy combatants use this medium to communicate and share information. Furthermore, many civilians use social media to report strange events and activities in their area to friends and family, even before our intelligence people know about it. As you suspect, data-mining software applications are running against social media accounts today.

There’s intelligence gold in those social media accounts. For example, in July 2014, Malaysia Airlines flight 17 from Amsterdam to Kuala Lumpur broke up in flight and crashed in Eastern Ukraine, where Ukrainian nationalists and Russian separatists were fighting. For about a month, intelligence agencies didn’t know if the crash was an act of terrorism, an accident, or if the plane was shot down by soldiers in the conflict area. Russia denied that any of their people or weapons were involved. Then, intelligence analysts found pictures of the missile crew’s actions and involvement on a Russian blog on Facebook. Examination of the crash debris further confirmed that the plane was shot down by a Russian missile three months later. Afterwards, Air Force General David Goldfein went to a data analysis software company to review their capabilities. He asked a person to key-in "violent extremist activity in the last 48 hours" and search the topic on Twitter. In seconds, the software produced a map of recent terrorist activity that was more comprehensive and more timely than the intelligence reports sitting on his desk.

Once we have found and identified a target, we must "fix" it: establish the target’s location. That’s done in parallel with the "find" function in many instances. IMINT systems record the GPS coordinates of the images being collected. RF intercept systems DF (direction-find) the source of the signals and map the coordinates of the transmitter with azimuths. We do this on enemy radio transmitters, cellphones, radar systems, and anti-aircraft missile systems. If the target is moving then we must track it, so tracking is a sub-element of the "fix" function. Not only do we track the target’s changing location, we can also calculate its speed and direction. Enemy armies and terrorists must communicate over distances, whether they are stationary or mobile. The easiest way to communicate is with radios and public cellphone networks. When they do that, they enter the "find and fix" segments of our kill chain.

UBL (Usama bin Laden) knew about all this stuff, so he communicated only by courier. IMINT systems on a Predator UAV tracked a suspected terrorist to an interesting compound in Abbottabad, Pakistan one fine day. Persistent surveillance showed little activity there, except for the visitor who came and went regularly. When UBL walked around in the compound, he was always under a canopy because he knew if we could capture his image, he would enter the "fire" phase of our kill chain. Our IMINT and SIGINT systems started following the visitor, intercepting his communications, and imaging his activity. That courier’s movements, over time, verified that he was UBLs communication channel, and we know how that ended.

As you can see from this information, our IMINT and SIGINT systems collect data, send it to ground stations, and human analysts have to pour over reams of information for long periods of time. It took ten years after 9-11 for bin Laden to complete his journey through our kill chain. Consequently, we know that we must speed-up the process, especially the find and fix phases. In the next few years, we will integrate intelligence collection with intelligence analysis using high-speed computers and algorithms. We will automate the analysis processes in software and the analyst will actually be inside the weapon. If we can remove the human intelligence analysts from the kill chain, we can get to "fire" phase much faster than we can today.

As I said here before, in all military battles up through World War II, the enemy was easy to find but hard to kill. Starting with Vietnam and then the Gulf wars, the enemy was hard to find but easy to kill. In the future, we need to make our enemies easy to find and easy to kill. To do that, we must execute our complete kill chain in under ten minutes, as General Jumper proposed. And that requires that we must reduce the "find and fix" time to a couple of minutes or less. If you want to learn more about the evolution in the speed of war, read two military history books by Victor David Hanson: "Carnage and Culture" and "Ripples of Battle."

When we replace the human intelligence analysts in the kill chain, how do we process all the data? That’s where artificial intelligence (AI) enters the picture, the subject of our next episode. AI is very complex and technical, and the future implications are mildly disconcerting. So, I highly recommend that you take a few transcendental meditation classes, along with some Valium, before you read my next article.