August 12, 2016 By Phillip Britt 2 min read

National security forces’ intelligence analysts are increasingly utilizing advanced analytics to keep up with the growing number of threats against the U.S. This technology supports the human-led process of combining advanced analytics and intelligence analysis capabilities to recognize and take action against potential threats. These tools have proven to be invaluable when it comes to identifying homegrown and external threats to national security.

Huge Spike in National Security Threats

The number of information security incidents impacting the federal government has grown more than 1,100 percent since 2006, according to statistics from the Government Accountability Office reported by Network World

Additionally, the number of security incidents involving personally identifiable information reported by federal agencies has jumped from 10,481 in 2009 to 27,624 in 2014, an increase of more than 163 percent. Growth rates for both types of incidents show no signs of slowing.

NSA Leads the Way

Intelligence analysts must rely on a variety of techniques to detect and thwart potential threats. According to CIO, the National Security Agency (NSA) has turned to analytics to assist in this effort.

The agency currently uses behavioral analytics that seek out anomalous behavior. If a user typically accesses sensitive information from his U.S. office during standard business hours, for instance, analytics will flag his request to access the same data from an international network at 2 a.m.

The NSA also uses real-time forensic analysis of cybersecurity software and appliances, including logs and firewalls on network devices, and layered, redundant techniques that leverage different resources to deepen defenses. For example, different intelligence analysts may review the same data and reports because one analyst may detect a threat that the first analyst overlooks.

Predictive Analytics Sniff Out Insider Threats

Internal threats are a serious problem for many government agencies. Signal Magazine noted that internal actors are responsible for 43 percent of data losses following security breaches. However, advanced analytics can aid in the fight against insider threats.

For example, Signal Magazine explained that the U.S. Department of Defense (DoD) uses predictive analytics to help track real-time data streams and identify indications of insider threats. The department’s predictive analytics efforts coincide with another government effort, the National Insider Threat Task Force, which incorporates automated predictive analytics solutions into process for discovering and stopping government employees who could pose security threats.

Predictive analytics can produce risk profiles on employees based on a combination of work-related behavior, personal conduct and other current data. The system can then determine if an employee might pose a threat to the organization or to other people by tracking elements including marital or legal issues. This enables officials to respond accordingly before an incident occurs.

A Growing Industry

The growing number of cybersecurity threats is spurring increased government investment in analytics as agencies look to thwart attacks. The DoD will spend $7 billion on various cybersecurity technology in fiscal year 2017 and approximately $35 billion in the next five years, according to Defense Systems. As government agencies invest in more comprehensive analytics solutions, they will be able to provide better data for intelligence analysts, allowing them to recognize potential threats quickly and more effectively.

Register for IBM i2 Summit in Washington, D.C. to learn more on how innovative and advanced human-led intelligence analysis solutions can help us detect and counter threats faster.

More from Government

CIRCIA feedback update: Critical infrastructure providers weigh in on NPRM

3 min read - In 2022, the Cyber Incident for Reporting Critical Infrastructure Act (CIRCIA) went into effect. According to Secretary of Homeland Security Alejandro N. Mayorkas, "CIRCIA enhances our ability to spot trends, render assistance to victims of cyber incidents and quickly share information with other potential victims, driving cyber risk reduction across all critical infrastructure sectors."While the law itself is on the books, the reporting requirements for covered entities won't come into force until CISA completes its rulemaking process. As part of…

Important details about CIRCIA ransomware reporting

4 min read - In March 2022, the Biden Administration signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This landmark legislation tasks the Cybersecurity and Infrastructure Security Agency (CISA) to develop and implement regulations requiring covered entities to report covered cyber incidents and ransomware payments.The CIRCIA incident reports are meant to enable CISA to:Rapidly deploy resources and render assistance to victims suffering attacksAnalyze incoming reporting across sectors to spot trendsQuickly share information with network defenders to warn other…

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today