August 12, 2016 By Phillip Britt 2 min read

National security forces’ intelligence analysts are increasingly utilizing advanced analytics to keep up with the growing number of threats against the U.S. This technology supports the human-led process of combining advanced analytics and intelligence analysis capabilities to recognize and take action against potential threats. These tools have proven to be invaluable when it comes to identifying homegrown and external threats to national security.

Huge Spike in National Security Threats

The number of information security incidents impacting the federal government has grown more than 1,100 percent since 2006, according to statistics from the Government Accountability Office reported by Network World

Additionally, the number of security incidents involving personally identifiable information reported by federal agencies has jumped from 10,481 in 2009 to 27,624 in 2014, an increase of more than 163 percent. Growth rates for both types of incidents show no signs of slowing.

NSA Leads the Way

Intelligence analysts must rely on a variety of techniques to detect and thwart potential threats. According to CIO, the National Security Agency (NSA) has turned to analytics to assist in this effort.

The agency currently uses behavioral analytics that seek out anomalous behavior. If a user typically accesses sensitive information from his U.S. office during standard business hours, for instance, analytics will flag his request to access the same data from an international network at 2 a.m.

The NSA also uses real-time forensic analysis of cybersecurity software and appliances, including logs and firewalls on network devices, and layered, redundant techniques that leverage different resources to deepen defenses. For example, different intelligence analysts may review the same data and reports because one analyst may detect a threat that the first analyst overlooks.

Predictive Analytics Sniff Out Insider Threats

Internal threats are a serious problem for many government agencies. Signal Magazine noted that internal actors are responsible for 43 percent of data losses following security breaches. However, advanced analytics can aid in the fight against insider threats.

For example, Signal Magazine explained that the U.S. Department of Defense (DoD) uses predictive analytics to help track real-time data streams and identify indications of insider threats. The department’s predictive analytics efforts coincide with another government effort, the National Insider Threat Task Force, which incorporates automated predictive analytics solutions into process for discovering and stopping government employees who could pose security threats.

Predictive analytics can produce risk profiles on employees based on a combination of work-related behavior, personal conduct and other current data. The system can then determine if an employee might pose a threat to the organization or to other people by tracking elements including marital or legal issues. This enables officials to respond accordingly before an incident occurs.

A Growing Industry

The growing number of cybersecurity threats is spurring increased government investment in analytics as agencies look to thwart attacks. The DoD will spend $7 billion on various cybersecurity technology in fiscal year 2017 and approximately $35 billion in the next five years, according to Defense Systems. As government agencies invest in more comprehensive analytics solutions, they will be able to provide better data for intelligence analysts, allowing them to recognize potential threats quickly and more effectively.

Register for IBM i2 Summit in Washington, D.C. to learn more on how innovative and advanced human-led intelligence analysis solutions can help us detect and counter threats faster.

More from Government

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

11 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign.X-Force tracks ITG05 as a…

NIST’s security transformation: How to keep up

4 min read - One thing that came out of the pandemic years was a stronger push toward an organization-wide digital transformation. Working remotely forced companies to integrate digital technologies, ranging from cloud computing services to AI/ML, across business operations to allow workers to keep up high production and efficiency standards. Now that businesses and consumers have adjusted to the new normal of digital transformation, it is time to develop a security transformation strategy. Coping with the speed of change A constantly evolving tech…

Cyber experts applaud the new White House cybersecurity plan

4 min read - First, there was a strategy. Now, there’s a plan. The Biden Administration recently released its plan for implementing the highly anticipated national cybersecurity strategy published in March. The new National Cybersecurity Strategy Implementation Plan (NCSIP) lays out specific deadlines and responsibilities for the White House’s vision for cybersecurity. The plan is being managed by the White House’s Office of the National Cyber Director (ONCD). Cybersecurity experts have applauded the Administration’s plan as well as the new implementation calendar. For example,…

How the FBI Fights Back Against Worldwide Cyberattacks

5 min read - In the worldwide battle against malicious cyberattacks, there is no organization more central to the fight than the Federal Bureau of Investigation (FBI). And recent years have proven that the bureau still has some surprises up its sleeve. In early May, the U.S. Department of Justice announced the conclusion of a U.S. government operation called MEDUSA. The operation disrupted a global peer-to-peer network of computers compromised by malware called Snake. Attributed to a unit of the Russian government Security Service,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today