Garrison Security Enables Timely Access to Open-Source Intelligence

The importance of open-source intelligence has long been recognized. In 2004, Congress directed the establishment of an Open Source Intelligence Center.

In the years since, amateur and activist open-source intelligence collectors and analysts such as Bellingcat and the Syrian Human Rights Observatory have demonstrated the decisive impact that exploitation of open-source intelligence, or OSINT, even by nongovernment actors, can have on unconventional and hybrid conflicts.

Now, the war in Ukraine has provided indisputable proof that OSINT is central to military operations in a conventional conflict.

Brad Ahlskog, chief of the Defense Intelligence Agency’s Open Source Intelligence Integration Center, told the 2022 GEOINT Symposium in Denver that open source was playing an “outsized role” in the Ukraine conflict.

“Open source isn’t just an adjunct or an add-on anymore,” says Colin McKinty, North America general manager for Garrison. “Timely exploitation of open source intelligence can make the difference between victory or defeat on the near-peer battlefield.”

The ubiquity of smartphones means “we can all be intelligence collectors now, in a way. You’ve got millions of sensors in the open-source world streaming information—which is what we’re seeing in Ukraine,” McKinty adds.

Indeed, cellphone video, often collected by civilians and shared via social media, has provided evidence of Russian war crimes, or signs that their advance had stalled, for the whole world to see.

Imagery from commercial earth observation satellites, owned by the companies that operate them, has enabled their customers and—when released to the Internet—the public and policy makers, to follow the progress of the war in near-real time. Commercial data like that isn’t free, like it is on social media, but it’s still open source.

Technology companies have already recognized the opportunity presented by open-source intelligence and launched cloud-based data-as-a-service platforms that fuse OSINT from multiple social and news media sources alongside proprietary data feeds and curate it using artificial intelligence tools such as machine learning. The U.S. Army Cyber Command’s innovation hub, the Cyber Fusion Innovation Center, has issued a request for information, or RFI, calling on industry to explain the capabilities that data-as-a-service can offer.

The Most Dangerous Place in the Digital World

For the military, the problem is that most open-source intelligence is found in what McKinty calls “the most dangerous place in the digital world.” Accessing it in a timely manner from the classified networks where intelligence analysts do their most important work can be both perilous and difficult.

Traditional intelligence solutions involve importing datasets into classified systems. But such transfers aren’t always possible—there must be a viable, technical risk mitigation strategy.

And even when possible, they can be technically challenging, introducing delays, and removing the data from its native platform, meaning the analysts can’t manipulate or interact with it—or trust its integrity. As a simple example, when a Word document is imported into a secured network, any macros it contains are excluded, since they are too difficult to make safe.

When you transfer open-source data to the classified networks that the government calls the high side, “you lose the interactivity, you lose the timeliness,” McKinty says.
Beyond “Swivel Chair” Integration

Allowing analysts to access public networks such as the Internet historically has demanded a completely separate infrastructure and workflow—or required them to leave their classified workspace to access the Internet on their personal devices and then try to remember what they found when they return to their desks. But today there are commercial technologies that can allow analysts to actually connect to the Internet from their classified machines.

Data might still have to be imported en masse into classified networks to help train artificial intelligence/machine learning programs, but with Garrison’s technology, analysts can directly access it via its native platform, without compromising the security of the network or introducing additional risk.

“It’s all about the workflow,” says McKinty. “Data overload is a real problem for intelligence analysts. They need to be able to interact with multiple sources with a frictionless workflow.”

So-called “swivel chair integration,” where analysts must hop from high-side networks to unclassified ones, retyping or transferring via removable media what they find, just won’t cut it any more in an era where the volume of information is ballooning and the tempo of operations is escalating, meaning the value of information diminishes as it ages.

“Seconds count,” says McKinty. “Bringing multiple OSINT sources together on a single desktop, in real time, is essential to providing the necessary tempo for today’s operational environment.”

Real-time, interactive access to open source can make the vital difference on the battlefield, says David “Flash” Flanagan, Garrison’s vice president for secure consulting. “Minimizing the delay between getting the data and producing the effect [of any decisions based upon it] means shortening the kill chain. It is how you win.”

A Broader Circle of Partners

Modern military operations such as Ukraine also require working with a much wider range of partners. In supporting relief efforts and supplying the Ukrainian military, for instance, U.S. forces have had to coordinate, not just with the 30-member NATO alliance, but with “a whole bunch of other allies and partners for this current fight,” according to Brig. Gen. Chad D. Raduege, USAF, chief information officer of U.S. European Command.

“And the ability to track all of that aid, all of that hardware and software that is going into different places … requires information-sharing requirements at a protected military level,” Raduege said.

But that real-time information sharing is also a challenge, especially as some of the partner networks might not be fully trustworthy. Garrison’s technology solves the trust problem, and it also thereby solves the related problem of usability.

“When it comes to working with partner systems, there are two problems,” Flanagan notes. “One is not being able to trust the other network. The second is not knowing what apps and protocols the other network uses.”

Again, the solution is real-time access, says Flanagan. “If you can have on your classified system a dirty plug that can just be plugged into the [virtual desktop infrastructure, or] VDI of your partner, then you can just reach into their environment, use their data, their applications in their native space.”

Traditionally, transferring data into classified networks or accessing nonsecure sources from those networks has relied on software-based cross domain solutions, or CDSs. Unfortunately, software-based security can’t be guaranteed. “The battle for secure software, safe from attackers, has been fought and lost,” Flanagan says.

But Garrison’s next-generation CDS technology relies on hardware-based security, using components such as field programmable gate arrays, or FPGAs, with security logic implemented as non-Turing machines, to limit the possible behavior of its equipment. Non-Turing machines have a much more limited set of possible failure modes, as compared with the infinite possibilities of Turing-complete software. That limitation means these FPGA-based implementations cannot be exploited by an attacker in the way that software can.

“The integrity of our security enforcement function, because it is hardware based, cannot be changed by software,” says Garrison Co-founder and Chief Scientist Henry Harrison, meaning it’s not vulnerable to malware or other software-based attacks.

The Garrison Isolation Appliance has an ATO to operate on Defense Department networks through the U.S. Army Intelligence and
Security Command.

This is the first of three special editorials on open-source intelligence and CDS technology. Future articles will cover widening the intelligence funnel to access complex data and how access and transfer can work together.

For more information: https://www.garrison.com/en/cross-domain