National Security and

Cyber Defense
with Big Data

Tomasz Przybyszewski
Big Data Solutions Lead – ECE Region

Sept| 2015

Tomasz Przybyszewski Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
 What is Big Data and why to use it
• Gart er s 3 V’s of big data …
 High Volume with an estimated 2.5 quintillion bytes of data created every day.
 Comes in a Variety of for ats…te t stri gs, i ages, e logs, do u e ts, u eri data et . a ross a
diversity of formats and sources.
 This is data in motion, constantly changing high Velocity the relevance of which can decay rapidly
 Digital data is diverse… which makes it difficult for most traditional technologies to enable capture,
storage & analysis

 2,500 exabytes of new

• New world requires a different approach: information in 2012 with digital
content as the primary driver

 Un-aggregated, lowest level data  Digital universe grew by 62%

last year to 800K petabytes and
ill gro to . zetta tes this
 Ad a ed a al ti s to e a le dis o er year

& enable complex queries

 Fast, real time processing capability

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

Big Data Analytics
Moving to the Next Generation of Analytics to Predictive Analytics

Current Intelligence Next Generation

Generation Big Data

Tomasz Przybyszewski Copyright © 2014 Oracle and/or its affiliates. All rights reserved.
Big Data for National Security

• Cyber Intelligence Better Low Level Data Analytics

• Social Media Intelligence =
Deeper, More Actionable Insights
• Miltary Defence
=
• Video Analytics More Informed Decisions

• Data fusion eg: External data with own data and stakeholder data
• Appl i g a risk ased i tellige e apa ilities to cope with the massive
Volume, Velocity and Variety of data

Copyright © 2014 Oracle and/or its affiliates. All rights reserved.

4th Generation Oracle Data Architecture for Big Data
APIs Data
Business Data Streaming Services
Data • Telematics
• Industry Services
• Internet of Things
Data • Sentiment
Streams

Social/Log Reports
Model First&
Data Data Platform Analytics Dashboards
Analytics

• Reporting-oriented
• Often enterprise wide
Enterprise in scope, cross LoB
Data • you know the
Reservoir Data Factory Warehouse questions to ask
Execution
Other Data
Innovation Sources Data First
Discovery Lab Discovery
Analytics

• Data Exploration
• Highly visual and/or
interactive
• you don’t know the
questions to ask

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. #StrataHadoop - Oracle Big Data Architecture
Integrated Oracle Systems for Big Data
APIs Data
Business Services
Data • Telematics
• Industry Services
• Internet of Things
Data Data Streaming • Sentiment
Streams

Social/Log Reports
Model First&
Data Data Platform Analytics Dashboards
Analytics

• Reporting-oriented
Search • Often enterprise wide
Enterprise in scope, cross LoB
Data • you know the
questions to ask
Execution
Other Data Transformation Script
Innovation Sources Data First
Discovery Lab Discovery
Analytics

• Data Exploration
• Highly visual and/or
interactive
• you don’t know the
questions to ask

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. #StrataHadoop - Oracle Big Data Architecture
1st area of
Big Data References

Cyber Defence Solution

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

 Big Data Cyber Intelligence – Israel Government
The Israel Government with Ministry of Defence and National Cyber Bureau
have national responsibility for all aspects of cyber security for meeting current
cyber threats and to develop capabilities to combat the next and future
generation of cyber threats

Business Drivers
• Cyber platform and tools for monitoring, organising and investigating current and next
generation cyber threats
• Open platform for monitoring and forensics
• Real time decision making and situational awareness for security and operational
professionals
• Investigate network behaviour and automate detection of threats using sophisticated
algorithms and predictive engines
 Cyber Solution Overview

Collection Discovery
Internal Network
Port Mirror
Security Officer

All incoming
and outgoing
Aggregation & Analysis data packets

Configurations, logs & ex. BigSearch

Data Discovery
resources

Oracle Big Data Transformation Script

Platform
9 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
2nd area of
Big Data References
*

National Security incl:

- Social Media Intelligence
- Miltary Defence
- Video Analytics

* Currently Implementing

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

 US Customs & Border Protection

Automated Targeting System (ATS)

 Rules based decision support system National Targeting Center
 Data sources: government and public
 Historical data and trends analysis
 Deployed for air, land and sea travel
 Massive volume of data
 Identify high risk targets
 Faster clearance for low risk traveler/cargo

11 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
1
 Allied Nation Intelligence Service
Oracle Spatial and Graph: Social Analysis
Objectives Benefits
 Profile suspects through telephone, email  Standards-based tools: W3C RDF & SPARQL
and social network communications  Semantic tagging for 600 TB / 10b triples graph
 Produce “data products” for analysts  Top-secret , compartmented security for data
Solution  New discovery on ~100 million triples / month
 Find & label “same-as” relationships
 RDF Graph modeling of the social network:
people, groups and places of interest
 Inferencing & graph analytics discover
relationships among individuals & meaning
of pseudonyms, aliases, codes, terminology

12 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 Italian Ministry of Interior
Predictive Analytics for Police

Department of Public Security

 Highlight those areas with

the highest crime risk.
 Decision taking support.
 Predictive Analysis solution
for location based Crime
Forecasting

13 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 Location Intelligence
South Yorkshire Police, England
Deployment vs Crime Analysis Deployment Planning Deployment Analysis

Visibility Crime Search POI Dangerous area prediction

• Database
• Data Mining
• Spatial
• MapViewer
• OBIEE

14 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 Guardia Civil – Spain
Customer Background
• Ministry of Interior and Defence Agency
• National Security management, coordination and supervision for the different security bodies
Challenges/Opportunities
• National security threats are one of the biggest concerns of
the ministry.
• Look for behavior patterns to anticipate and detect potential
threats
• Matching structured and non-structured information
• Flight details, passenger data, car plates,
• Internal notes & Social network information

15 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
1
 Intelligent Real Time Systems
Protecting Citizens

Discovering Protest Activities

 Background
– NATO Summit in Chicago, May 2012
– 7,000 Visiting Dignitaries
– 2,200 Journalists
– 10’s of thousands of protestor
– Thousands of Officers
 Solution
– Monitor Social Media to identify hot-spots
– Correlate with police deployment
– Initiate operational orders
– Retrospectively identify potential witnesses

16 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 New York State Police
• New York State Police (NYSP) is the primary law enforcement agency in New York State. The force is
comprise of 4,600 offices patrolling 54,500 square miles

Before After
 As part of the New York State Police Network system, NYSP  Using Big Data the NYSP built a search application which
has many intelligence repositories including missing persons, provides access to more then 8 years of audit history –
stolen vehicles, stolen plates, wanted persons, lost and 1.5B records.
stolen property
 Analysts can now fulfill requests using a familiar search
 For compliance reason audit records are created each time and navigation paradigm that is as easy to use as their
the system is queried. favorite website.
 Beyond ensuring compliance the audit repository contains a  Request turnaround in minutes not hours. Manual effort
wealth of information for investigators. reduced from multiple complex steps to a single simple
 Due to the volume of data and complexity of requests the process
normal turn around time for a request was 6-12+ hours and  Estimated annual cost reduction of several hundred
manually intensive.
thousand dollars in support

17 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 Big Data Case Study – Abu Dhabi Police
The General Directorate of Abu Dhabi Police operates with other agencies to achieve a safer
society. It seeks to preserve the stability, the reduction of crime and the removal of a sense of
fear, as well as contributing to the achievement of justice among the general public.

Business Drivers
• Highest quality, prompt and accurately responsive services to citizens; Technology
response was to leverage Social Media sources for data to create high value
analytics
• Improve UAE-wide security “Zero deaths on roads, Zero crime in streets”;
Technology response was to utilize camera feeds and other such sources and
process them using high performance, innovative Data Center environment
• Improve operational efficiency and control costs; Technology response was to
Transform Data Center and optimize performance

18 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 Other Police cases
Turkey Police: Dubai Police
 Improve performance and variety  Correlate data from a DWH and silos in
of their current security analysis multiple systems
 Enhance performence and flexibility of  Monitor social media channels, crawl
Hadoop systems to analyze all data from online sources including dark web
varied social media sources
 Create police data dictionary to store,
 Create and drive timely intelligent track and search indications of crime and
actions other threats in multiple languages
 ...  Provide a unified discovery interface
suitable for police analysts
 A foundation platform to store
unstructured data that is scalable and
easily connect to new data sources.

19 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 *

Summary

* Currently Implementing

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

 Oracle Big Data – National Security and Cyber Defence
Key Features

 Based on Big Data

 Open architecture and scalable platform

 Low cost enable flexible deployment and expansion

 Central distributed data management system

 Innovative analytical tools

 Open API for external systems and 3rd algorithms

21 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted
 We Look Forward To Working With You

NEXT STEPS

Live Demo RECOMMENDATION EXECUTIVE EXECUTIVE READ-

Meet with key stakeholders S / ROADMAP PROOF OF OUT
to present the Live Demo Prepare defined set of CONCEPT Present findings and
Oracle Big Data solution Select 1,2 use cases and recommendations to
recommendations to perform the tests key stakeholders
address priorities

22 Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Restricted Oracle Confidential – Internal
2