After the attempt on Christmas Day to destroy an airplane on its way from Yemen to Detroit, President Obama said; "There was a mix of human and systemic failures that contributed to this potential catastrophic breach of security. We had the intelligence information, but failed to connect-the-dots." Even the Declassified Review into Flight 253 says; "the problem was a failure to 'connect the dots' rather than a lack of information sharing." This "connect-the-dots" statement resonates well with me since "connecting-the-dots" is exactly what Enterprise Mashups do. To understand this, let's dig into the facts a bit.
The 23-year-old Nigerian who attempted the attack, Umar Farouk Abdulmutallab, was in TIDE, the Terrorist Identities Datamart Environment owned by the National Counterterrorism Center in McLean, VA. The database stores information about hundreds of thousands of individuals who may be a threat to the United States. The FBI Terror Screening Unit goes through the TIDE database and identifies those who are the real threat and places them in their Terrorism Screening Data Base, which contains about 400,000 individuals. Then the FBI passes these names to TSA, who maintains its own "no-fly" list of about 14,000 people. Because the FBI did not deem Abdulmutallab a real threat, he never made it to TSA's "no-fly" list.
There's a few ways to look at this problem. One way is to say the FBI failed in their analysis by not putting Abdulmutallab on the list. But, I believe the real problem is how the data was shared or, in this case, not shared. This common practice of copying data and sending it to others and calling it 'sharing' is really problematic for many reasons:
• Disconnected Data: Getting a copy of data means the data is disconnected from the original source and more importantly may not contain all the information needed. So it is 'stale' and possibly incomplete. Seems like something as important as Terrorist watch lists should be real-time, not 'copy and send.'
In the Government, there is a notion of trusted data coming from a 'trusted source', also called the 'authoritative source.' Not only do you trust the source, but you trust you're looking at the exact same data they are. When you copy data you have trusted data, but no authority other than yourself. The fact that the data has been copied now puts the burden on the recipient to ensure it has not been tampered with.
• False Sense of Context: Of course TSA analysts want to know why someone got on the "no fly" list. There would be no way for TSA to put their context around an individual who purchased a ticket in cash and has no luggage with the fact that his father reported him to the US Embassy in Nigeria. Context really makes a difference here. Consider this statement from the official government assessment: "A failure of intelligence analysis, whereby the CT community failed before December 25 to identify, correlate and fuse into a coherent story all the discrete pieces of intelligence held by the US Government related to an emerging terrorist plot again the US..." Substitute "coherent story" with "context" and you'll see what I mean.
So how do Enterprise Mashups help fix a problem like this? EMPs stop the copying/sharing and make the authoritative source available with the proper security and governance. A good Enterprise Mashup Platform (EMP) can ensure that only the users with the proper credentials gain access to the full or limited set of information. EMP's can provide this sort of "secure veneer" that connects directly to the same source, but constrains, or limits the data based on the user's credentials and policies. If this was done to the TIDE database, TSA analysts would have been able to see Abdulmutallab's information and "connect-the-dots" with real-time information such as all cash ticket purchase and no baggage.
When data is everywhere and the fusing and correlating must be done by a knowledge worker (aka analyst) you need to give the analyst the tools and time to analyze the data. EMP's are built to support real-time "connect-the-dots" analysis and are especially good at connecting the dots when the dots are all over the place.
EMP's dramatically reduce the time and effort required to gather the data and connect it together and they can do it in a way that is as safe as any person (or government) would require. Maybe the next time President Obama will replace "connect-the-dots" with "mashing the dots."
I absolutely agree with John, that the knowledge worker, in this case the TSA analyst, need tools to put their ideas into immediate action.
I am confident that TSA got a lot of very smart analyst that already had thought about the scenario that John is describing here, but they could not put it together. Barriers like missing data access, nobody to build the application, etc, are difficult to overcome.
A Enterprise Mashup Plaforms is not the entire solution. No mashup is better than the data behind it, and in this example it would have been critical to have access to the TIDE as well as information about ticketing and baggage check-in information.
Only with access to these data sources will the EMP allow the analyst to move idea to action, to assemble the data sources, analyze them and create alerts and action.
One way to do data access is using Web Data Services (WDS). WDS can leverage the fact that a lot of relevant data is today accessible from a web browser, said in other words, if the analyst can "see" the data in their web browser they can quickly connect them into their mashup.
EMP + Data Access = fast time from idea to action
This is the key to analyst and front-office efficiency in the future.
Great blog John
THanks for this really good article, you've made some really valid points so thanks for sharing.
flower canvas art