You are on page 1of 8

IBM Software Government

Business Analytics

Public Safety: From


“Sense and Respond” to
“Predict and Act”

Introduction
Contents: Today government agencies face greater challenges than ever before.
In addition to promoting public safety, combating crime and gang
1 Introduction
violence, agencies have the added burden of helping to guard against
2 Applications of predictive analytics terrorism and to control the outbreak of infectious diseases.

7 Other applications
To meet these challenges, agencies are trying a variety of approaches.
7 Conclusion Innovative information technologies are playing a key role in improving
your ability to anticipate events and act appropriately. Predictive analytics
8 About SPSS, an IBM Company
is one of those technologies.

Information analysis is the brain behind public safety. The goal of


intelligence activities is to uncover security threats in time to take action
against them. But the patterns that point to these threats are often hidden
in massive amounts of data. To meet this challenge, one form of
information analysis, predictive analytics, is particularly useful.

Predictive analytics solutions apply sophisticated statistical, data


exploration and machine-learning techniques to historical information in
order to help agencies uncover hidden patterns and trends – even in
large, complex datasets. Not only in huge tables of structured data but
also in vast amounts of textual data – including e-mail and chat room
interactions – that agencies must evaluate. By using predictive analytics,
you can anticipate what types of intervention will be needed, and where.
So you can plan, rather than react. And make the best use of available
resources.

In contrast to rules-based analysis and detection methods, predictive


analytics can identify relatively unusual behaviors, even those with subtle
differences that other methods often miss. Predictive analytics techniques
explore and learn from all dimensions of data, thus allowing analysts to
combine human knowledge, first-hand experience and intuition to guide
the application of analytical techniques. Because of predictive analytics’
ability to combine a wide variety of data dimensions, types and sources
on an ongoing basis, it is possible to quickly and reliably detect
inadvertent signatures from hackers, criminals or terrorists.
IBM Software Government
Business Analytics

Highlights
With predictive analytics, you can base daily operational decisions on
• Use predictive analytics to improve data-driven models that precisely describe current and developing
border security, law enforcement,
conditions. This enables you to:
intrusion threat detection, infectious
disease control, anti-money laundering
and terrorist financing detection. • Improve your prevention capability and control costs by deploying
personnel where they’re needed most
• Uncover hidden patterns and insights
from large amounts of structured and • Predict which types of events are most likely to escalate so you can
unstructured data. guard against this escalation
• Conduct new investigations more efficiently
• Employ predictive models to anticipate
threats, identify suspicious actors and • Discover patterns in your data that suggest areas for further
effectively allocate resources. investigation
• Explore security threats and study the people and organizations
• Create an automated process for
building models that analyze involved
location-specific data. • Deliver information to the field, where and when it’s needed

Applications of predictive analytics


Border security
Protection against threats often begins at border crossings, airports and
in harbors. Predicting which containers entering a port could contain
unwanted/dangerous materials or which passengers on an airline should
be investigated more thoroughly, or identifying suspect vehicles at land
crossings are key responsibilities for border protection agencies.

One large country implemented the following scenario with IBM SPSS
predictive analytics. The challenge at this country’s border crossings is
best described as follows:

“We cannot stop and search every car that crosses the border. However,
if we can accurately predict the risk level associated with each vehicle –
whether it may be carrying contraband, drugs, money, weapons or illegal
immigrants – we can make optimal use of our inspection staff, increase
our detection rates, better protect the country and its citizens and
improve the experience of innocent travelers by expediting their
crossing.”

At each border crossing, cameras record and recognize the registration


plate of every vehicle. Once this is read, directives are given on the
screens in the crossing control booth – telling the supervisors to either let
the vehicle pass or direct it to the secondary inspection area. If a vehicle is
selected for secondary inspection, information is sent to the PDA of the
inspector responsible; this shows the likelihood of each risk type (drugs,
weapons, etc.), providing the inspector with guidance on what to look for.

Vehicle selections, risk assessments and inspection outcomes are recorded


to enable ongoing reporting on inspection rates by risk type, hit rates,
false positive rates and the amount and value of seizures.

Models are then built from the outcomes of these historical inspections.
The data used is keyed by vehicle registration and would include vehicle
type (including dimensions, capacities, etc.); vehicle ownership (and

2
IBM Software Government
Business Analytics

hence any available information on the owner or driver); and the vehicle’s
history of border crossings at this or other checkpoints. Other factors
giving information about the crossing would also be incorporated – for
example the day of the week, time of day and prevailing weather
conditions.

One model is created for each type of risk. In order to turn these
individual models’ scores into actions, they will be combined with rules
representing the best human knowledge on border risk assessment. Some
of these rules will help govern how “tightly” vehicles are selected for
inspection (i.e., what risk scores trigger a secondary inspection) and may
be varied by pre-defined knowledge of peak traffic times, or manually
adjusted in response to abnormally heavy traffic in order to avoid
creating a backlog of secondary inspections.

The agency controls approximately 300 crossings, and while many will
show similar patterns of violation, each will have its own individual
profile of what risks are likely to occur and which violations will be
attempted in which ways. Ideally, each crossing point should have its own
model for each risk type, built from local data. Creating and managing
this number of models manually would be labor-intensive, expensive and
impractical. If, however, analytical experts create an automated process
for building and applying the models, it can be efficiently applied to local
data for each crossing, ensuring a “best fit” that embodies national best
practices.

Law enforcement
In law enforcement, trends in suspicious or criminal behavior can be
identified using a variety of information, including aggregated or
incident-level data. For example, a crime analyst might use predictive
analytics to:

• Identify areas typically frequented by violent criminals


• Match trends in regional or national gang activity with local incidents
• Profile crimes to identify similarities and match the crimes to known
offenders
• Identify the circumstances (e.g., city events, weather patterns, holidays)
most likely to trigger violent crime for the purpose of predicting when
and where these crimes may occur in the future.

Law enforcement agencies rely on data from diverse sources and


applications. For this reason, predictive analytics solutions with an
open architecture are particularly valuable: They produce results quickly
from existing data. And the true benefit of predictive analytics is realized
when predictive models and analyses are delivered to front-line users –
officers on patrol, detectives on a case and their commanders.

Front-line personnel don’t need to understand the technology to benefit


from the results of predictive analytics. From a browser, they can access
predictive information in a form that’s easy to understand and use.

3
IBM Software Government
Business Analytics

IBM has hundreds of customers worldwide among local, regional and


national law enforcement agencies, court systems, correctional
institutions and parole boards. They use IBM SPSS software for a range
of purposes, including:

• Analyzing historical information to better forecast crime trends


• Forecasting correctional facility needs based on trends in crime rates
• Evaluating the success of rehabilitative programs
• Choosing emergency command center sites based on the frequency
and location of incidents
• Analyzing (digital) forensic evidence
• Identifying criminal and terrorist networks from surveillance,
communication and Internet data
• Profiling crimes, criminals and crime scenes
• Predicting effectiveness of resource deployment
• Rapidly identifying patterns in high profile case data

Intrusion threat detection


The cost associated with an attack by a “bad actor” gaining access to
privileged (insider) information will often have a great and prolonged
impact, including violation of confidentiality, undermining of intelligence
integrity, adverse influence on government policy, the revelation of
sources and methods, and the compromise of field operations.

Internal threats
Insider electronic crimes tend to be particularly difficult to detect since
the perpetrator often has a legitimate reason to be accessing, modifying
and manipulating critical and/or sensitive data. Despite these challenges,
most organizations have a substantial amount of data that can be used to
characterize and potentially mitigate an attack by a malicious insider.
This data may include information such as demographics, performance
reviews, past and current project assignments, internal and external
electronic communications and file usage logs.

If a company or agency is concerned about insider access to sensitive


data, the company will often use a set of hard-coded rules to identify
potentially anomalous behavior. For example, a person who normally
works with records from human resources might be flagged for audit if
he makes multiple attempts to access files with sensitive data from the
engineering department. Potentially malicious activity is often much
more subtle and difficult to detect, however.

One method of insider threat detection through predictive analytics


works by taking known cases of malicious behavior and characterizing
the difference between these and known “normal” cases. While this
approach is ideal, in that predictive algorithms can quickly and easily
learn to recognize past behavior, there are inherent difficulties in using
this approach alone. Malicious insider activity is typically a very rare
event. The historical data available to model future behavior often lacks
sufficient cases to accurately predict cases that are similar but not exactly
the same as previous cases of known malicious activity.

4
IBM Software Government
Business Analytics

When dealing with insider threat or fraud detection, a “bad actor” may
have normal patterns of behavior that are dynamic and complex. In these
situations, the crime can be very difficult to detect because that person’s
behavior may continue to appear legitimate, with only subtle changes
over time. As a result, it is important not only to determine what behavior
people are exhibiting, but also whose behavior differs from or has
recently changed from that of their peer group.

IBM SPSS technology provides several automated methods for anomaly


detection. This is particularly useful for intelligence work because the
process can be automated, allowing analysts to comb through millions
of records to find outliers or abnormalities.

Often the best approach to insider risk assessment combines methods


that are ideally tuned to the specific goals of the agency as well as to the
available data. It is important to first determine the goals and potential
issues of the analysis results. In assessing and mitigating the potential
threat of an insider attack, these goals may include:

• Determining a prediction, confidence level and propensity score of


the risk of an insider attack
• Calculating the predicted cost or impact of the information breach
• Identifying the length and scope an attack in cases where the loss or
cost of information is invaluable
• Prioritizing audits of detected anomalies or threats with regard to the
level of risk and resources available to conduct the investigation

External threats
The same techniques that are applied to analysis of insider threats are
often useful for analysis of external threats. The primary difference
between insider and external threat analysis is data availability. Attacks
coming from external sources rarely provide the type of demographic
data available for insider threat analysis. Data fields, such as age, group
affiliation, location and historical behavior patterns that can be attributed
to an individual or group are much more difficult to obtain when
analyzing external threats.

When external threats do not provide sufficient information about the


individual or group responsible for an attack or a potential attack, the use
of Social Network Analysis (SNA) techniques can help investigators
better assess the risk of a particular external threat by making associations
to other known individuals, groups or prior attack attempts.

Infectious disease control


To ensure health protection for their citizens, a national government
agency uses IBM SPSS Data Collection and predictive analytics software
to analyze the source and spread of infectious diseases, and to prepare for
and respond to urgent public health threats. When an infectious disease
outbreak strikes, it is imperative that the agency gathers public health
information quickly, regardless of where it occurs or its cause. To better
understand these outbreaks and respond more effectively, the agency
streamlines feedback in a highly secure and controlled environment.

5
IBM Software Government
Business Analytics

The agency can capture immediate feedback from citizens on critical


public health information, regardless of geography or language, through
a diverse array of channels including telephone, in-person interviews and
online surveys – to better understand the disease and devise the most
appropriate response. These insights increase its understanding of major
public health problems, helping to reduce the morbidity and mortality of
citizens exposed to infectious diseases

After an outbreak of pneumonia at a college in 2007, the agency rapidly


created a questionnaire that was e-mailed to all students to gather a quick
and detailed response on past behaviors, actions and possible exposures
with the objective of identifying potential undetected cases. The
information collected was used to characterize the illness and identify
risk factors for the disease. As a result, the agency was able to swiftly
identify the etiology of the pneumonia outbreak, inform all students of
the situation and provide information on prevention to help stop the
further spread of the pneumonia.

The organization also uses the software to assess medical needs of


specific populations during natural disasters. During several major
disasters, the agency determined what medical items, including
medications and equipment, were needed by victims.

Anti-money laundering and terrorist financing


In the fight against organized crime, human trafficking and terrorism,
the identification of suspicious financial transactions is a major focus of
investigative agencies. “Follow the money” is an old adage that still holds
true today.

Predictive analytics solutions offer the sophisticated pattern recognition,


anomaly detection and risk analysis capabilities required to detect
attempted money laundering successfully. These solutions also help
detect terrorist financing.

With those solutions investigators can:

• Build profiles of past account activity


• Create peer groups of similar accounts
• Identify when activities suspiciously deviate from such profiles or peer
groups
• Limit “false positives” by using risk-based weighting techniques
• Pinpoint suspicious activity and take prompt and appropriate action

A large commercial bank uses IBM SPSS predictive analytics software


to monitor the transactional patterns of its customers. The bank is
committed to preventing money laundering activities in its organization.
Employing IBM SPSS technology, the bank reduced the number of
transactions that required auditing by more than 90 percent. The bank
increased accuracy in identifying positive cases of money laundering,
helping investigators to easily adapt models to the changing tactics of
those engaged in this criminal activity.

6
IBM Software Government
Business Analytics

The bank improved the efficiency of its auditing process, increasing


the number of investigations in which authorities were alerted from
less than 25 percent to more than 60 percent. The bank also slashed
the administrative costs of the investigations of suspicious operations
by 60 percent.

Other applications
Some other applications of IBM SPSS predictive analytics in public
safety include:

• Monitoring Internet sites to detect and track terrorist recruiters


• Predict maintenance requirements for essential assets to assure high
availability
• Improve retention and recruitment of critical human resources

Conclusion
People rely on your department or agency to look out for their health
and safety. To do this effectively, you must use your staff and other
resources as efficiently as possible. Having accurate information about
past and current conditions is essential. Employing predictive insight
gives you even greater control, enabling your agency to deploy the right
resources to the right place at the right time.

Protecting a nation’s safety is a complex and demanding task, typically


requiring the coordinated efforts of many agencies. The sooner your
agency can obtain reliable information, the sooner you can make plans
– and take appropriate action. Whether you’re charged with interpreting
intelligence data, identifying insider threats, guarding against network or
physical infrastructure intrusion, protecting border security, or
monitoring other types of suspicious or threatening activity, IBM SPSS
solutions can help you better protect the people who count on you by
transforming your capabilities from “sense and respond” to “predict and
act.”

7
About SPSS, an IBM Company
SPSS, an IBM Company, is a leading global provider of predictive
analytics software and solutions. The company’s complete portfolio of
products - data collection, statistics, modeling and deployment - captures
people’s attitudes and opinions, predicts outcomes of future customer
interactions, and then acts on these insights by embedding analytics into
business processes. IBM SPSS solutions address interconnected business
objectives across an entire organization by focusing on the convergence
of analytics, IT architecture and business process. Commercial,
government and academic customers worldwide rely on IBM SPSS
technology as a competitive advantage in attracting, retaining and
growing customers, while reducing fraud and mitigating risk. SPSS was
acquired by IBM in October 2009. For further information, or to reach a
representative, visit www.spss.com.

© Copyright IBM Corporation 2010

SPSS Inc., an IBM Company Headquarters,


233 S. Wacker Drive, 11th floor
Chicago, Illinois 60606

SPSS is a registered trademark and the other SPSS products named are
trademarks of SPSS Inc., an IBM Company. © 2010 SPSS Inc., an IBM Company.
All Rights Reserved.

IBM and the IBM logo are trademarks of International Business Machines
Corporation in the United States, other countries or both. For a complete list of IBM
trademarks, see www.ibm.com/legal/copytrade.shtml.

Other company, product and service names may be trademarks or service marks of
others.

References in this publication to IBM products or services do not imply that IBM
intends to make them available in all countries in which IBM operates.

Any reference in this information to non-IBM Web sites are provided for convenience
only and do not in any manner serve as an endorsement of those Web sites. The
materials at those Web sites are not part of the materials for this IBM product and use
of those Web sites is at your own risk.

Please Recycle

YTW03024GBEN-00

You might also like