By: E. R. “Mike” Anders, M.A., CCIP, CCII, CEH, C|HFI
Activity-Based Intelligence (ABI) is an analytic methodology—tested by fire and war—in Iraq and Afghanistan.
Faced with the challenge of detecting, tracking and countering violent insurgent threats, particularly improvised explosive device (IED) networks and terrorist cells, intelligence analysts developed a “multi-INT” approach to the collection, processing, analysis, and dissemination of “actionable” intelligence (Long, 2013). Under the most trying of battlefield conditions, the foundations for ABI were laid. Threats from nation-state actors, and non-state actors, in the close context of the cyber arena, were also addressed (Riley, 2015). Technical advances in data processing and analysis has further added to the development of ABI techniques, practices, and recognized tradecraft.
The art and science of ABI is deeply involved in collecting data about transactions and correlating data to human behaviors and activity. ABI is concerned about transactions and activities involving an entity—including a person or an electronic device—, a population, or even some particular area of interest (Phillips, 2012). Activities can range from face-to-face meetings between individuals to the installation of malicious software on a victim’s computer. ABI is a “natural” fit for understanding diverse, complex threats, and malicious activity of covert cell-based organizations. Consequently, ABI tradecraft is well suited to countering the similar and growing cyber threat against computer networks, and systems.
ABI and Cyber is about human action and human interaction with the machine. According to ABI practitioners like Melanie Corcoran, with Analytic Fusions, “At the heart of it is behavior and intent. And also, having the ability to bring all the data in and make it relatable.” The core concept is built upon “The Four Pillars” of ABI (Meyer, 2015).
Becoming comfortable with “The Four Pillars” of ABI can take some getting used to by intelligence analysts and non-intelligence analysts alike, who may be more familiar with traditional analytical methodologies. A better way might be to think organically instead of architecturally.
ABI emphasis on geo-spatial, and temporal analysis may be troubling, perhaps not so much for the general analyst, but more so for the cyber analyst. Understanding Data Neutrality (one of the “Four Pillars”) can be a challenge to some steeped in the sensitive and secretive nature of government data classification requirements. Sequence Neutrality often must be accepted before an individual recognizes the full benefit. And lastly, Integration Before Exploitation can best be grasped by those in the trenches who are closest to the action and to the rapidly changing operational campaigns of persistent cyber threats and well-funded nation-state adversaries.
Clearly, ABI, and how it applies specifically to counter cyber security threats, is beginning to emerge from the shadows with the help of technical research and development—but slowly. Analytical tools like “Artemis” by Dark Data Services—still in development, but tested—are crawling the depths of the so-called “Dark Web” to accelerate the emergence (Amores, 2016). Other advances in super-computing to support “Big Data” analytics are additional drivers. How much, when, and to what extent ABI and cyber continue to converge remains a tantalizing vision of innovation and creativity on the far horizon.
What are your experiences with ABI and Cyber? Let us know on Twitter using @cyberintelblog and #cyberintel .
To contact the author or submit comments please email firstname.lastname@example.org
Amores, R. (2016). Artemis and the “Dark Web”. (M. Anders, Interviewer)
Corcoran, M. (2016). ABI and Cyber. (M. Anders, Interviewer)
Long, L. A. (2013). ABI: Activity Based Intelligence: Understanding the Unknown. Retrieved from The Intelligencer: Journal of U.S. Intelligence Studies: http://www.afio.com/publications/LONG_Tish_in_AFIO_INTEL
Meyer, S. (2015, August 21). Activity Based Intelligence (ABI), Human Domain Analytics. Retrieved from LinkedIn: Pulse: https://www.linkedin.com/pulse/international-awareness-seek-out-professionals-sam-meyer
Military Operations Research Society (MORS). (2016, January 26). Operations Research Methods for Activity Based Intelligence (ABI). Retrieved from A MORS Workshop: http://www.mors.org/Portals/23/Docs/Events/2016/ABI/2016-01-20%20MORS%20ABI%20Workshop%20Terms%20of%20Reference
Phillips, M. (2012). A Brief Overview of Activity Based Intelligence and Human Domain Analytics. Retrieved from Trajectory: http://www.trajectorymagazine.com/civil/item/1369-human-domain-analytics.html
Riley, S. (2015, February 11). Insights to Modern Cyber Threat Intelligence. Retrieved February 12, 2015, from
About the Author: Mike Anders is a Certified Cyber Intelligence Professional with an Intelligence/Counterintelligence skill-set developed over 30+ years. Mr. Anders is a member of INSA’s Cyber Intelligence Sub-Council
About INSA: INSA is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions.
About the INSA Cyber Intelligence Sub-Council: The INSA Cyber Intelligence Sub-Council was created to set the landscape for cyber intelligence by discussing why cyber intelligence is necessary and providing thoughts on how to develop this function in the cyber domain.