OCIANA®: Facilitating Information at the Speed of Relevance: The Role of Cloud Computing and Open Source Intelligence in Maritime Domain Awareness

Whitepaper
August 6, 2024

The contemporary security environment requires assimilation of vast amounts of data in order to maximize outcomes and the volume of data necessitates an increasing role for digitization and automation in the decision-making cycle.  Data is increasingly becoming the currency of the realm, both for civilian and military applications, but users who continue with old paradigms about security and control will literally “miss the boat” in terms of leveraging Artificial Intelligence (AI) to make decisions in a timely fashion.  Ultimately decision-makers need to be able “to make better informed decisions at the speed of relevance,”[1]  which often means increasing use of verified but unclassified sources.

Historically, the cost of space-based sensors meant that tools like satellite imagery or advanced communications intercepts could only be afforded by the most advanced actors. These sensors were almost always operated at the highest levels of security classification due to the underlying technology behind them. Dramatic reductions in infrastructure costs have been coupled with gains in processing speeds, the ubiquity of networks and the ease with which human beings can communicate with one another. Private citizens now have open access to information and data flows that were formerly only the purview of national level governments.

In a world where most data is in the public domain, many national security practitioners cling to outdated notions of security and control. In doing so, they undermine both. To achieve a decision advantage over your competitor one must not only get the right information to the right person; it must also be done in-time. Over classification of information can restrict data flows or actually prevent the processing necessary to derive actionable intelligence. In a world where data is a commodity, speed and accuracy are more highly prized than 100% security, because information often becomes stale quickly.

GSTS, through its proprietary AI powered platform, OCIANA®, defaults to operating in an UNCLAS environment to ensure the speed of relevance; the platform can do so securely while maintaining the ability to export sensitive outputs to CLASSIFIED systems should the need arise. 

OCIANA® tracks vessels via AIS (Automated Information System), detects ships automatically in satellite imagery, and even has the capability to find ships that have gone AIS and radar silent by fusing multiple data sources, including satellite based commercial Radio Frequency intercepts.  Until recently, these capabilities and methods were highly classified and remained the purview of select security and intelligence agencies. In the past, the power and the sensitivity of these capabilities often meant that even talking about them occurred at the TOP SECRET or higher level.  Today, the same sort of capability can be utilized by anyone with a credit card and internet connection.

The question then arises, just what exactly needs to be kept secret any more in the modern era of Maritime Domain Awareness (MDA)? If the baseline data (AIS) is readily available to everybody, what data is left to hide? GSTS contends that when you combine certain data elements together, you may derive sensitive information to which some clients might want to limit access. But there are means of securing this data, and it should become classified only if the proper statutory thresholds are met. The common threshold amongst the FIVE EYES intelligence community for classification is when “unauthorized disclosure could reasonably be expected to cause injury to the national interest.”[2] This is a substantially high bar. Most commercially available data and Open Source Intelligence (OSINT) falls well below this threshold.

Most countries’ Classified networks contain substantial amounts of UNCLASSIFIED information because without it, users would not have the context to make sense of the Classified sources contained within.  GSTS uses many of the same commercial service providers for satellite imagery and remote sensing and baseline maps used by many Western governments as the building blocks for its Classified maritime situational awareness tools.  Despite this common data heritage, Classified networks, by necessity, remain highly restricted and do not have access to the volumes of information and inputs necessary to allow AI enabled technologies like OCIANA® to function to their full potential.   Fortunately, OCIANA® can automatically forward sensitive machine learning (ML) outputs to a Classified environment via an API (Application Programming Interface) and secure data transfer can be achieved through a combination of encrypted communications and DIODES[3]These methods allow for either safe storage or the follow-on use of OCIANA® derived INTELLIGENCE by programs and systems within a Classified network.

OCIANA® leverages the power of the cloud by doing as much processing as possible in an UNCLASSIFIED but SECURE environment. Just because data is on a “Classified” network does not always mean it is secure.  Procedural failures such as poor password management, an improper “patch” installation (especially on legacy systems) or the actions of malevolent actors (as evidenced by the Delisle affair[4]can all lead to compromise.  The key to security is to implement as many procedural and technological safeguards as possible as warranted by the sensitivity of the data.

At the core of OCIANA’s security is the AWS (Amazon Web Services) Cloud and its Data Security Framework.  First and foremost, physical security is ensured by the location of data centres.  All GSTS services are hosted on servers located with only vetted AWS having access to both the premises and the network.

Network security is ensured by dedicated AWS staff that monitor all activity within the AWS Cloud and allow for economies of scale that individual enterprises could not hope to achieve on their own.  By sharing the burden of Cyber-security, all AWS clients get a higher level of service.  Within AWS, OCIANA’s databases are isolated within a Virtual Private Cloud (VPC), preventing unauthorized access, and database passwords are regularly rotated to fend off potential breaches.  This same feature also allows for isolation of each client’s user and other sensitive data from that of other clients, which ensures both security and confidentiality.  An additional layer of protection is offered by “encryption at rest” for all GSTS databases within its VPC.  In terms of external threats, network security is reinforced through AWS enthusiastic embrace of the principle of least privilege: users are granted only the minimum level access to the platform and the underlying data necessary to perform their tasks.  Combined with Identity & Access Management (IAM) protocols, GSTS personnel access AWS resources with minimal permissions necessary in their roles, reducing the risk of internal threats.

OCIANA® also benefits from continuous security practices including vulnerability scanning before and after deployment and scanning of the AWS environment to identify and rectify security risks or misconfigurations promptly. Simply, leveraging cloud-based services means utilizing a network that is more adaptable, regularly updated, and rigorously monitored against threats, providing a secure foundation that traditional on-premise solutions struggle to match. This comprehensive security strategy ensures that user data is not only protected through advanced encryption and strict access controls but is also continuously monitored and assessed for vulnerabilities, offering peace of mind to all OCIANA® users.

Many of the principles and methods listed above are the basis of ZERO-TRUST and Data Centric Security (DCS), the foundational concepts underpinning the US military’s use of Classified Clouds to facilitate CJADC2[5], the ability to conduct Command & Control (C2) across all combat domains.[6] Therefore, although not operated in a Classified environment, OCIANA® is highly secure.  National security users can rely on it to provide a comprehensive Maritime Picture and provide insights that might not be possible on SECRET or TOP SECRET systems.  The wealth of data sources available through commercial sources or on the open internet might not be compatible with Classified networks, or the cost of importing or replicating them within might be cost prohibitive. But by processing as much data as possible in a secure, unclassified environment, OCIANA® can provide MDA at the speed of relevance, while still supporting Classified systems with secure derived Intelligence.

References

[1] Terri Pavelvic, “Operational Decisions at the Speed of Relevance” Vanguard 22 January 2023  Operational Decisions at the Speed of Relevance – Vanguard (vanguardcanada.com)

[3] In computer network security, a diode is a device or component used to ensure unidirectional data flow between two network segments while preventing any data leakage or unauthorized access from one segment to the other. The term “diode” in this context is derived from its analogy with electrical diodes, which allow current to flow in only one direction.

[4] Jeffrey Delisle is a former Canadian Naval Intelligence Officer convicted of spying for Russia’s military intelligence agency, the GRU, in October 2012.  Full details of his activities can be found at: Karen Blaze Carlson  Jeffrey Paul Delisle: Decoding the case of an alleged Canadian spy | National Post 18 January 2012; Jeffrey Delisle: Naval officer turned spy | CBC News, 10 October 2012; Colin Freeze & Jane Taber ‘So dead inside’: How the Mounties cracked Jeffrey Delisle – The Globe and Mail, October 2012.

[5] Combined & Joint All Domain Command & Control

[6] In Canada this concept is known as PDC2 (Pan-domain Command & Control).  The domains are operating environments for military forces and include: Air, Land, Maritime, Space and Cyber.   This concept is fully explained in Canada – Department of National Defence Pan-domain Force Employment Concept –Prevailing in a Dangerous World, October 2023

Contact us to learn more today: sales@gsts.ca

Accelerate Your Maritime Business Today with AI-Powered Intelligence

Discover How OCIANA® can help.