GEOG 479
Cyber-Geography in Geospatial Intelligence

Geospatial Intelligence and Cyberspace


Geospatial Intelligence and Cyberspace

The term “geospatial intelligence” means- “ the exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth. GEOINT consists of imagery, imagery intelligence, and geospatial information.”

U.S. Code Title 10, §467, 1996 as quoted on NGA Pub 1-0, 2006

The exploitation and analysis of imagery and geospatial information to describe, assess, and visually depict physical features and geographically referenced activities on the Earth. GEOINT consists of imagery, imagery intelligence, and geospatial information.” 

(NGA Definition of GeoInt) and Title 10 U.S. Code §467

Prior to 9/11, the intelligence process and tools used by the US government were directed at known threats that displayed well-understood functions and activities. Since the fall of the Soviet Union, threat-focused processes and tools from the Cold War era are now directed at known threats whose functions and activities are not well understood due to the rise of non-state actors and asymmetric threats. Today’s intelligence environment is best characterized by an overload of data – exponentially increasing in volume, variety, and velocity of available data.

In this course, the geospatial intelligence analyst’s role is to discover, describe, explain, and interpret geographic and cyber information in order to anticipate a subject’s use of geography.

A corollary to this can be stated as:

Cyber information is an artifact of a subject’s use of geography.

The analyst’s work, therefore, not only involves physical mapping of the Internet. It’s about the flow of information across the technology divide, the effects of connective technologies, and the reevaluation and redefinition of geographic terms like “distance” and “neighborhood.” It’s about extending the lessons of geography to understand the effects that increased information and communications technologies (ICTs) are having as they are deployed into the technology divide.

Thought Question to ponder for discussion later:

While Barnett postulated that the “disconnected Gap” was where US forces were typically drawn into conflicts, his observation was made before much of the impact of the current ICT infrastructure in underserved areas was in place or its impact well understood. We will see this later when we examine the ICT growth in areas of northern Africa. So the question – is his observation still valid? Is “connectedness” enough of a factor to establish areas free of conflict?

The richness of available open source information, generated either by social media or other sources, is too complex to accumulate and analyze using current approaches. Analysts often use multiple sources of information to create actionable intelligence. The datasets are large in volume, and are typically stored across multiple databases in several locations. This requires queries to be pre-specified – filtering significant amounts of data before an analyst has an opportunity to decide if it’s important. This query-retrieve procedure effectively removes the possibility of the “lucky find,” because the analyst has to know what they want to query. The datasets are becoming more complex while the transaction costs are decreasing.

From the US Army’s “Cyberspace Operations Concept Capability Plan 2016-2028” cyberspace is one of five domains; the others are air, land, maritime, and space. These five domains are interdependent. Cyberspace nodes physically reside in all the other domains. Activities in cyberspace can enable freedom of action for activities in the other domains, and activities in the other domains can also create effects in and through cyberspace. As Figure 2 illustrates, Cyberspace can be viewed as three layers (physical, logical, and social) made up of five components (geographic, physical network, logical network, cyber persona, and persona). While these five components describe the boundaries of cyberspace, the information that flows through these components has to be recognized as unique in its own right.

The 3 Layers of Cyberspace. See caption for description.
Figure 2: The Three Layers of Cyberspace (physical, logical, social) & 5 components (geographic, physical network, logical network, cyber persona, persona).
Credit: The United States Army's: Cyberspace Operations Concept Capability Plan 2016-2018, TRADOC Pamphlet 525-7-8.pdf and FM 3-38.

The layers of cyberspace as viewed above consist of the interdependent networks of IT infrastructures and data resident within those structures. The interdependent networks of IT infrastructures and resident data that define cyberspace exist in one or more layers of cyberspace. All the layers must be considered as they relate to the information environment, the operational environment, and the operational area. The paragraphs below are taken from FM 3-38 Cyber Electromagnetic Activities Feb 2014.

The physical network layer includes both geographic and physical network components. The geographic component is the physical location of elements of the network. The physical network component includes all the physical equipment associated with links (wired, wireless, and optical) and the physical connectors that support the transfer of code and data on the networks and nodes. As an example, physical networks components may include wires, cables, radio frequencies, routers, servers, computers, radars, weapons systems, telecommunications systems, personal digital assistants, and other networked devices where data is created, manipulated, processed, and stored.

The logical network layer consists of the components of the network that are related to one another in ways that are abstracted from the physical network. For instance, nodes in the physical layer may logically relate to one another to form entities in cyberspace that are not tied to a specific node, path, or individual. Websites hosted on servers in multiple physical locations where content can be accessed through a single uniform resource locator or web address provide another example.

The social layer consists of both a cyber-persona layer and a persona layer and are abstractions of the logical network, and it uses the rules of the logical network layer to develop a digital representation of an individual or entity identity in cyberspace. This layer consists of the people who actually use the network and therefore have one or more identities that can be identified, attributed, and acted upon. These identities may include e-mail addresses, social networking identities, other web forum identities, computer Internet protocol addresses, and cell phone numbers. Cyber-personas hold important implications in terms of attributing responsibility and targeting the source of a cyberspace threat. Because cyber-personas can be complex, with elements in many virtual locations, but normally not linked to a single physical location or form, significant intelligence collection and analysis capabilities may be required.

Example of alignment to authorities (Source: FM 3-38)
Functions References Executive Authority
Offensive Cyberspace Operations
  • USC Title 10 and Title 50
  • Joint Doctrine for Cyberspace Ops
  • Guidance from the Unified Command Plan (UCP)
  • Guidance from Presidential Policy Directive (PPD) for Cyberspace Ops
  • President of the US
Defensive Cyberspace Operations
  • Titles 10, 18 and 50
  • Joint Doctrine for Cyberspace ops
  • Guidance from the UCP
  • Guidance from the PPD for Cyberspace Ops Standing Rules of Engagement (SROE)Guidance
  • COCOMs (IDM)
  • SROE (as required)
Department of Defense Information Network Operations
  • USC Titles 10, 18, 40, 44, and 50

  • Guidance from unified command plan
  • Joint doctrine for cyberspace operations
  • DODD 8000.01 - management of the DOD information enterprise
  • Defense Information Systems Agency
  • Network Enterprise Center
  • Army Network Enterprise Technology Command

In summary, information is the only asset that is stolen by replication. As such, securing it is problematic because, for it to be of any use, it needs to be available for access. In the wake of the September 11, 2001 attacks, the US government began instituting information protection policies. The aim of these policies was to minimize the targets of opportunity that could be exploited by potential attackers using publicly available information. One of the outcomes of these policies is the “Department of Defense Strategy for Operating in Cyberspace” that was released in July 2011. In it, the DOD states, “The Department and the nation have vulnerabilities in cyberspace. Our reliance on cyberspace stands in stark contrast to the inadequacy of our cybersecurity – the security of the technologies that we use each day.”