Pierluigi Paganini January 25, 2012

Every intelligence discipline is used to acquire information concerning specifc subjects, the common categories of these methodologies include human intelligence (HUMINT), signals intelligence (SIGINT), imagery intelligence (IMINT), measurement and signatures intelligence (MASINT), and open source intelligence (OSINT) and Geospatial Intelligence.

Each disciplines is used by governments to collect data on their adversaries and competitors. Similar disciplines are used in private sector also to gather information related to business competitor. Today I desire to introduce the MASINT discipline and specific processes used to retrieve information from the observation of phisical events in the environment arount our structures.

MASINT was recognized by the United States Department of Defense as an intelligence discipline in 1986, under its umbrella we identify the processes to retrieve information using quantitative and qualitative analysis of data derived from specific technical sensors for the purpose of identifying any distinctive features associated with the source emitter or sender. The intelligence process can then associate the measurements to a particular phenomenon or environmental condition recognizing any deviation from what is considered an ordinary situation.  Understand that similar techniques are extremely useful in the military, and not only, for monitoring of critical infrastructure and territories, examples of MASINT disciplines include radar intelligence (RADNT), infrared intelligence (IRINT), and nuclear intelligence (NUCINT).

When we refer the term MASINT is essential to distinguish it from technical intelligence (TECHINT) matter, these terms are are often confused. The main element that distinguishes them is that technical intelligence are certainly “invasive” because for its analysis it is necessary the availability of the item to be qualified (e.g. having a physical device), unlike MASINT techniques that infer information about a specific subject from data collected remotely by sensors.

A couple of days ago I read an interesting article on the possibility to adopt MASINT processes based on radio frequency to detect cyber attacks on critical infrastructure.
The security expert Brad Bowers mainly has focused its researches on usage of Radio Frequency (RF) in phenomena classification. He is convinced that the techique could be also applied to track hackers activities during an attacks and of course to identify any incoming threat to critical infrastructure.

The principle is very interesting and technologically easy to apply thanks to the wide range of wireless technologies used for monitoring the implementation of infrastructure.
Any adverse event is identified by an analysis of radio frequency interference, consider the example related to the possible intrusion within a perimeter, or introduction in a plant of radio devices such as PCs or mobile devices.

Law enforcement officers are familiar with these MASINT methods that are used to identify in a timely and automatic “abnormal” events as the explosion of a gun in a specific area or can localize a pirate boarding a boat through the detection of signals frequency sent by electronic slides of which will equip the pirates (eg GPS systems). Consider also that MASINT techniques are largely implemented for detection and identification of underground facilities, Weapon of mass destruction, and Improvised explosive device, easy to understand how the discipline is actively supported by the military.

Usage of MASINT techiques is also encuraged in small environments by the relative low cost of the analyzer to be acquired that can range from $2,000 to more than $60,000, capable of providing very accurate measurements and analysis of RF activity in a very small spectral range.
Consider also that it is quite simple to develope, using common scripting languages as Python, own analizer that parsing the collected data are able to generate an alert.
The core of the process is to identity what technically is called the “signature” of an event that is the sequence of RF measurements that identify a particular situation.
Once the signature has been “translated” using the scripting language in real time we can monitor specific environment with low cost hardware and software.
This opportunity makes it attractive to industry disciplines such as those described, it be expected to observe in the private sector in the coming years a significant use of the methods introduced.

Pierluigi Paganini

References

http://www.anagram.com/berson/nrcoiw.pdf