Whitepaper

Intelligence, Redefined: Advanced Intelligence Uncovers the Unknown Unknowns

Many nations prioritized terror prevention, particularly border security, before 2022. Today, rising tensions and the “great power competition” demand readiness for geopolitical unrest anywhere, at any time, with serious security implications. Law enforcement and intelligence agencies want to understand the bigger picture and stay ahead of emerging threats. 

The intelligence and security communities face growing maritime threats – including rising attacks on commercial vessels, illegal fishing in exclusive economic zones (EEZs), drug smuggling, and escalating piracy. 

Organizations and teams conduct complex, strategic investigations tailored to their goals. They require advanced tools for analysis and early anomaly detection, whether across vast oceans or in specific areas of interest, to help them address challenges, such as intelligence blind spots, vast amounts of raw data, and maritime expertise limitations.

The greatest challenge lies in detecting the unknown unknowns: new or emerging threats by definition lack historical data. This requires the use of dynamic artificial intelligence (AI) systems capable of continuous monitoring, identifying hidden patterns and anomalies in vessel activity, and uncovering potential threats, without relying on pre-existing intelligence or assumptions.

By analyzing patterns, behaviors, and anomalies, AI-driven models offer a smarter way to tip-off decision-makers on potential risks or emerging threats – including threats that are unanticipated and unfamiliar. The key is using AI not just to observe, but to predict, investigate, and provide clarity in decision-making.

Early detection

Relying on Pre-Existing Trends is Yesterday’s Method

In a world plagued by volatility and unpredictability, relying on pre-existing trends to detect threats is yesterday’s method. Government and security organizations depending upon tried-and-true methods and tactics are bound to stay behind. 

“Thirty years ago, we were working in a relatively static system, when the cycle of change for major strategic issues was anywhere up to five or ten years. Now, things are moving at a much greater speed and it’s hard to keep track, “ says Daniel Tarshish, a former Foreign Office Regional Director with 30 years of public service. 

“We have to challenge our assumptions. When I started work in the intelligence field, the boss was expected to have the answer – they had been around for twenty or thirty years and had a good instinct for repeating patterns. In an unpredictable world, that really isn’t true anymore. The systems the boss was once familiar with have changed so much and are still changing. 

What you really need now to succeed is a space in which you can work quickly, creatively, and collaboratively. Where the things you’re missing, such as the unknown unknowns, can be made visible, assessed for relevance, and potential courses of action explored.”

Intelligence and security organizations, much like most other complex structures, run the risk of becoming inert. In the context of maritime security, this could mean running the same operations year after year, doing the same patrol routes, deploying assets across a set number of locations – irrespective of changes, whether geopolitical, economic, climate-based, etc.  

The problem is that black swan events – events that used to happen once in a blue moon, affecting everyone – now seem to occur in succession, one after the other. Since 2020, we have seen a sequence of events that upended global trade and impacted geopolitics: a global pandemic, a six-day blockade of the Suez Canal due to a stuck cargo vessel, the Russia-Ukraine war and accompanying sanctions, and the Red Sea crisis.

These events are compounded by broader trends with a global impact: an opioid pandemic that is driven in large part by maritime trade; a massive decline in the amount of fish in the ocean due to illegal fishing and the consequent geopolitical expansion and economic harm to affected nations; and the shifting balance of power between East and West, with certain countries, China prime among them, retaining unencumbered passage through major global trade routes.

Data You Can Trust?

There are at least 500,000 ships operating across the world’s oceans at any given moment. These vessels make over seven million port calls, execute 1.2 million ship-to-ship operations, and sail an astonishing 2.3 billion miles annually. Plus, they discharge over 11 billion tons of cargo. The sheer scale of these operations present two big obstacles for security and intelligence organizations trying to avoid drowning in data and dots. 

Early detection

1. Drowning in Dots: The Challenge of Overwhelming Amounts of Data

Maritime operations generate an enormous amount of data, from vessel locations and cargo details, to weather patterns and port information. But with this comes a significant challenge – sifting through an overwhelming volume of “dots on a screen.” 

Each dot represents a potential decision point, but the sheer scale can often cloud, rather than clarify, your understanding. It’s easy to miss critical signals when you’re drowning in data, leading to slower response times, or overlooked risks. How do you transform this data deluge into actionable insights?

2. The Deception Dilemma: Data Manipulation and False Confidence

It’s not just about interpreting the data, but also identifying when the data is misleading. Increasingly sophisticated actors are manipulating automatic identification systems (AIS) and other tracking mechanisms to create false narratives – whether it’s a vessel masking its identity, location, or intentions. This deception creates a false sense of confidence, as decision-makers may not always be aware that the data they’re relying on has been tampered with. Understanding and combating this deception is crucial to maintaining reliable maritime domain awareness.

Finding a Needle in the Ocean

With half a million vessels transmitting AIS signals, not all of them require immediate attention. However, identifying which ones do – whether they’re engaged in suspicious behavior, or pose a potential risk – can be like finding a needle in a haystack. In an environment where seconds count, prioritization becomes essential, yet current methods make it extremely difficult to detect anomalies in real-time and distinguish between what’s critical and what’s irrelevant.

Whether it’s deploying an unmanned aerial vehicle, a coast guard patrol, or surveillance assets, decision-makers face a constant dilemma: where should they focus their limited resources? Without a clear understanding of which areas or vessels require immediate attention, valuable time and assets can be wasted on non-critical activities.

There’s a tendency to focus on the familiar – key vessels, well-traveled routes, and known risk zones. But the maritime domain is vast, and threats or opportunities often lie beyond what is known. By fixating on familiar targets, we risk missing emerging risks or unusual behaviors that fall outside established patterns. The challenge is to broaden our scope, to look beyond the obvious, and to detect anomalies that exist, but may otherwise go unnoticed.

Consider an analyst in an intelligence organization who is monitoring a single vessel of interest, a familiar bad actor that has long been on the analyst’s watch list.

Early detection

Notice the rest of the ocean, grayed out and unmonitored. This illustrates a common trap we fall into as human beings: we focus on what we know. What about the risks we can’t see – the vessels operating beyond our focus? What’s happening in those gray areas?

Early detection

These areas are unsurprisingly populated with hidden, high-risk targets being missed by traditional systems. These vessels are far from the one originally being tracked, but they exhibit patterns that suggest they may be involved in illicit activities and relevant to our mission. This is where predictive behavioral analysis comes into play – moving us beyond the “known knowns” to uncover the “unknown unknowns.”

Introducing Windward Advanced Intelligence

Technology is key to helping organizations move beyond the trap of familiar targets, flush out unknown bad actors before they inflict harm, identify trends that indicate a shift or change before they become visible to the naked eye, and respond to macro events before they become news.

Windward’s Advanced Intelligence provides law enforcement and intelligence agencies with an end-to-end solution that features Early Detection, automated target generation, and streamlined investigation workflows, to enhance maritime safety and security. 

Advanced Intelligence is an AI-powered solution equipped with a comprehensive set of features designed to empower intelligence and security organizations to uncover and handle threats more efficiently. The solution streamlines the entire investigation process from early anomaly detection and strategic investigations, to vital context provided by MAI Expert™, Windward’s generative AI virtual analyst.

Early Detection white paper Image 5

By controlling all aspects of the investigative process within one platform, the solution significantly cuts down the time and resources needed to conduct thorough investigations.

Early Detection is a self-taught behavioral analytics model that doesn’t rely on predefined knowledge or target identification. This model is designed to monitor patterns of life across the globe and automatically detect deviations. When a behavioral shift occurs anywhere – regardless of whether intelligence analysts are actively monitoring it – the Early Detection technology flags this anomaly for further investigation.

Early Detection: Under the Hood

Windward’s Early Detection technology provides near real-time notifications about anomalies or new trends, either globally or within predefined areas, utilizing the vast amount of data collected by Windward’s system.

In order to automatically flag anomalies as they occur, Windward aggregates activities over time (based on over a decade of behavioral and historical data) and, using time series forecasting, tailors a custom machine learning model to estimate what the next value should be. If a value falls outside the prediction interval (a range within which future observations are expected to fall) the system automatically flags it as an anomaly, prompting an analyst to investigate further.

The Early Detection model flags two layers of anomalies:

  • Spikes indicative of sudden changes, possibly reflecting a military exercise, extreme weather, and other localized events
  • Gradual or process changes indicative of a new global trend – such as a new trade route, an emerging ship-to-ship operations hub, or a new IUU fishing hot zone

The automatic, passive, and daily identification and flagging of anomalies in real-time save intelligence analysts the need to run manual queries. Aside from being time-consuming, analysts can only identify and run a limited number of queries on issues they know to be of interest. Automatic anomaly detection directs analysts’ attention to the questions they do not yet know to ask, or areas they hadn’t thought to cover.

For governments, intelligence agencies, and law enforcement, Early Detection revolutionizes maritime surveillance by providing leads to analysts about activities that warrant investigation. The most complex challenge of all is finding the unknown unknowns (unanticipated threats).

Early Detection highlights unusual vessel movements, new congregations of vessels, sudden changes in ship registrations, and other anomalies that could indicate security threats or illegal activities. MAI Expert™ then provides the context, such as sanctions evasion, trafficking or illegal fishing. By providing timely, actionable intelligence, Early Detection and MAI Expert™ enable the public sector to focus their resources more effectively, enhancing national security and maritime law enforcement efforts.

Four Critical Actions for Enhanced Workflows

Detection is only the beginning. Its purpose, critical as it may be, is to direct an analyst’s attention to an emerging issue they might not be aware of. The initial detection prompts an investigation to understand the anomaly or new trend and, if needed, escalate for action or further exploration. 

Once targets are thoroughly investigated, analysts can leverage the findings to perform several critical actions:

  • Expansion of target lists: refine and broaden target lists based on newly discovered insights, ensuring a more comprehensive approach to monitoring and engagement
  • Tipping and cueing: prioritize and route targets for further investigation or immediate action, optimizing the response to emerging threats or opportunities
  • Mission planning: integrate insights into mission planning to enhance operational effectiveness, ensuring strategies are aligned with the latest intelligence
  • Tasking of unmanned assets: deploy unmanned assets – such as drones or remote sensors – for targeted reconnaissance or monitoring based on the insights gathered

As the investigation nears a conclusion and new patterns, trends, or methods of operation are discovered, the organization can be automatically notified when such events reoccur. The analyst can add vessels to a vessel of interest list, create a new area of interest, or configure an entirely new risk profile with Organization Defined Risk (ODR).

Early Detection white paper Image 6

Case Study: Something Suspicious in Sudan

What does this look like in practice?

Windward’s Early Detection model flagged a major increase in slow-speed activity off the coast of Sudan during the week of August 18, 2024. This suspicious 270% increase in drifting, compared to the weekly average in 2024, was notable enough to prompt further investigation. Why were so many vessels slowing down near the Sudanese coast?

 

Early Detection white paper Image 7

Windward analysts launched an investigation into the anomaly in an attempt to understand what were these vessels doing there, and whether this was indicative of a new geopolitical alliance, a covert military operation, or something else entirely. An examination of the area, using Windward’s platform and via satellite imagery, revealed that the increase was not rooted in the actual presence of vessels in the area, but rather in human intervention from third–party radio frequency (RF) interference (or “GPS jamming”) – probably originating from a station on the coast. 

Aside from being time-consuming, analysts can only identify and run a limited number of queries on issues they know to be of interest. Automatic anomaly detection directs analysts’ attention to the questions they do not yet know to ask, and the leads they most urgently need to explore.

The anomaly of slow-speed activity off the coast of Sudan, and the investigation that followed, revealed a case of deliberate third–party RF interference and increased suspicious activity in a notorious area of interest – displaying a level of GPS jamming that has never been seen there before.

To read the full report, click here.

Outcome-Driven Intelligence

  1. “Be the first to know, be the first to act.” This is a guiding principle of intelligence and security organizations worldwide. The earlier they get pivotal intelligence, the more time they have to understand and respond to it. 

To adequately address the current landscape and challenges, intelligence must be:

  • Accessible for all kinds of expertise and domains (crimes are rarely confined to just land, air, or sea)
  • Predictive and proactive, to find issues before they become a problem
  • Outcome-focused, workflow-based technology must mimic the work of analysts and enhance it, supplying them with the targets they need but don’t know to look for, and pushing them beyond assumptions, while aligning with existing workflows 
  • AI-based data must be transformed into actionable insights, otherwise, it can become an obstacle

Windward can help. 

Early Detection

I Want to Uncover the Unknowns