In this article...

  • Intelligence agencies use cognitive technology in conjunction with other IT systems to increase the speed and efficiency of investigations.
  • Early adopters meet cognitive technology implementation challenges such as document-level data security mandates.


Today’s fast-paced television programs about high-tech crime agencies wow us with the instantaneous investigative capabilities they portray. In real life, however, all intelligence agencies aren’t quite that swift and sophisticated.

But cognitive technologies are bringing them a giant step closer by helping intelligence analysts grapple with today’s unprecedented levels of terrorism, financial crime and other serious global issues. Cognitive technologies such as machine learning, pattern recognition and natural language processing tap into the explosion of unstructured data that can hold the key to breaking a case. They can ingest terabytes of unstructured data rapidly and allow analysts to more quickly query it, surface hidden connections among entities within it and get investigators the information they need in time to act.

Learn more about cyber security in the cognitive era

Learn more about cyber security in the cognitive era

Learn more

Cognitive and analytics make a powerful combination

Some organizations have already applied advanced analytics to their databases to find connections between people, places, transactions and events. Cognitive technology can make analytics more powerful and their outputs more meaningful, as is the case with several agencies detecting financial crime in South America.

With 40 of the world’s 50 most dangerous cities, South American national authorities have a lot on their plates, making investigative efficiency imperative. Two national agencies focused on financial crimes are using cognitive solutions and analytics to improve the precision and speed of investigations.

One anti-money laundering agency uses a cognitive and analytics system to mine disparate structured and unstructured data sources—such as bank statements, email exchanges, phone records, business registrations and social media—to identify the assets of drug traffickers and organized crime rings. It identified $9 million in illicit assets in the first 1,800 cases investigated using the tool.


Cognitive computing extends the analytics journey to areas that were unreachable with classical analytics techniques like business intelligence, statistics, and operations research.

– Zena Washington, Offering Manager, IBM Watson


Another agency uses a cognitive and analytics solution to combat smuggling. In one of its simplest applications, analysts look for clues that help them determine which containers at the country’s ports potentially hold smuggled goods. The identification process once took weeks, but now takes just hours. Across multiple types of investigations, they’ve reduced the amount of time it takes to collate and analyze data by 85 percent.

Several agencies in other parts of the world are also using cognitive systems to unearth hidden connections in both structured and unstructured data. For example, one agency combines cognitive search and discovery capabilities with an analytics solution that helps analysts find the same name in millions of text documents where it might be spelled in hundreds of different ways.

The discovery capabilities of the cognitive solution provide an additional benefit—detecting other commonalities in documents that analysts may not have been looking for. For example, an analyst might conduct a search for an individual and all mentions of hair color. The solution will return those as well as other characteristics that surface in the same documents, perhaps a type of vehicle or other individuals’ names, and provide the frequency with which those characteristics and entities appear. It’s not hard to see how valuable this type of additional information can be in a crime detection use case.

Tackling security challenges

Unsurprisingly, the high sensitivity of intelligence data brings stringent security requirements. These requirements impact cognitive solution implementations as early as the proof-of-concept stage in some cases. But the experiences of early adopters indicate that security hurdles are surmountable.

Embarking on trials and proofs of concept can help test whether cognitive solutions can achieve their mission goals. Oftentimes, government policy forbids intelligence organizations from disclosing data to technology providers, tempting agencies to test system efficacy on open source data alone. Agencies have found that this approach just doesn’t cut it. When agencies can’t trial the system on real data that would be relevant to analyst investigations, some agencies have developed a dummy dataset to mimic how the system would function as they conducted true day-to-day tasks.

With the scope and complexity of terrorism and other threats expanding, information sharing among intelligence analysts both within and across agencies has perhaps never been more critical. One major stumbling block to information sharing: Not every analyst has clearance to view sensitive data.

Cognitive solutions can incorporate an agency’s current access parameters or allow an agency to create additional or customized parameters. One cohort of national intelligence agencies is taking advantage of this capability, giving multiple agencies access to a powerful cognitive discovery system and a massive shared corpus of data.

The system has ingested more than 80 million documents into its corpus, and it’s adding 30,000 more each day with a target of 160 million documents. While individual agencies populate the system with documents at a range of sensitivity levels, an analyst using the system will only receive data from documents he or she is authorized to view.

Adapting to a new technology and a new way of thinking

Cognitive technology differs from traditional IT in how it’s set up and maintained as well as how users interact with it. As intelligence agencies implement cognitive solutions, they quickly realize the implications of these differences for their personnel, workflow and culture.

While setting up a cognitive system might involve some programming by IT professionals, the system then “learns” to reason and find patterns in a body of knowledge based on “training” rather than traditional coding.


Training isn’t teaching the system everything – it is teaching it enough so it can predict what it doesn’t know.

– Scott Spangler, Principal Data Scientist & Distinguished Engineer, IBM Watson


Typically, IT professionals don’t have the knowledge of intelligence and workflows to conduct training, so it’s the analysts and intelligence experts who are best-suited for the job. As Juliana Gallina, IBM Cognitive Solutions Director for National Security and Justice, explained, “You need subject matter experts that can understand the agency’s data landscape and the types of collections that are important to them for given mission scenarios. This proves to be a somewhat rare skill—it’s kind of like being a data scientist, but also the person who can understand why certain content may be relevant for a particular mission.”

Trainers must feed the system not only typical question-and-answer pairs that are representative of the types of queries analysts would make, but also knowledge of intelligence “language.” For example, one intelligence agency had to teach its system slang words for cocaine, such as flour and talc.

But training isn’t merely an exercise in feeding street lingo and synonyms into the system. A cognitive system needs to understand relationships between words and concepts to help it unearth new, similar relationships. For example, after an intelligence agency set up the relationships between cocaine and other concepts, it ran a search. The system surfaced documents containing the word “acetone,” a cocaine purifying agent, in which drugs or cocaine were not specifically mentioned. From the relationships it was taught, the cognitive system understood that it should look for not only the drug, but also compounds used in its production.

Once the system is trained, it’s time to train the analysts. Teams that have implemented cognitive investigation tools say teaching intelligence analysts to use them is typically a fairly simple exercise, requiring a few days to a few weeks, even in instances where analysts previously did their job manually.

There has been, however, one somewhat unexpected area where training efforts have had to concentrate—getting analysts to “ask” the system questions rather than revert to old keyword search habits. “You have a generation that’s been schooled on keyword searches. It’s very difficult for them to transition to asking questions. Our challenge has been to say, ‘Stop trying to format your query. Just ask it. Pretend the guy next to you knows something that you don’t know. How would you ask him?’ We’ve had a hard time teaching people to do that,” said William Dubyak, an IBM machine learning specialist.

Cognitive systems often transform more than an intelligence agency’s tools—they can bring about changes in processes and culture. For example, in one agency, the data siloes that existed before bringing in a cognitive system led personnel to develop “siloed skills.” This constrained flow of information caused workers to specialize in just one domain. With the new cognitive solution providing access to a wide swath of data and improved collaboration tools, the organization encouraged a more cooperative team environment, fundamentally changing how it managed cases and shared information.

But perhaps most significantly, cognitive technology affects the way users think. Analysts not only have more time to think because the technology helps them collect intelligence, but the technology also makes them think differently about how they do research and intelligence discovery. As IBM Senior Managing Consultant Kylie Cameron explained, “It is a new way of thinking about things that people haven’t quite grasped, and it is really hard to talk people through it without them living it.”