Tweets, Facebook, and Instagram posts from ‘concerned citizens’ and official accounts alike give us an almost immediate tip off that there has been an IED event. Although there are always caveats, open-source intelligence (OSINT) is now recognised for its value as a rich, unclassified knowledge base.
The IED threat to citizens and assets continues to evolve and it is vital that our forces can respond quickly and effectively to new and emerging threats. Traditional routes of intelligence gathering, exploitation and reporting are time consuming and often involve classified or restricted information.
In today’s dynamic online world, a journalist or intelligence analyst might have reported the event in great detail well before the device has been fully exploited and a classified report has even been written. Furthermore, the Internet has become a remarkable source of critical indicators and warnings for threatening behaviours.
But OSINT is not just a case of running a few Google searches. To deliver actionable intelligence from which an informed response can be made, the challenge lies in knowing how to negotiate through the vast quantities of information on the Internet and social media. In effect, picking out the particular needle of interest from a huge pile of needles!
“[OSINT IS…] INTELLIGENCE PRODUCED FROM PUBLICLY AVAILABLE INFORMATION (PAI) THAT IS COLLECTED, EXPLOITED AND DISSEMINATED IN A TIMELY MANNER TO AN APPROPRIATE AUDIENCE FOR THE PURPOSE OF ADDRESSING A PARTICULAR INTELLIGENCE REQUIREMENT.”
~ Office of the Director of National Intelligence & the Department of Defense
There are many definitions and interpretations of what OSINT really is. All intelligence begins as raw information or data but this in isolation would seem to have no value at all. However, when the information is collated alongside other information, processed and validated, analysed and finally disseminated, then it becomes ‘actionable’ or ‘exploitable’ and an informed response can be made.
If we think back to the definition of OSINT, the key words to focus on are “collected, exploited and disseminated.”
Collect: to gain valuable publicly available information (PAI), we need to collect large amounts of data to enable us to recognise patterns or trends. This information needs to be stored in a database to allow for ease of retrieval and interrogation.
Exploit: it should be exploited by SMEs (subject matter experts);
Disseminate: and disseminated to all of those with a need to know the information.
When producing indications and warning to enable the defeat of the IED, time is the key factor. In other words, getting the right information to the right people at the right time saves lives.
Cost effective: as more valuable information is available in the public domain, using PAI is extremely cost-advantageous for the user.
Distribution: OSINT (from PAI) can account for up to 80% of actionable intelligence. It is not protected or classified, meaning it can be shared with partners without the restrictions of classified data.
Speed: as the population express themselves on social media, blogs, vlogs and in all manner of ways on the Internet, it is easy to access the latest information on events as they happen from PAI.
Overload: the biggest issue with PAI is the sheer volume of information available, particularly on large or significant events, which can place a burden on the researcher. The format that the data is presented in is equally as important as the sources it is retrieved from. Use of a common lexicon to process and contextualise information is one way of combating this burden.
Analysis: although the speed of incoming information is a massive advantage in warning people of the dangers they may face, it is vital that the information is fully corroborated with official sources in the longer term. Many original sources of data are found to be woefully inconsistent with the actual event so data reported and disseminated must be verified. To deliver the most up-to-date information, event reports should be added to as new information comes to light. Effectively, OSINT collation must be dynamic to be viable.
Reliability: identifying the true information from potential misinformation is key. Bias can greatly affect the stance when reporting an incident, so an analyst should always search for the original source of the information. To produce reliable OSINT, we must analyse the data for ourselves and verify its reliability and provenance.
There are many sources to use for researching PAI: web browsers, news feeds, user generated content and social networks, to name but a few. Data analysts must be trained to use many different search techniques and to ‘think outside the box’ in order to acquire, process and validate the data.
This is the most vital part of gathering data. On its own, one threat tweet is not of concern, but when that information is subjected to sophisticated search processes and cross-referenced against existing known metadata and geo-location information – then emerging threats, tactics, techniques and procedures can be identified.
Conducting a trend analysis of open-source data forms a major part of defining the threat presented by IEDs. Trend analysis can be used to predict future events, technical developments, and tactical evolutions and to keep an eye on current activities.
Technology used to defeat the RCIED (radio-controlled IED) needs to be dynamic and current. A SME (subject matter expert) is able to analyse the types of devices that have been reported and used throughout the world and compare the composition of these devices.
Having a human in the loop is extremely important in this world of subjective reporting and analysis. The SME should look into the geopolitical situation for ideologies or common causes in the area to help them predict where threats may arise in the short, medium and long term, and the potential for both technical and tactical evolution.
Time is of the essence when you need to get key and actionable information to troops on the ground. There should also be a wide range of report templates aimed directly at the target audience based on their specific operational need. These should range from Tactical Tip Offs to full Country Reports.
Intelligence informs decision makers about what they do not already know to enable them to decide on a course of action. The effective use of OSINT coupled with other sources of intelligence can provide actionable intelligence assisting in the identification of current and future threats. This can turn the ‘unknown unknowns’ into ‘known knowns’ – and help towards a proactive strategy for mitigating the threats presented by IEDs and RCIEDs.
~ ~ ~ ~ ~
The Open Source Threat Database (OSTD) is a comprehensive database of open-source data on IEDs and RCIEDs and is at the heart of EWS’s intelligence offering.
~ ~ ~ ~ ~
This article first appeared in CBNW – January 2021