Producing Intelligence from open sources.
During Senate hearings in 1947, experts from the Intelligence Community (IC) testified that a proper analysis of information gained through open sources could satisfy at least 80 percent of our peacetime intelligence requirements. (1) Since then, the Cold War has come and gone; formerly closed societies have begun to allow us access to information that was previously state secrets. The "Information Superhighway," with all its international connections, has given us access to much more information; there are few roadblocks or restricted-access routes for those who know what to look for and where to look for it. Under these conditions, the percentage of requirements that can be satisfied from open sources should be at least as great in the twenty-first century as it was in 1947.
Yet, open source intelligence (OSINT) has remained a discipline that the IC has often overlooked and underestimated. There has been little thought of a concerted effort to produce and disseminate unclassified intelligence products based on a systematic analysis of the masses of unclassified information available. Most intelligence organizations still regard open source data merely as background information. It rarely proceeds beyond the collection and processing steps of the intelligence process. In recent years, the Department of Defense (DOD) has defined OSINT as "Information of potential intelligence value that is available to the general public." (2) However, this definition would better fit the term open source information, since unprocessed, unevaluated information is not yet intelligence. No amount of information beautifully collected, indexed, and filed is of any value until analysts select what is pertinent, find out its meaning, put it together in a finished intelligence product, and communicate it to those who need it.
Today, there is a great need for unclassified intelligence products to satisfy known or anticipated intelligence requirements. To many, however, "unclassified intelligence" would seem to be an oxymoron, since we tend to associate "intelligence" with clandestine means and covert operations to obtain information about a foreign entity that did not intend for us to have this information. However, no official definition of intelligence says that it has to be classified. We often forget that not just high level decisionmakers and planners, who can use intelligence at various levels of classification, have legitimate requirements for information about our potential adversaries, emerging technologies, and other conditions in our operational environment (OE). Therefore, much of the information about the OE remains buried inside classified documents or unexploited in neglected open sources. Unfortunately, that prevents it from being readily available or useful to a large segment of potential consumers who must rely on unclassified information when operating in non-secure environments.
The irony is that our analysts and producers of foreign intelligence could obtain much of the same foreign intelligence information from open, unclassified sources if they would merely look for it there. All the more ironic are cases where they do have access to the open source information but simply do not have a current mission to convert it into unclassified intelligence. By failing to take advantage of the wealth of material available in open sources, we expose the U.S. Army to the consequences of training and preparation based on inadequate knowledge of potential enemy capabilities or other characteristics of the OE in which we might find ourselves. This article discusses past efforts and lessons learned about how to apply all the steps of the intelligence process to the production of intelligence from open sources.
As early as the 1970s, the Defense Intelligence Agency (DIA) recognized the value of open sources. It had a special Handbook and Tactical Analysis Section dedicated to the production of unclassified intelligence. By 1979, the DIA had produced a variety of unclassified handbooks on the Soviet Ground Forces, primarily to support U.S. Army Training and Doctrine Command (TRADOC) requirements. At that point, TRADOC tasked DIA to produce a definitive unclassified intelligence document on the Soviet Army. This multivolume document was to serve as a comprehensive baseline reference to support threat instruction and training at TRADOC schools and centers, as well as the Opposing Force (OPFOR) Program throughout the Army. To ensure widest dissemination, the required document would not appear as a DIA publication, but rather as a field manual (FM) under the Armywide Training and Doctrinal Literature Program. Since DIA does not produce FMs, it agreed to provide TRADOC a draft document that updated and combined previous DIA unclassified handbooks into a single authoritative reference on Soviet operations, tactics, organizations, and equipment.
Within TRADOC, the Threats Directorate of the U.S. Army Combined Arms Center (CAC) at Fort Leavenworth received the DIA draft in 1981 and began to mold it into a final FM format. Intelligence analysts at CAC Threats, accustomed since 1976 to analyzing open source information on the Soviet Army, coordinated several substantive improvements with their DIA counterparts. This collaborative production effort culminated in 1982, with the published coordinating draft of FM 100-2 in three volumes. (3) Unfortunately, DIA had to discontinue its unclassified production effort in 1982, due to other priorities.
CAC Threats carried the FM 100-2 series through to final publication in 1984, making some further improvements based on emerging open source information. Many customers, as well as analysts in the Army's intelligence production centers, were surprised by the manuals' thoroughness and accuracy. In many cases, they learned that essentially the same information they were accustomed to seeing only at the sensitive compartmented information (SCI) or collateral classified levels was also available from open sources. Moreover, these unclassified products could enjoy wide dissemination throughout the Army and other services.
In 1985, CAC Threats began negotiations with intelligence production agencies to elicit their support for updating the FM 100-2 series. Previous DIA counterparts recommended that CAC Threats seek support from the then newly formed Army Intelligence Agency (AIA), which at that time controlled all the Army's intelligence production centers. However, AIA too had other priorities and had neither the staff nor the plans to provide input up front as DIA had done. Because of the great success of the original 1984 version, AIA directed that CAC Threats continue to produce and update the FM 100-2 series based on unclassified sources. The key role of CAC Threats in the intelligence and threat support (I&TS) community and its interface with users in the Army training community gave it a unique ability to tailor its unclassified products to user requirements.
By 1991, CAC Threats had updated two of the three volumes on the Soviet Army. Just at that time, however, the Soviet Union and its army began to break up, and the CAC and TRADOC commanders decided to discontinue the FM 100-2 series. To replace it, they directed CAC Threats to produce a new FM 100-60 series on a capabilities-based OPFOR for use in all Army training venues. (4) CAC Threats analysts continued to use previously established methodology to build a composite of foreign capabilities through the collection, processing, and analysis of open source information to produce and disseminate an unclassified intelligence product.
A reorganization in 1994 made the former CAC Threats directly subordinate to the TRADOC Deputy Chief of Staff for Intelligence (DCSINT), who was now the responsible official for the Army's OPFOR Program. This merger solidified the role of the TRADOC DCSINT organization in producing unclassified intelligence to support training. In 2000, TRADOC DCSINT began to replace the FM 100-60 series with the new FM 7-100 series describing an OPFOR that helps represent the challenges of the contemporary operational environment (COE). (5) TRADOC DCSINT has also supported mission rehearsal exercises for units preparing for deployment in Afghanistan and Iraq by producing unclassified assessments of those particular operational environments.
Steps in the Open Source Intelligence Process
The basis for all foreign intelligence is the reality that exists in the foreign environment. We may become aware of this foreign reality by a variety of means. These include open source collection: acquiring material in the public domain, such as unclassified foreign government documents, books, magazines, newspapers, and scholarly and trade journals, as well as monitoring foreign radio and television broadcasts and the Internet. Another collection source is human intelligence (HUMINT), where the information comes from human sources and is usually collected by sensitive means. Finally, there are technical collection means such as imagery intelligence (IMINT), measurement and signature intelligence (MASINT), or signals intelligence (SIGINT). Figure 1 shows the relationships between foreign reality, the U.S. collection means through which we are able to perceive that reality, and how this affects the classification of U.S. perceptions in products derived from the collected data.
[FIGURE 1 OMITTED]
Intelligence collectors normally classify raw foreign intelligence information according to the sensitivity of the sources and means through which they collected it. That source may be information that is not publicly available (marked B in Figure 1) and accessible only through highly sensitive, technical means (Z), in which case they would classify the initial report as SCI ([B.sub.z]). If the source is still not publicly available (B), but collected through less sensitive covert means (Y), they would classify the initial report at the collateral level ([B.sub.y]). If the source is publicly available (A) and acquired by overt, open source means (X), the initial report can be unclassified ([A.sub.x]).
Besides that, analysts in the originating intelligence agency can downgrade the classification of information that subsequently becomes available from less sensitive sources. (This is exemplified by the overlap of [B.sub.y] and [B.sub.z] in Figure 1.) Likewise, the analysts of the originating agency--if they want--can declassify a piece of information previously published as classified, once it becomes known from open, unclassified sources ([A.sub.x]), since its revelation would no longer compromise any sensitive source. Of course, it would be necessary to sanitize the downgraded or declassified version, eliminating references to the original, more sensitive source.
Open source information, whether it stems directly from foreign open sources or comes indirectly through government or nongovernmental collectors of open source data, can obviously be unclassified. (A possible exception might be open source information collected during a covert operation.) However, sensitive U.S. collection assets can collect foreign information that is publicly available ([A.sub.y] or [A.sub.z]) as well as foreign information that is not ([B.sub.y] or [B.sub.z]). Collectors using these classified means often are incapable of ascertaining whether the information they perceive can also be perceived in another, unclassified mode ([A.sub.x]). Because of this overlapping coverage, it is quite possible for raw intelligence information to be overclassified. For example, a HUMINT agent or defector might report information he read in a foreign newspaper. If an intelligence agency had a subscription to the same newspaper and screened it for such items, it could acquire the same information without involving a sensitive source. By SIGINT technical means, we might intercept a message from a foreign official attending an international conference, and the same day the same official might hold a news conference or issue a press release to the public media containing the same information. When we do collect the same elements of foreign information overtly through open sources, we can and should identify them as unclassified.
In determining collection requirements and priorities, information from open sources can influence both classified and unclassified efforts. Sometimes, publicly available information may contain all but a small percentage of the information consumers require. In that case, an intelligence organization with the nearly complete unclassified picture could task collectors to look for the missing pieces. That small, but important percentage that a foreign entity kept secret, if acquired by sensitive means, could be the basis for a key classified product. Once aware of the missing content, which the foreign entity might not regard as secret, collectors and screeners of open sources could be on the lookout for the same information in unclassified form. On the other hand, organizations dealing primarily with classified information might inadvertently run across pieces of unclassified information that could fill in gaps in the existing unclassified picture. Those responsible for guidance and direction of the overall intelligence process must ensure that there is a mechanism for systematically sharing such unclassified information with those who produce unclassified intelligence.
The processing step converts collected information into a form suitable for analyzing and producing intelligence. For open source information from foreign sources, this often involves the transcription and/or translation of foreign language material. Data from open sources also must go through a process of screening, sifting, and sorting. This initial analysis can occur in the processing step, when screening analysts review raw information in order to identify significant facts for subsequent interpretation. Not all raw information collected is pertinent, credible, or accurate. Because of the vast amounts of information available from open sources, it is inevitable that much of this great mass of data is not really useful for intelligence production or duplicates information already held. So, the problem is to sift out those potentially useful bits of unclassified information that are both new and significant. Only then can information collected from open sources become truly useful to analysts involved in intelligence production.
Even back in 1947, those intelligence experts testifying before the U.S. Senate pointed to "the increasingly vast quantities of foreign intelligence information that are becoming available" through open sources. They clearly recognized the potential value of this previously untapped source or raw information. However, they also realized that the "virtually staggering" volume of the material obtainable by these "overt, normal, and aboveboard means" was a potential barrier to exploiting it. Furthermore, they understood that a "proper analysis" of this material could be much harder work than its classified counterpart. Hence their frequent references to the need for "a thorough sifting and analysis of the masses of readily available material" and "the painstaking study of that available overt material." (6) Since 1947, the volume of open source information has, of course, greatly expanded. This has further complicated the task of screening and analyzing.
Screening analysts or other trained intelligence workers must also determine whether a particular piece of information is pertinent to known or anticipated production requirements. Then they must ensure that any analyst producing intelligence to meet a given requirement has access to all the potentially valuable information pertaining to that requirement. The best intelligence data, classified or unclassified, are worthless if the intelligence producer is unaware of them.
The production step converts information into intelligence through the evaluation, integration, analysis, and interpretation of all available data, including that from open sources. It also entails the preparation of finished intelligence products in support of known or anticipated user requirements and in a form the user can apply. The finished product may be classified, unclassified, or a combination of the two--depending on user requirements.
One prerequisite for production is the evaluation of raw information for reliability of the source and accuracy of the content. The reliability of open sources can vary greatly--from government documents, to professional and technical journals, to news magazines, to hastily prepared newspaper reports. That is not to say that government documents are always accurate or that newspaper reports are always suspect. As with any intelligence source, analysts who deal most directly with these sources on a regular basis are the best judges of reliability. Thus, it might be a collector or a screening analyst rather than a production analyst who gauges reliability. However, the production analyst's personal knowledge of the subject matter and comparison with information on the same subject from other available sources are normally necessary to establish the accuracy of the information itself.
Many producers and consumers of intelligence often assume that the most reliable information is that which has the highest classification. That is not necessarily the case. In some instances, the unclassified information from open sources turns out to be the most reliable. The ultimate sources of unclassified intelligence may be what foreign entities say or show graphically about themselves in the open press, news broadcasts, sales brochures, or the Internet. These can rank among the most reliable of sources, when properly evaluated and analyzed. Open source data can often be just as accurate as information from classified sources. In some cases, the unclassified may be even more accurate, when the basis for the classified version was a guess, a mistaken interpretation, or outdated information.
There may be cases where a foreign entity purposely attempts to mislead us by providing false information. What usually leads to incorrect information, however, is our own misinterpretation of whatever data the foreign entity allows us to obtain through open source channels. This is why we need trained intelligence professionals involved in the production of data from open sources to support unclassified intelligence requirements. Non-intelligence customers, if provided only the unevaluated raw data, are likely to misinterpret it or be misled by faulty information.
Intelligence production also involves an integration function in which the analyst attempts to form a pattern by selecting, synthesizing, and combining evaluated information and previously developed intelligence. As the pattern emerges, the analyst often determines that some of the pieces are missing. Having identified these gaps, the analyst can then attempt to acquire additional information to complete, confirm, or refute the emerging pattern. If the desired intelligence product can be classified, data from sensitive sources may fill these gaps. If the product must remain unclassified, the analyst must find the missing pieces in open sources, get someone to declassify them, or provide a product that is useful though incomplete. There is always the possibility of refining the product at a later time, when more information does become available at the unclassified level.
Some would say that a compilation of material from unclassified sources runs the danger of becoming classified. This can indeed be true in the case of information about own systems and capabilities. The advantage of compilations of data is that they present a more complete picture of the situation than do the individual, isolated pieces of information of which they are constructed. Thus, a compilation of facts about us might draw a picture all too closely resembling the U.S. reality that we need to protect based on the possible damage to our national security that could result if our potential enemies knew these things about us. Generally, however, this does not seem to apply to foreign intelligence.
In the foreign intelligence business, we classify things primarily to protect our collection means. When information about a foreign entity becomes available from sources other than our own sensitive collection means, there is usually no need to classify it. If individual facts about the foreign entity are unclassified, then so are compilations of those facts. When intelligence analysts fit together bits and pieces of open source information analytically to form a greater body of unclassified information, the product should be thought of as approaching foreign reality, rather than approaching a classified perception of the same reality.
Analysis and interpretation are close companions that may have begun before the actual production step. During production, however, further analysis determines the significance of the information relative to information and intelligence already known. Interpretation involves drawing deductions about the probable meaning of the evaluated and integrated information. The analysis of unclassified information usually involves separating the few pertinent grains of wheat from a mountain of irrelevant chaff. This requires a combination of hard work and discriminating judgment. This judgment must come from qualified intelligence specialists who ideally should have a thorough knowledge of information available from all sources.
In reality, however, the classification of finished intelligence products often depends on the authors' awareness of sources. For example, when CAC Threats published the coordinating draft of the FM 100-2 series in 1982, two higher-level intelligence organizations expressed concern about possible security violations. One organization, which dealt primarily with intelligence from collateral sources, provided a list of 16 items it believed should be SECRET or CONFIDENTIAL. The other, which dealt primarily with SCI material, believed that one particular item should be classified at that level. The chief of the first organization promptly informed the latter that the item in question did not need to be at the SCI level, since it was one of the 16 items his organization held at the collateral level. CAC Threats analysts then produced multiple open sources for each of the 16 items in question, satisfying all concerned that the information could indeed be unclassified. This phenomenon led CAC Threats authors to create the diagram that appears in Figure 1--to explain conceptually how the same piece of information could simultaneously be held at classified and unclassified levels.
Authors who are aware only of SCI sources would naturally classify their product as SCI, unless there is a way to sanitize the information so as not to reveal the source. Likewise, authors who are aware of collateral sources would tend to classify their product as collateral. Even if these authors were aware that the same information was available through SCI sources, the mere presence of those sources would not determine the classification. The only reason for keeping the information at the SCI level would be to provide additional detail or to offer additional proof of its validity by identifying the additional, perhaps more trusted source. The same is true when a piece of information becomes available at the unclassified level. An author might still choose to report it as collateral or SCI in order to identify confirming sources that add to its credibility. Without the need for that backup information, however, the unclassified information could stand alone or as an unclassified portion of a classified product.
Unfortunately, those who deal primarily with information collected from classified sources are not always aware of whether the same information may be available from unclassified sources. If the analysts already have the information from normally reliable classified sources, they might not feel the need to look for it elsewhere. If such analysts happen to come across the same information in open sources, they do not necessarily have to declassify the information previously acquired from sensitive sources, although that is an option. They also have the option of including in the classified product some unclassified text or photographs. However, the unclassified information, if incorporated into a paragraph or table also containing classified material, will no longer be identified as unclassified. This happens because our system of portion marking requires each portion to bear the classification marking corresponding to the most sensitive material it contains.
As we have just seen, there is no purpose in collecting intelligence information unless we subsequently analyze it and work it into a final product. Likewise, there is no sense in developing a final product if we do not disseminate it to those who need it in a form they can use. Thus, the dissemination of unclassified intelligence is mandatory to those elements of the U.S. military that need it to support training and other activities that for various reasons must remain unclassified. This means that someone has to provide the U.S. Army the best available unclassified information in an unclassified finished intelligence product.
A Job for Intelligence Professionals
Not just anybody with access to raw open source information can or should produce and disseminate intelligence-related products based on that information. At any level in the intelligence business, only trained, experienced intelligence professionals should do this, because only they can do it properly. "Properly" means ensuring that the best available information reaches non-intelligence customers at a level of classification that is usable for them.
We do not want non-intelligence customers "doing their own thing" in unclassified intelligence production and coming up with their own versions of foreign intelligence data because intelligence professionals are not doing it for them. Otherwise, we could have problems with classified data showing up in unclassified products and data bases or unverified data giving the threat or OPFOR unrealistic capabilities--either overstated or understated.
Ideally, the same agency that produces classified intelligence should also produce as much unclassified intelligence as possible on the same subjects. Both classified and unclassified products would be validated and authoritative to the same degree, although possibly for different purposes. However, most analysts in those agencies already have a full-time job keeping up with classified production requirements to meet the needs of other, higher-priority customers. Those analysts also are generally not in a position to systematically screen unclassified sources and may not know what is or is not already known about a particular subject at the unclassified level. A more practical solution, therefore, might be for a separate group of intelligence specialists to produce unclassified products in concert with the agency's classified work.
Another possible solution is for intelligence specialists in an I&TS organization (such as TRADOC DCSINT) to produce the unclassified products, since they are most familiar with the needs of the Army training community and other potential users of unclassified intelligence. They can concentrate on exploiting open sources to meet those needs. This takes a group of experienced analysts whose primary focus is on the unclassified and who know the ground rules for unclassified intelligence production. These intelligence specialists must establish and maintain an adequate base of unclassified knowledge of the foreign areas and entities involved. This includes the analysts' personal knowledge, as well as knowledge of other intelligence products on the same subjects and the ability to coordinate with higher-level intelligence production agencies.
Another option for getting good unclassified products based on open sources is in a collaborative effort between intelligence production centers and I&TS specialists (similar to the past relationship between DIA and CAC Threats). This could involve the production centers providing validated and authoritative unclassified information from which the I&TS organization creates the final product tailored to customer needs.
In any of the above options, analysts focused on the classified production effort could still have ready access to unclassified products. Ideally, they would have the opportunity to review and comment on the unclassified products before dissemination. Occasionally, they might find a use for the unclassified information within their own products. In turn, those focused on unclassified production would have access to any unclassified intelligence produced by their own or other agencies and could tailor it for use in their own unclassified products. Thus, the two elements for classified and unclassified production can profit from each other's work and close coordination between counterpart analysts.
Some would argue that intelligence personnel who have access to classified information should not produce unclassified products on the same subjects. However, this is like arguing that those with access to SCI should not produce collateral intelligence. In both cases, it is desirable for the producer of less sensitive information to be aware of all the information available, including that which has a higher classification than the analysts can use in a particular product, in order to make fully informed decisions.
Analysts might have two pieces of contradictory information from unclassified sources on the same subject. When selecting which unclassified piece to use within a product that is overall classified, analysts would obviously pick the one that fits best into the context of information from all sources. It represents the best available unclassified information. If the only available unclassified information seems to be incorrect or not close enough to information confirmed by reliable, more sensitive sources, it might be better not to report it, rather than misleading or misinforming the customer. The same informed decision should be made when creating an unclassified product to meet the needs of certain non-intelligence customers. Good analysts would not knowingly give the customer something that is not the optimal product. The product based on only the unclassified pieces of information might not match the classified picture in every detail, but it should be close enough not to be misleading.
Intelligence analysts who deal primarily, or at least regularly with information from open sources tend to have a much broader awareness of the whole spectrum of unclassified knowledge available. The answers to many of our questions about foreign military capabilities and other parts of foreign environments are out there in unclassified form. We just have to know the right places to look and look there on a regular basis, so as not to miss them.
The foreign reality is the same, regardless of how we find out about it. This explains how some facts can be "classified" and unclassified at the same time. It merely means that someone went to a lot of trouble and expense to acquire from sensitive sources the same information that could be derived from open sources. Thus, open source information, properly analyzed, can be both a valuable and a cost-effective part of intelligence production. It is the job of intelligence professionals to exploit this goldmine of information, extract the useful nuggets with potential intelligence value, and refine them into finished intelligence products.
(1.) Committee on Armed Services, National Defense Establishment (Unification of the Armed Forces) Hearing, 80th Congress, 1st Session on S. 758, Part 3, April 30, May 2-9, 1947 (Washington, D. C: U.S. Government Printing Office, 1947), 492, 497, 525. The testimony cited here was by LTG Hoyt S. Vandenberg, then Director of Central Intelligence, accompanied by a written statement submitted by his civilian deputy Allen W. Dulles.
(2.) Joint Pub 1-02, Department of Defense Dictionary of Military and Associated Terms 12 April 2001 (as Amended Through 31 August 2005), 388.
(3.) The FM 100-2 Series consisted of FM 100-2-1, The Soviet Army: Operations and Tactics, FM 200-2-2, The Soviet Army: Specialized Warfare and Rear Area Support, and FM 200-2-3, The Soviet Army: Troops, Organization, and Equipment.
(4.) FM 100-60, Armor- and Mechanized-Based Opposing Force: Organization Guide, 16 July 1997, FM 100-61, Armor-and Mechanized-Based Opposing Force: Operational Art, 26 January 1998, and FM 100-63, Infantry-Based Opposing Force: Organization Guide. 18 April 1996.
(5.) FM 7-100, Opposing Forces Doctrinal Framework and Strategy, 1 May 2003, and FM 7-100.1, Opposing Force Operations, 27 December 2004. Other FMs currently under development as parts of this OPFOR series include OPFOR tactics; paramilitary and nonmilitary organizations and tactics; organization guide; and worldwide equipment guide.
(6.) Committee on Armed Services, National Defense Establishment (Unification of the Armed Forces) Hearing.
Dr: Madill is currently a Senior Intelligence Specialist in the COE and Threat Integration Directorate (CTID). TRADOC DCSINT. located at Fort Leavenworth, Kansas. Prior to joining that organization (then known as CAC Threats) in 1978. he served as an enlisted SIGINT analyst in Vietnam and Germany and received a direct commission as an MI officer. At CAC Threats and CTID. he has co-authored the FM 100-2 series on the Soviet Army. the FM 100-60 series on a capabilities-based OPFOR. and currently the FM 7-100 series on OPFOR for the COE He received a BS in Education from the University of Kansas, an MA from Emporia State University. and a PhD from the University of Kansas. Readers can contact him at DSN 552-3862. commercial (913) 684-3862. or E-mail donald. email@example.com.
|Printer friendly Cite/link Email Feedback|
|Author:||Madill, Donald L.|
|Publication:||Military Intelligence Professional Bulletin|
|Date:||Oct 1, 2005|
|Previous Article:||The Open Source Academy helps the intelligence community make the most of open sources.|
|Next Article:||50 years of excellence: ASD forges ahead as the Army's premier OSINT unit in the Pacific.|