Embed Size (px)
Citation preview
NOVEMBER 2001
I
This Page Is Intentionally Left Blank
I
PREFACE
his publication providespreliminary joint and coalitiontraining information on the
subject of Open Source Intelligence(OSINT). It discusses the fundamentalsof OSINT support to both the all-sourceintelligence process, and to theunclassified intelligence requirements ofoperators, logisticians, and civilianorganizations participating in joint andcoalition operations. The focus is onrelevant information that can be obtainedlegally and ethically from the public andprivate sector, and that is not classifiedin its origin or processing. Theinformation may become classified inrelation to the commander's intent or itsassociation with classified informationwhen it is rightly blended into all-sourceintelligence reports.
his publication has beenprepared under my direction asthe Supreme Allied
Commander, Atlantic, in collaborationwith staff from the Supreme AlliedCommander, Europe (SACEUR). This
publication has benefited greatly fromthe continued collaboration between mystaff and the staff of Open SourceSolutions Inc. With the publication ofthis document and its companions, theIntelligence Exploitation of the Internetand the NATO OSINT Reader,commanders and their staffs will havebasic guidance for the development ofOSINT.
The increasingly robust array of opensources available to all staffs enablecommanders at all levels to attempt tosatisfy their information requirementsthemselves rather than immediatelydirecting Requests for Information(RFIs) elsewhere. This manual outlinesa systematic approach to OSINTexploitation.
his information is relevant toall NATO commands, taskforces, member nations, civil-
military committees and workinggroups, and such other organizations thatmay be planning or engaged incombined joint operations.
W. F. KERNANGeneral, U.S. Army
T
T
T
II
This Page Is Intentionally Left Blank
III
Intentionally Blank
Table of Contents
EXECUTIVE SUMMARY VCHAPTER I 1OPEN SOURCE INTELLIGENCE AND JOINT OR COALITION OPERATION 1
Introduction 1Definitions 221st Century Information Operations 3
CHAPTER II 5PRIVATE SECTOR INFORMATION OFFERINGS 5
SECTION A. SOURCES 5Traditional Media Sources 5Commercial Online Premium Sources 6Other Forms of Commercial Online Information 8Grey Literature 8Overt Human Experts and Observer 9Commercial Imagery 9Defining Source Access Requirements (Dangers of Pay-per-View) 11
SECTION B. SOFTWARE 12Software Hierarchy 12
SECTION C. SERVICES 13Collection Services 13Processing Services 13Analysis & Production Services 13Services Examples 14
CHAPTER III 15THE OPEN SOURCE INTELLIGENCE CYCLE 15
SECTION A. OSINT PLANNING AND DIRECTION 15Overview 15Organizations and Responsibilities 15Requirements Definition 16Evaluation and Feedback 17
SECTION B. COLLECTION 17Overview 17Knowing Who Knows 19Collection Discipline 19Collection Issues 20Nuances of Open Source Collection 21
SECTION C. PROCESSING AND EXPLOITATION 23Overview 23Analysis 23Web-Site Authentication and Source Analysis 24
SECTION D. SEARCHING ANONYMOUSLY ON THE WEB 27Overview 27Leaving a Footprint 28Traffic analysis 28
IV
Contact with others 29SECTION E. PRODUCTION 29
Overview 29Reports 29Link Tables 31Distance Learning 31Expert Forums 32
SECTION F. DISSEMINATION AND EVALUATION 33Overview 33Dissemination Methods 34Virtual Intelligence Community 34
CHAPTER IV 36OSINT AND THE EMERGING FUTURE INTELLIGENCE ARCHITECTURE OF NATO 36
SECTION A. BLENDING OSINT INTO THE ALL-SOURCE PROCESS 36Overview 36Direction 38Collection 39Processing 41Dissemination 42
APPENDIX A: GENERAL REFERENCE LINK TABLE 43APPENDIX B: TRAINING LINK TABLE 45APPENDIX C: CATEGORIES OF MISPERCEPTION AND BIAS 46APPENDIX D: LIST OF ABBREVIATIONS 48FEEDBACK 49
V
EXECUTIVE SUMMARY
COMMANDER'S OVERVIEW
Open Source Intelligence (OSINT) in Jointand Coalition Operations
pen Source Intelligence, orOSINT, is unclassifiedinformation that has been
deliberately discovered, discriminated,distilled and disseminated to a selectaudience in order to address a specificquestion. It provides a very robustfoundation for other intelligencedisciplines. When applied in asystematic fashion, OSINT products canreduce the demands on classifiedintelligence collection resources bylimiting requests for information only tothose questions that cannot be answeredby open sources.
Open information sources are not theexclusive domain of intelligence staffs.Intelligence should never seek to limitaccess to open sources. Rather,intelligence should facilitate the use ofopen sources by all staff elements thatrequire access to relevant, reliableinformation. Intelligence staffs shouldconcentrate on the application of provenintelligence processes to the exploitationof open sources to improve its all-sourceintelligence products. Familiarity withavailable open sources will placeintelligence staffs in the position ofguiding and advising other staffelements in their own exploitation ofopen sources.
Open Source Intelligence and Joint orCoalition Operations
OSINT is a vital component of NATO’sfuture vision. Through its concentrationupon unclassified open sources ofinformation, OSINT provides the meanswith which to develop valid and reliableintelligence products that can be sharedwith non-NATO elements ofinternational operations. Experience inthe Balkans, and the increasingimportance of the Partnership for Peaceand Mediterranean Dialogue members insecurity dialogue, illustrates the need todevelop information sources that enablebroader engagement with these vitalpartners.
Private Sector Information Offerings
The Internet is now the default C4Iarchitecture for virtually the entireworld. The principle exceptions aremost militaries and intelligenceorganizations. The Internet facilitatescommerce, provides entertainment andsupports ever increasing amounts ofhuman interaction. To exclude theinformation flow carried by the Internetis to exclude the greatest emerging datasource available. While the Internet is asource of much knowledge, allinformation gleaned from it must beassessed for its source, bias andreliability.
O
VI
As a source of reliable information, theInternet must be approached with greatcaution. As a means with which to gainaccess to quality commercial sources ofvalidated information, the Internet isunbeatable.
A vision of open source exploitationmust not be limited exclusively toelectronic sources. Traditional print,hardcopy images and other analogsources continue to provide a wealth ofdata of continuing relevance to NATOintelligence.
The Open Source Intelligence Cycle
As the range of NATO informationneeds varies depending upon missionrequirements, it is virtually impossible tomaintain a viable collection of opensource materials that address allinformation needs instantly. The focusshould be on the collection of sources,not information. With knowledge ofrelevant and reliable sources of opensource information, an intelligence staffcan quickly devote collection energy andanalytical expertise to develop tailoredOSINT products to the mission need.
OSINT and the Emerging FutureIntelligence Architecture of NATO
OSINT is an essential building block forall intelligence disciplines. Opensources have always played a role inclassified intelligence production. In theNATO context, a robust OSINTcapability greatly increases the range ofinformation sources available tointelligence staffs to address intelligenceneeds.
Nations are capable of tasking classifiedintelligence sources to addressintelligence gaps. Lacking organicintelligence collection assets, NATOintelligence staffs are unable to taskclassified collection. Rather thanimmediately directed a Request ForInformation (RFI) to a nationalintelligence centre, a robust OSINTcapability enables intelligence staffs toaddress many intelligence needs withinternal resources.
While unable to replace classifiedintelligence production, OSINT is ableto compliment an all-source intelligenceproduction process with essentialsupport including tip-offs, context,validation and cover for informationsanitation.
1
CHAPTER IOPEN SOURCE INTELLIGENCE AND JOINT OR
COALITION OPERATIONS
Introduction
OSINT is distinct from academic, businessor journalistic research in that it representsthe application of the proven process ofnational intelligence to a global diversity ofsources, with the intent of producingtailored intelligence for the commander.OSINT is also unique, within a coalitionoperations context, in that it simultaneously
provides a multi-lateral foundation forestablishing a common view of the sharedArea of Operations (AOO), while alsoproviding a context within which a wide-variety of bi-lateral classified intelligencesharing arrangements can be exploited.Figure 1 illustrates these relationships.
Figure 1 - Relationship between Open Source and Classified Information Operations
"OSINT is not a substitute for satellites, spies, or existing organic military and civilianintelligence capabilities. It is, however, a foundation—a very strong foundation—for planningand executing coalition operations across the spectrum from humanitarian assistance to totalwar. OSINT provides strategic historical and cultural insights; it provides operationallyhelpful information about infrastructure and current conditions; and it provides tactically vitalcommercial geospatial information that is not available from national capabilities. In coalitionoperations, OSINT is both the foundation for civil-military cooperation, and the framework forclassified bilateral intelligence-sharing."
Securely Exploit Bi-LateralClassified Intelligence
from Nations
Create CommonOpen Source Intelligencefor Multi-Lateral Sharing
COALITION COMMANDER &
STAFF
INTELLIGENCEMETHODS• Requirements Definition• Collection Management• Source Discovery &Validation• Multi-Source Fusion• Compelling TimelyPresentation• Evaluation, Feedback,New Requirements• Operational Security
OPEN SOURCEINFORMATION• Internet• Commercial Online (Feefor Access)• Gray Literature• Subject-Matter Experts• Commercial GeospatialInformation• Direct Ground and/orAerial Reconnaissance• Complex Human and/orTechnical Services
2
OSINT is valuable to NATO membernations and to individual Partner nations inthat it can be used to provide a commonunderstanding of the AOO across allelements of its military forces and itscivilian and non-governmental organization(NGO) counterparts. Elements of the forcesnot authorized access to the full range ofclassified information, often including suchvital components, as military police,logistics elements, engineers, and the public
affairs staff, can be made more effectivethrough the utilization of tailored OSINT.At the same time, external parties withwhom coordination is critical, but who arealso not authorized access to classifiedinformation, can receive tailored OSINT thatis helpful to a shared understanding of theAOO and the challenges facing the coalitionand all its elements. Figure 2 illustrates thisidea.
Definitions
There are four distinct categories of openinformation and intelligence.
Open Source Data (OSD). Data is the rawprint, broadcast, oral debriefing or otherform of information from a primary source.It can be a photograph, a tape recording, acommercial satellite image, or a personalletter from an individual.
Open Source Information (OSIF). OSIFis comprised of data that can be put together,
generally by an editorial process thatprovides some filtering and validation aswell as presentation management. OSIF isgeneric information that is usually widelydisseminated. Newspapers, books,broadcast, and general daily reports are partof the OSIF world.
Open Source Intelligence (OSINT).OSINT is information that has beendeliberately discovered, discriminated,distilled, and disseminated to a select
CINC
J-2 J-3
PSYOP
POLAD
PIO
CIVILAFFAIRS
PROVOSTMARSHAL
COMBATENGINEERS
Exchange with People
Exchange with Embassies
Exchange with Civil Authorities
Exchange with Business Community
Exchange with
MediaOSINT “NET”
Figure 2 - Utility of OSINT Net for Internal and External Information Exchanges
3
audience, generally the commander and theirimmediate staff, in order to address aspecific question. OSINT, in other words,applies the proven process of intelligence tothe broad diversity of open sources ofinformation, and creates intelligence.
Validated OSINT (OSINT-V). OSINT-Vis information to which a very high degree
of certainty can be attributed. It can beproduced by an all-source intelligenceprofessional, with access to classifiedintelligence sources, whether working for anation or for a coalition staff. It can alsocome from an assured open source to whichno question can be raised concerning itsvalidity (images of an aircraft arriving at anairport that are broadcast over the media).
21st Century Information Operations
OSINT is an essential contextual andfoundation element for classifiedintelligence operations. Overt humansources can help target and validateclandestine human intelligence (HUMINT)sources. Overt broadcast information can beused to better understand covertly collectedsignals intelligence (SIGINT). Commercialgeospatial information, especially wide-areasurveillance imagery, can be used tosignificantly enhance the value of the morenarrowly focused covert imageryintelligence (IMINT) capabilities. OSINTcan also make contributions to the emergingdiscipline of Measurements and SignaturesIntelligence (MASINT), to Counter-intelligence (CI), and to Operations Security(OPSEC).
OSINT is the major new "force" in 21st
Century Information Operations (IO).OSINT is not "new" in that Nations andorganizations have always understood thevalue of legal travelers, direct observation,structured reading, and legal purchases ofinformation services. What is new aboutOSINT is the confluence of three distincttrends: first, the proliferation of the Internetas a tool for disseminating and sharing overtinformation; second, the consequent andrelated "information explosion" in whichpublished knowledge is growingexponentially; and third, the collapse ofmany formerly denied areas.
OSINT is important to coalitioncommanders and their staffs for anotherreason: emerging threats, and the lower end
of the spectrum of conflict, increasinglydemand out-of-area operations andengagement in operations for whichclassified intelligence support is not readilyavailable. Out of area operations such ashumanitarian assistance and disaster reliefoperations in the countries of Africa orelsewhere along the NATO periphery, areall characterized by complex informationneeds related to infrastructure,demographics, health, and other matters nottraditionally addressed by classifiedintelligence collection operations.
OSINT is vital to government operations,and especially to coalition operations, forone additional reason: the changing natureof command & control in the 21st Century.In the past, nations and even coalitionsrelied heavily on a top-down "chain ofcommand" that relied on closed sources todirect generally unilateral actions with short-term time frames. Today, as non-governmental organizations come to the foreand are often the predominant factors inmany of the operations that the militarymust support, the dynamics of bothcommand & control and information havechanged.
Within NATO, operations must be plannedand executed in a multi-cultural fashion,with bottom-up consensus often being themost effective means of arriving atsustainable decisions. This is particularlytrue with the vital role played by non-NATOtroop contributing nations. Under thesecircumstances, a common view of the
4
Special Note on Operational SecurityThe most common objection to the use of open sources of information, apart from thegeneral lack of knowledge and funding with which to exploit open sources, relates to OperationalSecurity (OPSEC). This topic is fully discussed within Chapter III. The Open Source IntelligenceCycle makes full provision for OPSEC at every stage, and ample methods exist to conceal thecommander's intent, the source of the inquiry, and other sensitive aspects of open sourceexploitation.
operating area, formed with the help ofvalidated OSINT is often the most effectivemeans of delivering decision-support.
The remainder of this manual will discussprivate sector information offerings, theopen source intelligence cycle, and theintegration of OSINT into the NATO andprospective PfP coalition operations.OSINT will be a core element of the NATOFuture Intelligence Architecture.
5
CHAPTER IIPRIVATE SECTOR INFORMATION OFFERINGS
The four pillars to an OSINT strategy aresources, software, services and analysis.The private sector can address all four tosome degree. Analysis is the key enablingskill that is essential to the successfulintegration of OSINT into an all-sourceintelligence product. While some analysisof open sources can and should be acquiredfrom private sources, those analytical skills
necessary to integrate open source derivedintelligence must be grown and nurturedwithin intelligence staffs. Analysis will bediscussed further in Chapter III. Thischapter is intended to expose the wideraudience to the range of OSINT-relatedproducts that the private sector areoptimized to provide.
SECTION A. SOURCES
Traditional Media Sources
To many, media sources were the only opensources that were familiar prior to the onsetof the Internet. These include traditionalforeign print and broadcast media, radio andTV as well as the current array ofelectronically available products. Forcurrent intelligence purposes, media sourcesremain the core capability necessary for an
OSINT effort and are available from avariety of providers. Direct wire-servicefeeds are available. Commercial onlinepremium sources discussed below allprovide an array of media sources on a feefor service basis.
While not private sector informationproviders, the U.S. Foreign BroadcastInformation Service (FBIS) and the BritishBroadcasting Corporation (BBC)Monitoring Service each provide excellentnear real-time translation of foreign mediasources. In addition, an array of mediaanalysis products supplement the directlisting of foreign broadcasts and provideuseful insight into the general character offoreign media reporting on particular issues.
InternetThe Internet has, since 1994, literallyexploded on to the world scene and changedforever the manner in which individualsmight carry out global research. Accordingto Dr. Vinton Cerf, acknowledged by manyto be one of the founders of the Internet, itwill grow from 400 million users inNovember 2000, to an estimated 3.5 billionusers by the year 2015.
Apart from this exponential increase in the
number of human beings using the Internet,other experts project a double or triple orderof magnitude increase in the use of theInternet to connect devices, from geospatiallocators in vehicles, to temperature detectorsin soda machines, to usage monitors indoorways. The Internet is at the verybeginning of its development as a globalgrid of enormous value to coalitionoperators, logisticians, and intelligenceprofessionals.
6
The Internet has been over-sold in the past.A study by the Community Open SourceProgram Office (COSPO) within the U.S.Intelligence Community concluded in 1994that the Internet only contained roughly 450useful substantive sites, and that 99% of theInternet was not content of intelligencevalue, but rather pornography, opinion, andadvertising. This earlier evaluation of theintelligence potential of the Internet nolonger reflects the extensive content that isnow available. Some suggest that over250,000 databases are now available withinthe “deep web”, a great many of which areof potential intelligence value.
While the Internet has grown substantially invalue since 1994, the intelligenceprofessional must be very cautious aboutboth over-reliance on the Internet, and aboutthe source bias of materials found there. Ingeneral, Internet sources are rarely dated,formatted, paginated, edited, filtered, or
stable, even when addressing substantivetopics.
The Internet is an "easy out" for operatorsand other consumers of intelligence. It is anattractive option for commanders and staffin a hurry. If intelligence professionals donot demonstrate that they monitor andexploit the Internet, and/or if intelligenceprofessionals make it too difficult forconsumers to obtain usable all-sourceintelligence, the Internet represents a"threat" to the existing intelligence process.Increasingly, intelligence professionals mustact to place information that is widelyavailable on the Internet into its propercontext – either confirming its validity ordisputing the information based on classifiedcollateral reporting.
In general, the Internet today provides twobenefits to the coalition professional: first,as a means of rapidly communicating withcounterparts around the world, primarily toexchange unclassified information andprofessional insights; and second, as ameans of rapidly accessing both free andpremium (fee paid for access) informationsources. However, the Internet also has itsdangers. Electronic mail and attacheddocuments comprise a permanent record incyber-space, and the sender has little controlover subsequent dissemination andexploitation.
Commercial Online Premium SourcesThere are numerous commercial onlinepremium sources, that is, sources that chargeeither a subscription fee or a usage fee foraccess to their information. It is essential
that every professional understand theavailability and the value of commercialonline premium sources. They representdecades worth of editorial selection,
OSINT Professional Note: A number of advanced search tools are available that complement thevariety of search engines that are freely available on the Internet. OSINT managers should remainabreast of developments in the field of Internet tools and integrate appropriate tools, as they becomeavailable, into their OSINT process. An example, its basic form available free or in an advanced versionat a small cost, is a meta-search engine that combines the best features of multiple search engines, whilealso permitting subsequent searches for new information (remembering what has already been seen).Download this program from www.copernic.com.
Figure 3 - Internet users by continent (1999)
7
authentication, formatting, indexing,abstracting, and presentation management.In general, source material obtained througha commercial online premium service hasbeen created by a reputable commercialenterprise subject to scrutiny and thejudgment of the marketplace. In Figure 4,we discuss the three best known togovernments and corporations. There aremany others, some unique to Europe orAsia. Each professional is urged to consult
his or her librarian or his or her OSINTcollection manager to gain a betterunderstanding of what their options are forhigh-quality commercial informationrelevant to their action responsibilities.
In general, and in part because of the highcost of mistakes or unnecessary retrievals,all commercial online premium servicesshould be searched by those staff withsufficient training on the database and a
thorough understanding of its pricingstructure. Even commands with flat-feepricing should be aware that their nextcontract will be increased in price based onactual usage during the current flat-feeperiod. Alternatively, an option is to gainaccess to commercial sources via theservices of a professional librarian orcommercial information broker. Mostprofessional information brokers, such asthose belonging to the Association of
Independent Information Brokers (AIIB),specialize in either LEXIS-NEXIS orDIALOG. There are distinct advantages incontracting a searcher who has detailedfamiliarity with the very arcane searchcommand characteristics of these twoservices. In the case of Factiva this is lessvital but can still make a big difference inboth the success of the searchers, and thecost of the searches.
OSINT Professional Note: Always ask for search results in electronic form, these files can more easily beshared. Copy the results into a Word document. Add pagination. Add a title page and a blank table ofcontents page. Sort the items into larger categories (e.g. Political, Military, Economic) and label thecategories as "Heading 1". Then go through the document label each individual headline as "Heading 2".These headings are choices in the style bar at the upper left that generally says "Normal". Finally, go to theTable of Contents and use the Insert, Index and Tables, Table of Contents choices to insert a table ofcontents. If desired, use the Replace function to find and make bold all of the original search terms.
FACTIVA LEXIS-NEXIS DIALOGwww.factiva.com www.lexis-nexis.com www.dialog.comBest web-based user interface,easiest means of searching allavailable publications. Archive ofpublications varies but typicallyprovides several years worth ofhistorical file. Includes Jane'sInformation Group material as wellas BBC transcripts. Does notinclude FBIS information.
Two separate channels, onefocused on legal sources includingpublic records (primarily in theUnited States but very helpful intracing real estate, aircraft, andwater craft including internationalships), the other focused on newssources but offering archive access,i.e. ability to reach back severalyears or more on any topic.
A very large collection of variouscommercial offerings that can besearched "by the file". Especiallyvaluable for access to conferenceproceedings, academic and policyjournals, dissertations, bookreviews, and the Social ScienceCitation Index (SSCI). The latter isideal for finding and rankingindividual experts, to includeidentification of their officialaddress.
Flat fee or actual cost pricing. Flat fee, actual cost, or pay as yougo credit card pricing.
Flat fee, actual cost, or pay as yougo credit card pricing.
Figure 4 - Leading Commercial Online Premium Sources
8
Other Forms of Commercial Online Information
There is a vast range of commercial sourcesavailable through direct subscription, bothon the Internet and in the form of hard copyor CD-ROM publications. Table 1 belowidentifies just a few sources of commoninterest to military commanders and theirstaff. There are many more than those listedhere. SACLANT has undertaken to develop
and maintain a common NATO inventory ofopen sources and access points to whichRFIs can be directed. This can be found onMCCIS at www.saclant.nato.int/intel. Workcontinues to progress on a concept ofoperations for establishing broad NATOaccess to such sources at the mostcompetitive prices possible.
Grey Literature
Grey literature is that information that isboth legally and ethically available, but onlyfrom specialized channels or through directlocal access. It is generally understood asthat information whose distribution is not
controlled by commercial publishers, and/orthat information that is not published,distributed, catalogued or acquired throughcommercial booksellers and subscriptionagencies. Grey literature includes working
Source Type or Function Source Name and URLBroadcast Monitoring BBC Monitoring
http://news.monitor.bbc.co.uk/Broadcast Monitoring FBIS/NTIS World News Connection
http://wnc.fedworld.gov/ntis/home.htmlCommercial Imagery Autometric
http://www.autometric.com/AUTO/SERVICES/GISCurrent Awareness (Conferences) British Library Proceedings
http://www.bl.uk/services/bsds/dsc/infoserv.html#inside_confCurrent Awareness (Journals) ISI Current Contents
http://www.isinet.com/Current Awareness (Regional) Oxford Analytica
http://www.oxan.com/Defense Monitoring Janes Information Group
http://www.janes.com/geopol/geoset.htmlDefense Monitoring Periscope
http://www.periscope1.comDefense Monitoring (NATO) Orders of Battle Inc.
http://orbat.comDirectories of Experts Gale Research
http://www.gale.com/Foreign Affairs Discussions Columbia U. Int'l Affairs Online
www.ciaonet.orgForeign Affairs Monitoring Country Watch.com
www.countrywatch.comGlobal Risk Monitoring Political Risk Service (Country Studies)
www.prsgroup.comMaps & Charts East View Cartographic
http://www.cartographic.com
Table 1 - Examples of specialized commercial information
9
papers, pre-prints, technical reports andtechnical standards documents, dissertations,data sets, and commercial imagery.Producers of grey literature include: non-profit and educational organizations;commercial enterprises creating documentsfor internal use as well as for clients andsuppliers; local, state, and national
government agencies producing materialsfor internal use as well as for citizens andvendors, and; a wide variety of informal andformal associations, societies, and clubs.Examples include university yearbooks,yacht club registries, corporate trip reports,and personal notes from public events thatare posted to a public bulletin board.
Overt Human Experts and Observers
The ultimate open source is a human expertor human observer with direct experience.In many places of the world, Africa, forexample, it is not possible to obtainpublished information on specific locationsor conditions. For many topics, even thosewith great quantities of publishedinformation, it is not possible to find exactlywhat is needed even when the time andmoney is available to collect, process, andanalyze all available published information.The human expert is often the most efficientand the most inexpensive means of creatingnew open source intelligence that isresponsive to a specific requirement fromthe commander or his staff.
The identification and interviewing of thosewith direct on-the-ground experience is alsoa valuable means of ascertaining "ground
truth." It merits comment that officialcommunications from organizations, andmost media reporting, tend to rely onsecond-hand reports. Unless the informationis meticulously sourced and from a verytrusted source, expert judgment orobservation more often than not it will beless reliable than direct human expertjudgment or observation.
Commercial ImageryThe commercial imagery industry continuesto mature with the launching in recent years
of a number of satellites that offer militarilysignificant capabilities. One-meter
OSINT Professional Note: There are essentially four ways to get to expert humans. The most effectivemeans is through citation analysis using the Social Science Citation Index (SSCI) or the Science CitationIndex (SCI). These can both be accessed at www.isinet.com/isi. This generally requires a specialist searcherwith access to DIALOG for the SSCI or to the Scientific and Technical Network (STN) for the SCI. Thesecond means is through professional associations such as listed in the International Directory ofAssociations published by Gale Research, or as found through a copernic.com search of the Internet. Thethird means is by doing a Factiva.com search and identifying experts or "talking heads" that have beenquoted in the media on that topic. Last, and often the least efficient, is through a labor-intensive series oftelephone calls to various known government agencies or official points of contact. As a general rule, it isbest to do a comprehensive professional search for international experts with the most current knowledge,rather than relying on the in-house focal points or whomever might be casually known to in-house points ofcontact.
10
resolution electro-optical imagery availableto the private sector is not only possible nowbut also likely to be de rigueur in the future.Table 2 illustrates some of the militaryapplications of 1-m commercial imagery.By 2003, at least eleven private companiesexpect to have high-resolution commercialremote sensing satellites in orbit. Theirproducts will be available to whoever has acredit card. While this will bring newcapabilities to friend and foe alike,
commercial imagery provides uniqueopportunities for NATO as well. Unbridledby security constraints, which limit the useof imagery derived from military satellites,commercial imagery acquired by NATO canbe freely distributed within the constraints ofcopyright agreements with the originalprovider. This provides a host of optionsregarding cooperation with broader coalitionpartners who do not have access to NATOclassified information.
Target(note a)
Detection(note b)
General ID(note c)
Precise ID(note d)
Description(note e)
TechnicalAnalysis
Troop units 6.0 2.0 1.20 0.30 0.150Vehicles 1.5 0.6 0.30 0.06 0.045Aircraft 4.5 1.5 1.00 0.15 0.045Airfield facilities 6.0 4.5 3.00 0.30 0.150Nuclear weapons components 2.5 1.5 0.30 0.03 0.015Missile sites (SSM/SAM) 3.0 1.5 0.60 0.30 0.045Rockets and artillery 1.0 0.6 0.15 0.05 0.045Surface ships 7.5-15.0 4.5 0.60 0.30 0.045Surfaced submarines 7.5-30.0 4.5-6.0 1.50 1.00 0.030Roads 6.0-9.0 6.0 1.80 0.60 0.400Bridges 6.0 4.5 1.50 1.0 0.300CommunicationsRadar 3.0 1.0 0.30 0.15 0.015Radio 3.0 1.5 0.30 0.15 0.015Command and control HQs 3.0 1.5 1.00 0.15 0.090Supply dumps 1.5-3.0 0.6 0.30 0.03 0.030Land minefields 3.0-9.0 6.0 1.00 0.30 --Urban areas 60.0 30.0 3.00 3.00 0.750Coasts, landing beaches 15.0-30.0 4.5 3.00 1.50 0.150Ports and harbors 30.0 15.0 6.00 3.00 0.300Railroad yards and shops 15.0-30.0 15.0 6.00 1.50 0.400Terrain -- 90.0 4.50 1.50 0.750Notes:a. The table indicates the minimum resolution in meters at which the target can be detected, identified,
described, or analyzed. No source specifies which definition of resolution (pixel-size or white-dot) isused, but the table is internally consistent.
b. Detection: location of a class of units, object, or activity of military interest.c. General identification: determination of general target type.d. Precise identification: discrimination within a target type of known types.e. Description: size/dimension, configuration/layout, components construction, equipment count, etc.f. Technical Analysis: detailed analysis of specific equipment.
Table 2 - Approximate Ground Resolution in Metres for Target Detection, Identification, Description andAnalysisSource: Yahya A. Dehqanzada and Ann M. Florini. Secrets for Sale: How Commercial Satellite Imagery Will Change the World.Washington D.C.: Carnegie Endowment for International Peace, 2000.
11
The individual satellites are currentlylimited by poor revisit times to specifictargets. This factor is mitigated by the
growing “virtual constellation” ofcommercial remote sensing satellites that iscomprised of the collective resources of allof the available private companies. TheWestern European Union (WEU) satellitecenter has grown its capability through theconcept of exploitation of all availablecommercial resources rather than restrictingto merely European sources.
In addition to electro-optical sensors,Synthetic Aperture Radar (SAR) imagerycapability is improving significantly. SARimagery relies upon the analysis of a signaltransmitted in the microwave part of theelectromagnetic spectrum and theinterpretation of its return signal. Unlikeelectro-optical systems, these sensors are not
limited to daylight operations. Because theyhave an active sensor, they can image atarget in day or night, in any weather,
through clouds and smoke.
While current systems are capableof 8-meter resolution, the next fewyears will see commercial SARsatellites providing 1-meterresolution. These systems will beable to provide a dependablesource of militarily significantcommercial imagery to NATOforces as well as to ouradversaries.
A number of NATO nationspurchase commercial imagery tosupport their own national imageryrequirements. In many cases,these images can be redistributedfreely. While NATO commandsare able to purchase commercialimagery themselves, national
sources of imagery should be consulted, aspart of any collection effort, to ensure thatcommercial imagery needs cannot beaddressed through existing sources.
The “virtual constellation” of commercialremote sensing satellites will ultimately beable to provide a target revisit schedule thatwill increase its reliability as a source ofimagery. Until that time, the vast archive ofcommercial remote sensing images remainsa rich source of historical data that can beacquired fast and at low cost. Historicaldata is optimized for mission planning,mapping and humanitarian supportoperations when detailed knowledge ofinfrastructure is essential.
Defining Source Access Requirements (Dangers of Pay-per-View)
It is a relatively easy endeavor to identifyprivate information sources that can supportthe information needs of an OSINTprogramme. With the proliferation ofrestricted and open access Intranets, there
are great pressures to place all informationacquired onto web-based disseminationsystems.
While single copy licenses to information
Figure 5 - Comparative imagery resolutions
12
sources are typically attractively priced,multiple user licenses increase in price.License costs are generally a factor of thenumber of users that have access to theinformation. To place information directlyonto servers without the knowledge andconsent of the information provider is aviolation of copyright laws.
An option to reduce costs is to determine theinformation needs of the organization basedon communities of interests. Someinformation is required by all staff andmerits a general site license. Otherinformation is of interest to a more restrictedaudience. Lloyd’s shipping data, forexample, may be of general interest to awider audience but of job specific interest toa select group of analysts. The purchase of a
limited site license and the use of restrictedaccess within the Command’s Intranet willgreatly reduce license costs yet still providethe information in the most effectivemanner. Finally, ad hoc informationrequirements may be addressed with theacquisition of single copies of keyinformation sources.
As a general rule, there are few informationsources that are required by all members of astaff. Restricting access to some sourceswill increase the range of open sources thatare available for purchase within anorganization’s OSINT budget. Carefulplanning and the identification of the logicalcommunities of interest for individual opensources is a reasonable approach to managescarce resources.
SECTION B. SOFTWARE
Software Hierarchy
Conversion ofPaper Documentsto Digital Form
Automated Extraction ofData Elements From Text
and Images
Standardizingand ConvertingData Formats
Processing Images,Video, Audio,Signal Data
Automated ForeignLanguage
Translation
Open Literature Non-Text Data Restricted Information
Detection of AlertSituations
Clustering andLinking of
Related Data
Statistical Analysisto RevealAnomalies
Detection ofChanging Trends
Interactive Searchand Retrieval of
Data
Graphic and Map-Based Visualization
of Data
Modeling andSimulations
CollaborativeWork
Notetaking andOrganizing Ideas
StructuredArgumentAnalysis
Desktop Publishingand WordProcessing
Production ofGraphics, Videos and
Online Briefings
Revision Trackingand Realtime Group
Review
Finished Intelligence and Reporting
A
B
C
Figure 6 - OSINT Software Hierarchy
Above is an illustration of the eighteendistinct software functionalities that havebeen identified as being necessary for theoptimal processing of open sources ofinformation by any analyst—these would
comprise the desktop "toolkit.”
Section A functionalities include publishingand production management functionalities.Section B functionalities combine
13
collaborative work tools with datavisualization and manipulation tools withthinking tools: modeling and simulation andstructured argument analysis. Section Cfunctionalities combine tools for theautomated pre-processing of data once it isdigital, and with tools for converting hardcopy and multi-lingual or multi-mediainformation into a single digital standard.
Unfortunately, the state of the softwareindustry in general, and of desktop softwarein particular, is such that today it is notpossible to integrate all of thesefunctionalities at an affordable cost. Amajor obstacle to progress is the existingindustry practice of concealing and
constantly changing Application ProgramInterfaces (API). This means that third partysoftware producers desiring to have theirofferings work with another major product,must undertake lengthy and often expensivenegotiations in order to be shown theproprietary API. Software today is still not"plug and play", and it is unlikely to becomefully intergratable "out of the box" untilstandards of stability and transparency forAPI are established.
Having said this, it is possible to identifyseveral software packages of some value tothe open source intelligence analyst or theaction officer working with open sourceintelligence.
SECTION C. SERVICES
Collection ServicesCollection services include online collection(searchers that specialize in Internet, deepweb and premium commercial online sourceexploitation); off-line grey literature ordocument acquisition; telephone surveys and
electoral or other forms of polling; privateinvestigations and human interventionservices ("boots on the ground"); and aerialsurveillance or reconnaissance services.
Processing ServicesProcessing services include data conversionfrom hard-copy or analog to digital,indexing and abstracting of hard-copy orsoft-copy textual data or images,interpretation and annotation of imagery orsignals, database construction and stuffing,and complex modeling & simulationprojects with the best ones includinggeospatial and time-based visualizations.
When integrated with well-planned opensource collection and the right analyticalexpertise, complex processing services canyield substantial dividends by compressinglarge amounts of data into manageabletailored products that address specificintelligence requirements.
Analysis & Production ServicesA wide variety of commercial and academicorganizations offer diverse analysis andproduction services. As a general rule, thebest value is found through the hiring ofsingle individual experts with no overhead,rather than through broad contracts withorganizations that then adds a substantial feefor their considerable overhead expenses.
The very best value results when nichecollection, niche processing, and nicheanalysis services can be "mixed andmatched" to obtain precisely the desiredresults. The very worst value comes whenan organization is hired because of aconvenient contract, they do not have aniche expert, and choose to dedicate an
14
analyst that does not bring sufficientexperience or skill to the task.
Industry leaders can best be identified withreference to citation analysis and familiaritywith their product set. This is bestaccomplished through the identification of
other organizations with similar intelligenceproblems and exchanging informationconcerning those validated informationvendors that they employ. Web-site analysisis another tool, which can be applied to vetthe capabilities of a potential informationvendor.
Services ExamplesData Conversion ACS Defense
www.acsdefense.comDatabase Construction & Stuffing ORACLE
www.oracle.comDocument Acquisition British Library Document Centre
http://www.bl.uk/services/bsds/dsc/Human Intervention The Arkin Group
www.thearkingroup.comImagery Interpretation & Annotation Boeing Autometric
www.autometric.comIndexing & Abstracting Access International
http://www.accessinn.com/International Studies Analysis Monterey Institute of International Studies
www.miis.eduModeling & Simulation Boeing Autometric
www.autometric.comOnline Collection Association of Independent Information
Professionalswww.aiip.org
Open Source Intelligence Portal (meta-service) Open Source Solutions Inc.www.oss.net
Private Investigation Intelynx (Geneva)www.intelynx.ch
Scientific & Technical Analysis CENTRAwww.centratechnology.com
Signals Processing Zeta Associates Incorporatedwww.zai.com
Telephone Surveys (Primary Research) Risa Sacks & Associateswww.rsacksinfo.com
Table 3 - OSINT Related Services
As a general rule, there are no "portal"companies that serve as honest brokers forhelping governments "mix and match" bestin class niche providers at the mosteconomical cost.
15
CHAPTER IIITHE OPEN SOURCE INTELLIGENCE CYCLE
SECTION A. OSINT PLANNING AND DIRECTION
Overview
Whether one is going after open source data,information, or intelligence, there is aproven process of intelligence, theintelligence cycle that will yield good valuewhen applied. The open source intelligenceprocess is about discovery, discrimination,distillation, and dissemination—the 4 Ds(Figure 7). This analytical approach isapplied to the traditional single sourceintelligence cycle. A good understanding ofthe open source intelligence cycle makes itpossible to access and harness private sectorknowledge using only legal and ethical
means, generally at a very low cost incomparison to covert technical orclandestine human collection. Since manyrequirements that are urgent for thecommander and their staff may not qualifyfor nor be appropriate for secret collectionmethods, the open source intelligence cycleis in fact vital to NATO planning andoperations. As will be seen in the followingdiscussion, OSINT is an emerging disciplineand the emphasis will often be on informalcoordination rather than formal tasking.
Organizations and Responsibilities
The commander is ultimately responsible forestablishing the Essential Elements ofInformation (EEI) and for applying theresources necessary to satisfy them. Opensource intelligence is not necessarily theresponsibility of, or available from, national-level intelligence organizations. While theintelligence staff typically acts as the staffprincipal for OSINT activities, other staffs
are frequently well placed to both collectopen sources and to facilitate the furtherdevelopment of sources on behalf of theCommand. The subordinate commanders forCivil Affairs, Public Relations, MilitaryPolice, and Combat Engineering may oftenbe the best channels for seeking out OSINT,and can comprise an informal advisorycouncil to the commander.
Figure 7 - The OSINT Process
The OSINT PROCESS
Discovery – Know Who Knows
Discrimination – Know What’s What
Distillation – Know What’s Hot
Dissemination – Know Who’s Who
16
OSINT sources include, but are notrestricted to:
• National-Level IntelligenceOrganizations. Although they are notresponsible for satisfying thecommander's needs for OSINT,national-level intelligence organizationsmay have relevant open sourceinformation that can be provided. Somecountries, such as The Netherlands,United Kingdom, Denmark andNorway, are exceptionally competent inthis area and have fully integratedOSINT into their all-source collectionand production environments. Othersmay have selected units that can becalled upon, but have not yet masteredthis discipline.
• Diplomatic Missions. The establisheddiplomatic missions of the variousmember nations are often the bestsource of OSINT, at little cost, if theyare approached by one of their nationalsacting in an official capacity on behalfof the commander. Such missions areunder no direct obligation to respond,but informal coordination may yieldgood results.
• Chambers of Commerce. Many of themember nations have Chambers ofCommerce and these often have
established small communities thatbring the general managers and keybusiness executives from their nationalfirms in any given country together. Onan informal basis, with clear disclosureof the commander's interest, usefulOSINT may be acquired. This isparticularly true in deployed areas.
• Non-Governmental Organizations.The International Committee of the RedCross (ICRC), Doctors WithoutBorders, and the many elements of theUnited Nations as well as the manyinternational relief and charityorganizations, have deep directknowledge that can be drawn uponthrough informal coordination.
• Religious Organizations. Many Non-Article 5 Operations have verysubstantial human mass migration andethnic conflict aspects as witnessedduring Operation Allied Force. Theseissues are often best understood byreligious organizations. Organizationssuch as The Papal Nuncio and the localOpus Dei, the B'nai Brith, the IslamicWorld Foundation, and other equivalentreligious organizations are an essentialsource of overt information and expertperceptions
Requirements Definition
The greatest challenge for the commanderwill be the establishment and maintenanceof a rigorous and disciplined process fordefining the requirements to be addressedthrough open sources. The commonattitudes of "tell me everything abouteverything" or "if I have to tell you what Ineed to know you are not doing your job"represent unworkable direction.
Commanders and their staff must carefullyevaluate the specific information needs inthe context of their concerns and their plans
and intentions, and they must articulate, inthe narrowest possible way, precisely whatthey want to know and why. Thecommander's operational intent is as vital tothe intelligence professional as it is to theoperations professional. Only byunderstanding the context and direction ofthe commander's requirements, can a trulyfocused and flexible collection effort beundertaken.
OSINT is the most fundamental and fastestmeans of satisfying basic informational
17
needs, including needs for historicalbackground, current context and generalgeospatial information. Each commandershould distinguish between their tailoredintelligence requirements in support of theirfuture planning and the basic information
requirements that will permit operationaland logistics and other special staff planning(e.g. Civil Affairs) to go forward. OSINT ishighly relevant to both kinds of intelligencesupport.
Evaluation and Feedback
Planning and direction is a continuousprocess. The commander and their staffmust digest, evaluate, and provide feedbackon all received intelligence, whether open orclassified. As open source intelligence isreceived and reviewed, it must be shared
with staff principals and subordinatecommanders, evaluated, and the results ofthe evaluation passed directly to the staffelement responsible for coordinating OSINTsupport to the commander.
SECTION B. COLLECTION
Overview
The heart of intelligence collection isresearch – it is the matching of validatedintelligence requirements to availablesources with the aim of producing a productthat answers a valid need. Once anintelligence need has been identified, opensources should be reviewed by intelligencestaffs to determine if that intelligence needcan be satisfied through those resourcesorganic to the intelligence staffs, thoseresources that the staff can access, if an RFIto nations is required, or if a combination ofthese approaches is required.
Collection requires the translation of anintelligence need into an intelligencerequirement – an action plan to answer thatneed. A collection strategy is developed totap available sources. Optimal sources areselected and the information is collected.
This generic collection approach is equallyapplicable to classified sources as it is toopen sources.
In the NATO context, OSINT is acontributing source to an all-sourceintelligence effort. Open sources are used tocompliment the existing classifiedintelligence and can be collected on aspecific area. OSINT-derived products arecreated to answer a specific intelligenceneed to which open sources are bestoptimized. While RFIs from intelligenceusers typically generate collection efforts,Table 4 illustrates the three types ofproducer generated intelligence collectionand production requirements.
These three categories outline the way inwhich an internally directed OSINT
Analyst-driven Based on knowledge of customer and issuesEvents-driven In response to time-sensitive relevant events
Scheduled Periodic activities to document and updatetarget status
Table 4: Types of Producer-Generated Intelligence Collection and Production Requirements
Source: Arthur S. Hulnick. “The Intelligence Producer-Policy Consumer Linkage: A TheoreticalApproach.” Intelligence and National Security, Vol. 1,No. 2, (May 1986)
18
collection strategy should be developed.Only those products that support theintelligence staff’s mission should beproduced. The range of open informationthat is available both freely andcommercially will swamp the analyticalcapacity of any intelligence staff regardlessof size. Therefore, effective managementmust include the avoidance of productionwithout a specific purpose. While notadvocating a “make work” approach tointelligence, producer-generated collectionbuilds skills, evaluates sources and increasescapabilities necessary to address future RFIsand production requirements.
An analyst is often best placed to determinewhat product is required to address the pastneeds of the intelligence user. Proactivecollection and management to makeeffective use of emerging informationshould be encouraged. This could includethe tailoring of a newly available publicreport that addresses an establishedintelligence need into a format of use to anintelligence user.
Rapidly changing events can drive theproduction of new products. A military
coup or an environmental crisis couldpresage increased NATO interest in an areaof non-traditional interest. In the absence ofnational intelligence production shared withNATO, open source collection may be thebest means with which to begin to build anintelligence picture for the command.
Less dramatic changes to the internationalenvironment may also require open sourcecollection. Seasonal changes in a particularregion may lead to population migration.These periods are known well in advanceand lend themselves to scheduled productionof necessary intelligence products.
Chapter II reviewed private sectorinformation offerings. Chapter III focuseson the methods to be applied by any NATOunit to exploit those offerings, while notrecommending any specific source,software, or service. What is important isthat every NATO unit is conscious of theoverall process, the alternative means forobtaining and exploiting OSINT, and thevalue of OSINT as part of the all-sourceintelligence cycle. Figure 8 below isprovided a high-level view of the elementsof the OSINT collection process.
Figure 8 - OSINT Collection Process
PRODUCTIONTOOLKIT
Q ADIRECTACCESS
TOOLKIT
MEDIATEDACCESSTOOLKIT
Internet Stream
Offline/Grey Stream
Human ExpertsWorld Class/One Day Only PROCESSING
TOOLKIT
INTEGRATED ONE-STOP SHOPPING PROCESSCall Center -- Multi-Level Security -- Umbrella for Unified Billing
Commercial Feeds
Maps & Images
Feedback Loop
19
Knowing Who Knows
During periods of stability as well as crisis,it is incumbent upon intelligence staffs toestablish and nurture sources that will helpsatisfy information requirements. It is vitalthat the OSINT professional, known in somegovernments as Open Source Officers(OSO), focuses initially on "knowing whoknows" – the ability to rapidly identifysubject matter experts on topics of directrelevance to the commander’s mission andto seek information from them.
An approach favoured by some is theconcept of collecting sources notinformation. While the array of availableopen sources is staggering, the ability tofocus collection quickly on an emergingissue of intelligence interest is the keycapability. Rather than having a stale opensource product to draw upon, the ability torapidly direct collection on an issue, identifythe leading experts on the field and eitherdraw upon their most recent work or contactthem directly is the most effective use of anOSINT capability.
Therefore, a standing collection priorityshould include a preliminary inventory ofsubject-matter experts (SME) within theparent commands and its subordinate,adjacent, and higher commands, but shouldthen extend further, throughout the parentgovernment and into the national privatesector. The business community with itsinternational chambers of commerce, theacademic community with its variousprofessional associations, and the non-governmental organizations including thepeace institutes resident in many countries,are all vital points of reference.
The command OSO is, in essence, aninformation attaché to each of theseelements, and must always act with thehighest standards of overt decorum andpropriety. This must include a firm grasp ofboth the private sector's rights andobligations with respect to copyright and theprotection of intellectual property, andNATO's concerns with regard to OPSEC.
Collection Discipline
There is no faster way for an OSO to losehis commander's respect than to try to do toomuch, and end up taking too long to producesimple answers. Time management, and avery disciplined approach to the art andscience of OSINT collection, is the key toevery success.
The ever-increasing array of open sources
provides a rich environment for unbridledresearch. OSINT managers must ensure thattheir staffs are aware of the degree of detailrequired for each OSINT product beingprepared. The Internet and commercialpremium online sources are seductive to theanalyst. Within any OSINT effort, timespent in collection is always at the expenseof analysis. The desire to continue with the
OSINT Professional Note: A recommended timetable for a standard OSINT collection and analysistask is provided below:
15 Minutes Requirements Definition. Ensure an understanding of commander's intent.30 Minutes Internet Collection. Use search tools, rapidly identify top ten sites and review.15 Minutes Internet Table. Create Internet Table for future use and for customer's reference.60 Minutes Commercial Collection. Use fee sources, identify top 20 items for exploitation.60 Minutes Analysis. Read, understand, evaluate, and structure collected information.60 Minutes Production. Carefully create an analytical summary, table of contents, and slides.
4 Hours Total time required to create any OSINT report using only internal resources.
20
collection and acquisition of open sources atthe expense of their evaluation andpresentation as an analytical product reducesthe effectiveness of the OSINT contributionto the all-source effort. In few other fields isthe mantra that “perfection is the enemy ofgood enough” more appropriate than it is foropen source collection. Collection effortscan be reduced if time spent in the
evaluation of the reliability and objectivityof specific open sources does not have to bereplicated each time an analyst begins aproject. OSINT managers should ensurethat their staff maintains a dynamiccompilation of the open sources that theyexploit for specific issues. This referenceaid will serve as the starting point forsubsequent analytical tasks.
Collection Issues
There are several collection issues thatalways surface whenever commanders andstaff first consider OSINT as a structureddiscipline. These include OPSEC,Copyright Compliance, Foreign LanguageShortfalls, and External Networking.
Operations Security
• OPSEC is easily achievable in theOSINT environment through twomeasures: first, the concealment of theorigin of the search through the use oftrusted intermediaries; and second, theutilization of normal commercial Non-Disclosure Agreements (NDA) whennecessary to protect direct discussions ofa commander's concerns and intentions.
• In general, most OSINT inquiries willbe amply protected by existingprocesses, but when appropriate, atrusted local national with informationbroker skills can be hired (or aReservist utilized) to distance theinquiry from the command. It is amisconception to believe that anydiscussion with OSINT providers mustbe itself open.
• The private sector is accustomed toprotecting proprietary andcommercially confidential discussions.A standard private sector NDA is justas a good as a government secrecyagreement, with the added advantagethat the private sector partner has afinancial motivation for honoring theNDA—they want more business and
discretion is part of what they areselling.
Copyright Compliance.
• In the past, many governments have feltthat copyright compliance did not applyto their official needs, and somegovernments have resorted to theclassification of open sourceinformation as a means of concealingtheir routine violation of private sectorintellectual property rights
• It is now essential for all governments,and for all NATO elements, to learnhow to properly comply with applicablecopyright provisions. This is importantfor two reasons:
• To maintain the highest standards oflegal and ethical behavior among allNATO elements;
• More often than not, OSINT mustbe shared with external privatesector parties (e.g. humanitarianassistance organizations) or used asa means of exchange (poolinginformation on Kosovo, forexample). Thus copyrightcompliance is a vital means ofmaintain future flexibility in theexploitation of the OSINT available.
Foreign Language Shortfalls.
• Despite the multi-cultural and multi-lingual nature of the NATO alliance,many out-of-area contingencies require
21
foreign language skills that are notreadily available with the NATO force,or that can be identified quickly andprovided with security clearances.
• Over time it is vital that eachcommander identifies foreign languageskills as well as shortfalls and that thesebe consolidated and evaluated as part ofthe larger NATO Future IntelligenceArchitecture plan.
• Understanding international terrorism,insurgency, and violent internal politicalopposition movements, to take oneexample, requires competency in anumber of foreign languages to include:Arabic, Catelan, Danish, Dari, Dutch,English, Farsi, Finnish, French, German,Indonesian, Irish, Italian, Japanese,Korean, Kurdish, Kurmanji, Norwegian,Pashto, Polish, Portuguese, Russian,Serbian, Spanish, Swedish, Tamil,Turkish and Urdu.
• Many of the required capabilities arewithin the competence of nationalintelligence organizations but thesecapabilities are unlikely to be madeavailable to NATO commands for theexploitation of OSINT.
External Networking.
• There are four obstacles to externalnetworking relevant to NATOcompetency in OSINT.
• First, there is a lack of knowledgeabout who the real experts are onvarious regional and topical issues.
• Second, there is a fear of revealingthe question as an official inquiry—in some countries; there are evenprohibitions against direct contactsbetween intelligence personnel andprivate sector experts.
• Third, there is the lack of fundingfor compensating subject-matter-experts—everything must be doneon a barter or exchange of favors orinformation basis.
• Fourth and finally, the existingcommand & control,communications, computing, andintelligence (C4I) architectures tendto prohibit routine access to theInternet, and often make it difficultif not impossible to migrateunclassified information from theInternet into classified databases.
All of these obstacles can be overcome. Amajor outcome of the new NATO OSINTinitiative will be the definition andresolution of each of these obstacles.
Nuances of Open Source Collection
The Internet, although it will never be acompletely trustworthy source forinformation, has become the de facto C4Ibackbone for everyone other than themilitary. It is essential that our intelligence,operations and logistics staffs develop newdoctrine and new methods for fullyexploiting the data sources and the humanexperts that are easily accessible throughthis medium. As NATO deals with moreand more non-traditional threats and more
and more out-of-area as well as civilstability scenarios, OSINT will become amuch more important element of the all-source intelligence solution. It is vital thatevery NATO commander and relevant staffmember begin now to understand and planfor their OSINT needs.
Training in open source exploitation isrelevant not only to the intelligenceprofessionals, but also to all relevant staff
22
members who need access to open sourcesof information. OSINT is not the exclusivepurview of the intelligence profession. Theintelligence professionals should beavailable to reinforce the commander andtheir staff, but as a general rule, if a staffprincipal can answer his own informationrequirement exclusively through those opensources available to him, then that staffprincipal that should manage his owncollection effort.
Intelligence staffs should enable all staffelements to access relevant open sources asdirectly as possible. Intelligence staffsshould serve to facilitate the flow of OSINTand open source material while providingsource evaluation and guidance. Applyingthis process will enable many potential RFIsto be self-satisfied and thus not submitted.A robust OSINT programme can reduce thenumber of unnecessary RFIs that bog-downthe all-source intelligence staff withinformation requests that can otherwise besatisfied.
While each commander will have theirpreferred means of managing OSINT, whatis required is that they have a formal pointof contact for OSINT matters, an establishedprocess, and that they ensure that OSINT isfully integrated into every aspect of theircommand & staff operations.
The Internet, despite its current andprojected growth, is primarily a vehicle foropen collaboration, rather than a repositoryof knowledge. Commercial online sourcessuch as Factiva, DIALOG, LEXIS-NEXIS,STN and Questel-Orbit have hugerepositories of information that have beenprofessional selected, evaluated, indexed,abstracted, structured, and made available ina very stable format with authoritativesourcing, formatting, and dating.
In many cases, the information providedthrough these services have been “peerreviewed” – an exhaustive evaluationprocess by established leaders in the field ofstudy to ensure the accuracy of the
information and the rigor of the research.The Internet is not a substitute for premiumfee-for-service commercial online databases,and it is vital that no NATO element fallsprey to this illusion.
Each commercial service, as discussedbriefly in Chapter II, has its own strengthsand weaknesses. A robust OSINT capabilityshould include the understanding of and themeans to exploit each service accordingly.Some are best for current news, others forlegal records, and others for access toconference proceedings and dissertations.
According to some OSINT experts, only afraction of known knowledge is availableonline, either through the Internet or throughthe commercial online databases. Greyliterature, the limited edition publicationsthat are not available through normalcommercial channels, comprises a vital"middle ground" between online knowledgeand human expertise capable of creatingnew knowledge in real time. Therefore theNATO OSINT process includes theinventory and evaluation of grey literaturesources, and the development of a strategy, abudget, and a process for assuring that greyliterature sources are fully integrated into theNATO future intelligence architecture.
Finally, there is the human element. AsOSINT doctrine is developed, it would behelpful to think of three distinct forms ofovert HUMINT support to NATO. First andforemost are internal subject-matter-experts.These are scattered across commands andwithin various elements of the membernations’ governments. Second are theprivate sector experts who have achieved afavorable reputation based on their provenrecord of accomplishments and publications.Thirdly, there are "local knowledge"experts, including legal travelers and localresidents that are rarely exploited by residentdefense attachés for lack of time or fundingwith which to reimburse individuals for theirtime and expense.
New means must be found for defining
23
which local knowledge and localobservation is needed, and for combiningdirect observation by qualified NATOpersonnel, with out-sourced overt collectionand production.
SECTION C. PROCESSING AND EXPLOITATION
OverviewAfter the vital role played during thecollection portion of the intelligence cycle,when "knowing who knows" and being ableto "mix and match" niche providers ofvarying pieces of the OSINT solution isessential, it is in the processing andexploitation portion of the cycle that theOSO really makes a mark.
Open sources, just like clandestine or covertsources, require the application of humanjudgment in order to sort out the importantfrom the unimportant, the timely from the
dated, the relevant from the irrelevant, thetrusted from the untrusted. As so much ofOSINT is not in digital form, hands-onhuman translation and evaluation are themost important part of processing andexploitation.
Without a dedicated set of automation toolsto facilitate the processing of open sourceinformation, OSINT production willcontinue to be reliant upon ad hoc softwaresolutions and rigorous analytical effort.
Analysis
When working from open sources, there isconsiderable danger for the analyst to besusceptible to unwanted biases anddeception from open source authors. Whileit is never wise, nor an acceptable practice,to attribute as fact intelligence solelybecause it was received from a nationalintelligence agency, in those cases, theanalyst is able to make certain judgmentsregarding how thatagency managed itsinformation prior toreleasing its report.This is not always truefor open sources. It isessential that theanalyst remain mindfulof and determine theorigin of theinformation that hasbeen gathered and thedegree of trust that canbe assigned to it.Appendix C provides a
list of some common misperceptions andbiases.
In the production of OSINT reports, it iscrucial that the reader be aware of what isknown and what is being speculated about.The analyst should always be careful todistinguish between information and fact. Ifthe original source material is not provided
Over time and space
Channels & Borders
Of strategic value
Quantities & Distribution
Internally available for use
Volatility of sectors
Training & Maintenance
Mobility implications
Cohesion & Effectiveness
STRATEGICIntegratedApplication
OPERATIONALSelection ofTime and Place
TACTICALApplication ofFinite Resources
TECHNICALIsolatedCapabilities
Military Sustainability
Civil Allies
Geographic Location
Military Systems One by One
Climate Manipulation
Civil Power, Transport,Communications, Finance
Military Availability
Civil Infrastructure
Geographic Terrain
Geographic Resources
Military Lethality
Military Reliability
Civil Psychology
Civil Stability
Geographic Atmosphere
Figure 9 - Levels of Analysis Model
24
in full text, it is important to make referenceto it and provide an assessment of thesource’s credibility.
If at all possible, the original sourcinginformation should never be separated fromthe open source reporting. A completedescription of where the open sourceinformation was acquired, the identificationof the source, the timing of both theproduction of the open source informationand the timing of its acquisition—these allcomprise fully half the value of an OSINTproduct. Without the sourcing pedigree, theopen source substance must be consideredsuspect and of minimal value to the all-source intelligence analysts or the operations
or policy consumers being supported.
It is also helpful when processing opensource (or classified) information manuallyto have in mind a clear model of analysisthat distinguishes between military, civil,and geographic information, and alsobetween the levels of analysis—strategic,operational, tactical, and technical—for thethreat changes depending on the level ofanalysis. This also helps the analyst torecognize gaps in their collectedinformation, and the relationship betweendifferent types of information. One suchmodel is provided in Figure 10 above forillustrative purposes.
Web Site Authentication and Source Analysis
Content on the Internet continues to grow atlogarithmic rates. The Internet has becomean essential enabling element for commerce.It is also facilitating other forms of humaninteraction across borders which twodecades ago were unimaginable. Theintelligence value of information found onthe Internet is extremely variable. Thedangers of creating misleading analysisthrough the bleeding of unevaluated biasedinformation into the all-source intelligencepicture are ever present. Therefore, theOSINT analyst must take steps with eachopen source to evaluate its reliability. Thestandard criteria for evaluation of web-sitesare as follows:
Accuracy.
• Is the information that is providedconsistently accurate based on othersources? The OSINT analyst is able tocompare information provided from theweb-site with validated all-sourceintelligence. Benchmarking opensources against validated all-sourceintelligence assists in assessing thelikely accuracy of other informationcontained on the web-site to be used toaddress intelligence gaps.
Credibility & Authority.• Does the web-site clearly identify itself?
Is there merely an E-mail address or afull name, address and telephonenumber. Sam Spade (www.samspade.org)is a web service that provides variousonline tools to validate a web-site.These include diggers that trace routesused by the web-site. (See Web-siteAnalysis Guide on the following page).
Figure 10 - Web analysis tools
25
• Does the web-site demonstrate a degreeof influence? Do other media cite thatweb-site in their reporting? Has theweb-site been attacked electronically orin official government statements?
• The use of free web-hosts such asGeocities.com or Cybercafe.com oftensuggest limited financial support for theweb-site and a lack of authority in itsmessage.
• Hit-meters/Counters that note thenumber of times the web-site has beenvisited can also provide some limitedindication as to the influence of the web-site. Thought these can be misleadingand should only be used as an elementof an assessment of a site’s authority.
Currency.
• Does the web-site provide informationthat is timely or are its pages dated?Some dated information can still berelevant for less dynamic topics (e.g.trade statistics) but may be misleadingin tracking current events (e.g. presenceof insurgent activity).
Objectivity.
• Does the web-site correspond to aknown advocacy group? Does the siterepresent individuals or an organization?Does that site claim to speak for theorganization? Is that site the main web-site or a satellite web-site that representsonly a sub-element of the organization.
• To whom does the web-site link? Manysites provide a list of relevant links.These attempt to direct visitors to acommunity of interests that share similarinterests or views. An evaluation ofthose links can further illuminate theviews of the web-site authors.
Relevancy.
• Is the information contained on the web-site relevant to the question at hand?Many web-sites provide informationrelated to a particular topic but do littleto add to the understanding of the issue.Information provided can often beinteresting but not relevant to theOSINT analyst.
26
WEB SITE EVALUATION CHECKLIST
Each Internet Website of potential intelligence value must be evaluated as to itssuitability for intelligence exploitation before it is cited in OSINT reports or usedas collateral information in classified reporting. The essential questions remain:who, what, where, when and why?
1. WHO? Examine the URL first. In the page scan for names, and “about” links.
What type of domain is it? (.com / .org / .edu / .gov / .mil / country code) – Is this appropriate forthe material presented?Might it be a personal page? (use of ~ in URL often suggests this)
Who wrote it? Look for e-mail contact.Credentials? Search on author’s name.
Check source code as webpage’s author is often embedded in the code.
Who is the owner of the host server? Use WHOIS and DNS LOOKUP tools atwww.samspade.org to determine the registered owner of the website and evaluate thisinformation. Does this match earlier information gathered?
What do others say? Search to see if others cite the author or the web-site.Who links to it? In Google or AltaVista, enter the search string (link:webaddress) to
find who links to the site. Evaluate the community of interests.
Opinions of it? What do others think of this website?Found in any reliable directories? Determine if the website is contained within reliable webdirectories or web portals for the topic.
2. WHAT?
Is the material presented authentic, with sources and dates?Is data unaltered from its original source?Note: Little value can be attached to information that is either undated or unsourced.
3. WHERE?
Where does the information originate? Use www.samspade.org to conduct a TRACEROUTEsearch. TRACEROUTE will determine the path between your computer and the serverhosting the information.Is the server located where the author purports to reside? Why or why not?
4. WHEN?
How current is the information provided? Look for a last updated statement or dates onreferences.How often is the information maintained? Should it contain more recent information?
5. WHY?
What’s the page’s aim, intent?Why was it created?Who sponsor’s the page? Look for an “About us” entry.
Source: Developed from material created by Joe Barker andmaintained on server: www.lib.berkeley.edu.
27
Figure 11 - Maintaining an anonymous presence
SECTION D. SEARCHING ANONYMOUSLY ON THE WEB
Overview
While much of the OSINT cycle can beconducted openly, a robust OSINTprogramme should include a capability towork anonymously on the Internet. Despitethe fact that all information on the web isfreely available to anyone with a PC and anInternet connection, there are securitydangers in searching for it.
All Internet traffic is subject to monitoring
at virtually any point by elements external toyour organization. It would be of littlesurprise that NATO was interested ininsurgencies in the Balkans and Internetsearches on this topic would seem naturalfrom Alliance web addresses. Specificsearches on individual leaders of insurgentgroups would reveal a heightened interestand potentially reveal intentions. This sortof activity should be protected.
Being anonymous on the web may not
necessarily involve deception. It is quitepossible to surf the web without openlyidentifying your identity, purpose orintentions. This is simply a case of “I won’ttell you unless you ask.”
Before you even start surfing anonymouslymake sure you don’t leave your Internetconnection open to attack. You may take allthe precautions necessary to hide your
intentions and identity whilst surfing, but,without precautions, all the sites that youhave visited and all the information youhave downloaded is stored on your PC isavailable via your open connection, then youare vulnerable.
There is an argument for the use a firewallto stop hackers at the front door, butremember that there hasn’t been a firewallyet that wasn’t eventually cracked. The veryexpensive firewalls do a good job but it is
Elementary steps to create and maintain an anonymous WEB-Presence
Disable anything that records your activity.
If using MS Internet Explorer:• Turn off the cookies• Clean out the history folders, and• Routinely remove cached files.
Use removable storage media to save any downloaded files to.
Only use your Internet PC for surfing. Do not use the word processorfor business or personal letters.
Make sure all your connection details are anonymous.
Ensure the set up of your system is as standard as possible.
28
unlikely that you would want to spend somuch money for a simple Internetconnection. Besides if you wanted toremain anonymous on the Internet anexpensive firewall is not the way to do it. Itwould highlight the fact that you hadsomething to hide. The same argumentapplies to the cheaper firewalls. Becausethey are cheap they are also vulnerable.
Hackers know how to get in and often seeareas with firewalls as a challenge. One ofthe best means of security is to remainanonymous and look just like everyone else.By doing this, if a hacker chooses to attackyour Internet connection whilst you areonline, they would find nothing. The hackerwould probably then get bored and neverbother you again.
Leaving a Footprint
When you surf the Internet you cannot failto leave a footprint. A footprint is anelectronic signature that identifies you as aunique identity on the Internet during yourcurrent session. Most Internet ServiceProviders (ISPs) now issue a new signatureto you each time you log on to surf. Butwhilst you are surfing during a session afterlog on, every site you visit retains yourelectronic signature. If you are trying tofind information on a sensitive subject it ispossible to carry out an analysis of the sitesyou visit and the subjects you are searchingfor. It would be sensible to log off and onagain a number of times during a sensitivesearch.
Although an ISP may provide you with anew signature, part of that signature willidentify the ISP. If your organization islarge and has its own ISP this will identifyyour organization. It is always better to gothrough a civilian ISP whenever possible.
It is possible to use a number of differentISPs. These days there are a huge numberof free ISPs available. Each country has itsown list of free ISPs and details of these canbe obtained via the Internet. It is possible tohide the country from which you aresearching from by dialing up an ISP inanother country and beginning your searchfrom there. It is almost impossible for ahacker to identify which country your calloriginated from because Telecomscompanies take their personal privacyobligations very seriously.
There is one thing that may identify yourcountry of origin and that is the date andtime of your search. When you surf, thedate and time of your PC is stamped on thesearch as part of the electronic signature. Ifthis does not match your ISP time it mayindicate that you are trying to hidesomething, so make sure your PCs time isset to the time zone of the country of the ISPyou are using.
Traffic analysis
Every web site has the capability to log thenumber of visitors to its site and theelectronic signature of the visitor. Whilstyou may be able to hide your identity, youcannot hide the fact that you have visited thesite. If the number of visitors to asignificant site increases dramatically thenthis may be an indicator that there is new orrenewed interest in the subject of the site.Such a site may be set up deliberately to
identify interest, for example an obscureterrorist related site.
The way to combat this is to ensure thattrained personnel, in a central location do allsensitive searches. This will ensure thatsearches are done quickly and withoutrepetition. The security education of allpersonnel who have access to the Internet isalso a very important factor.
29
Contact with Others
There may be occasions when you may wantto communicate with others to solicitinformation. In most cases it is beneficial toexplain who you are and ask for help orinformation. There may be other occasionswhen you may not want others to knowexactly who you are or whom you work for.The reasons for this must be decided on acase-by-case basis. It is reasonably easy tocreate an anonymous persona on the web butthe following points should be noted.
It is better to employ discretion rather thandeception when soliciting information on theweb. This will be less publiclyembarrassing later and will make anexplanation of your action more reasonable.
An anonymous persona should only be usedfor occasional requests for information.Any development of a relationship using theInternet should be discouraged. This is thefield of other specialists and without propercontrol can lead to embarrassment.
SECTION E. PRODUCTION
Overview
The four main elements of OSINTproduction are listed in Figure 12. As
opposed to other intelligence disciplines,OSINT relies upon outward engagementbeyond the institutional confines of theintelligence staffs. Engagement is essentialto the successful exploitation of opensources. This requires knowledge and
understanding of information outside ofintelligence channels in order to locate andexploit the best sources of informationrelevant to an intelligence problem andengage them in a meaningful exchange.
OSINT’s four production elements will beexplained within this section. While thedegree of complexity will vary dependingupon the intelligence requirement, those fourelements will all remain applicable.
A major difference between the OSINTprocess and the traditional all-sourceintelligence process exists in how "reports"are treated. In the traditional classifiedintelligence process, reports are the end ofthe process—in the OSINT process; they arethe beginning, one of four key elements inthe interactive and consumer-orientedprocess of OSINT support.
Reports
In Chapter One, a distinction was drawnbetween OSIF, data that has been collatedtogether and is of generic interest, andusually broadcast or widely disseminatedand OSINT, information that has been
deliberated discovered, discriminated,distilled, and disseminated to a specificconsumer in order to answer a specificintelligence need.
Reports
Link Tables
Distance Learning
Expert Forums
Figure 12 - OSINT Production Elements
30
NATO OSINT specialists will haveoccasion to do both kinds, but must be veryclear in their own mind, when doing areport, as to whether it is an informationreport for general broadcast, or anintelligence report for a specific operationalpurpose.
A report should have an analytical summary.This is value-added expertise from a trainedNATO professional who has first screenedand integrated multiple elements into anunderlying framework, and then devised anexecutive summary that can stand on itsown.
Generally a Report, e.g. a report on Kosovo,will have more than one section, forinstance, sections on political, military,insurgents, health, police, and externalassistance. Each section should in turn havea short summary, no more than a paragraphin length. The section summaries can beused to create the overall report summary,but should be further distilled and notsimply strung together.
Within each section (or linked to eachsection summary if done in a web-basedformat) should be between one and five keyitems of raw information—whether atranscript from a news conference, or a wire
service release, or a commercial image, oran extract from a foreign military map.
A major difference between OSINT andother clandestine or covert sources is thatOSINT strives to provide concurrently bothanalytical value and direct access to rawmaterials. OSINT sources rarely requireprotection. Text-based products can bestored and disseminated easily by electronicmeans.
By providing the consumer (the commander,the operator, the logistician, or the all-sourceintelligence analyst) with direct convenientaccess to the best of the raw materials, theOSINT analyst is enabling the consumer todig deeper if they chose to while satisfyingthe initial RFI.
Reports should always show, on the firstpage, the date and hour at which collection(not production) was cut off, and the timeperiod in days and/or hours that the reportcovers. Reports can be organized by source(Internet, Commercial Online, GreyLiterature, and Experts) or by topic. Theyshould always identify the author and ifappropriate the reviewer of the Report, andprovide complete contact information so thatreaders may quickly ask follow-up questionsof the originator.
Figure 13 - Representative report structure
COUNTRY (e.g. Sri Lanka)
TOPIC (e.g. Economy)
DATE OF INFORMATION (e.g. 26 March 2001, 1500EST)
ANALYTICAL SUMMARY (new value-added analytic summary)
RAW INFORMATION 1 (best of 20 read sources from 200 screened sources)RAW INFORMATION 2 (best of 20 read sources from 200 screened sources)RAW INFORMATION 3 (best of 20 read sources from 200 screened sources)RAW INFORMATION 4 (best of 20 read sources from 200 screened sources)RAW INFORMATION 5 (best of 20 read sources from 200 screened sources)
31
Link Tables
Internet search engines, even recommendedmeta-search engines, have severelimitations. By some accounts, any onesearch engine will cover only 10-15% of thevisible web, and even all the search enginesworking together will overlook what isknown as the "deep web." The deep webconsists of complex sites with many levels,
many free and some by subscription, wheresearch engines are simply ineffective.While some tools such as the affordablesoftware programme Lexibot are available toassist in collection from the “deep web”,considerable time is spent in theidentification and analysis of open sourcesrelevant to the information requirement. Forthis reason, a major aspect of the OSINTsupport process is the skilled creation ofInternet Link Tables that serve as a readyreference for the commander or staff officer
who desires to rapidly scan externalinformation sources without necessarilyrequesting a report. This browsing endeavorcan often help the commander or staffprincipal reflect on their requirements andbetter articulate their next demands forfinished OSINT. An Internet Link Tableshould generally be in the form of a Table,
such as is illustrated In Table 5 above. Byusing the Word Table feature, this allows thesorting of the information based on eitherthe Rank or Weight assigned to the site, theURL or title of the site, or the descriptioncategory of the site. Over time, as variousNATO components cooperate and shareLink Tables with other allies forces such asthe various regional Joint IntelligenceCenters, a very comprehensive directory ofweb resources, one that is tailored toNATO's needs, should emerge.
Distance Learning
The Internet, while rendering a majorservice to those who would like to shareinformation efficiently and also interactinexpensively with diverse people all over
the world, has also reduced the productivityof even experienced personnel. Constantinterruptions and distractions throughdiversions to less important information are
Ranking Link Source10 http://allafrica.com/libya/ All Africa News – Libya – Up-to-date news on Libya, in
English and in French.10 http://memory.loc.gov/frd/cs/lytoc.html Library of Congress Libya Country Study – Excellent, in-
depth country study10 http://members.aol.com/LibyaPage/ Libya Resources on the Internet – Excellent, comprehensive
site, includes news, Qadhafi info, maps and satellite photos,military and intel, etc.
10 http://www.un.int/libya/ The Permanent Mission of Libya to the UN Website –Includes press releases & statements, ambassador’s remarksand links.
10 http://www.nfsl-libya.com/ The National Front for the Salvation of Libya - The NFSL isan opposition movement against the dictatorial regime ofQadhafi in Libya, and was formed in October 1981.
8 http://www.libyamazigh.org/ Libyan Amazigh site. Contains info on Libya’s Amazigh(Berber) culture, language and history.
8 http://www.libyaonline.com/index.html Libya Online Website – Contains basic facts about Libya,tourism, business, arts, literature and sports.
Table 5 - Example of Internet Link Table
32
core factors. For this reason, there is anurgent need for Distance Learning moduleson all countries and topics that are of interestto NATO. The objective is to ensure that allnew personnel, and especially new actionofficers, have an online resource that canserve as a sophisticated turnover file andreference point. This is also a place whereunclassified biographic information can bemade available, and where annual reviewsof each country or topic can be placed.
The U.S. Pacific command initiative knownas the Virtual Information Center is an goodexample of this process. It can be accessedat www.vic-info.org.
Figure 14 - Homepage of US PACOM OSINTCentre
Expert Forums
A number of software programs exist withwhich to manage a variety of ExpertForums, including private teams with theirown newsletters, calendars, and automatedemail alerts whenever new information isposted. One of the most popular is the AltaVista Forum. One of the newest, withpowerful security features, is offered byGroove Inc. (www.groove.net) and representsthe emerging shift in communications andcomputing power away from centralizedserver farms toward what is known as "peerto peer" edge units.
Expert Forums can be internal, external, orsome combination of the two. Once expertshave been identified, they may be invited tojoin the Expert Forum sponsored by anyNATO element. This should be done withthe understanding that they will contributetheir time and insights on an occasionalbasis, in return for being granted access tothe OSINT being produced by the NATOelement sponsoring the Expert Forum. Sucha forum can also be a place where individualexperts "audition" for short-term consultingcontracts and where the biographies ofavailable efforts can be made available foranonymous review by potential NATOemployers.
Expert Forums should consist of severalparts, all of them of potentially great valueto the NATO OSINT process. First, while itis possible to register anonymously for aforum, the greatest value comes from anopen registration that includes a photo,biographic note, and complete contactinformation. Second, the forum will quicklyself-organize, with a variety of topics towhich an individual can not only contributeobservations, but to which they can uploaddocuments, images, even video. Theflexibility and scalability of these forumscannot be overstated—but they do have onemajor flaw: at this time, it is not possible toapply visualization or other technologies tothe varied contents of a forum—each itemmust be copied down to a master databasefirst.
Soon the technology will be available toindex and abstract all informationcontributed to a forum, at which time thebest of all worlds will be available:distributed experts able to cast a wide net,and a centralized "banking" function forinformation freely contributed by variousparties. Third, the forum permits the rapidorganization of private working groups, andoffers calendar, newsletter, and other
33
TIMEIMPACTSHORT
TIMEIMPACT
LONG
MULTI-CULTURAL &TRANS-NATIONAL
EQUITIES
SINGLE-CULTURESINGLE-ORGANIZATION
EQUITIES
LEADERSDECIDE
PEOPLEDECIDE
TOP-DOWNCOMMAND & CONTROL
SECRETSOURCES & METHODS
BOTTOM-UPINFORMATION-SHARING
OPENSOURCES & METHODS
OBVIOUS DETAIL
OBSCURE DETAIL
OLD
NEW
Figure 15 - Emerging Paradigm for Information Sharing
coordination features. Fourth and last, theforums can provide an automatic email alertto any member whenever new information is
posted to a topic of interest to them,relieving them of the need to constantlycheck the forum site.
SECTION F. DISSEMINATION AND EVALUATION
Overview
The major difference between OSINT andthe other intelligence disciplines is that thelatter are inherently classified: OSINT canbe shared with anybody that the commanderdeems appropriate, without having torequest security or political clearances.
This makes it extraordinarily valuable innon-article V operations as well as indealing with civil sector coalition partners—including NGO that traditionally distrust themilitary in general and intelligenceprofessionals in particular. OSINT hasbecome even more valuable in the 21st
Century, as there has been a major change inthe over-all C4I paradigm.
As NATO continues to evolve and transformitself in response to the many newchallenges, the importance of OSINT willcontinue to evolve. These new challengesinclude non-traditional non-militarychallenges requiring coordinated action withnon-governmental and humanitarian relieforganizations.
OSINT appears to offer a very substantialadvantage as a prime intelligence source andmethod with which to achieve consensusand a common understanding of the sharedarea of operations.
34
Dissemination Methods
Once open source information has beendeveloped into OSINT, it can bedisseminated via the NATO WAN in a"push" mode, or it can be "pulled" off ondemand.
The limitations placed on its disseminationare based on the security policies of theorganization producing it. While someOSINT products may be shared openly,others may provide details of interests orintentions and should therefore be restrictedin their dissemination. The disseminationpolicy should be driven by the missionrequirements. The approach shouldnonetheless be flexible to fully leverage theability that the production of OSINTproducts provides for the engagement ofnon-NATO elements in security discussionsor the development and dissemination of acommon view of the operating area.
Within the NATO Intelligence Architecture,options exist for the dissemination ofOSINT products via the classified NATOWAN or directly through the Internet. Theadvantages of the NATO WAN are thedirect access afforded to the operations andpolicy staffs at all levels, including deployedunits, as well as the security afforded by theuse of a classified system. The principaldisadvantage of the NATO WAN forOSINT dissemination is the necessaryseparation of the products from their sourcematerial. Without a direct linkage betweenan OSINT product and the sources of
information, the recipient is less able to drilldeeper for additional information, reach theoriginal author, or further evaluate theoriginal sources of the information.
Another option is the use of a Virtual PrivateNetwork (VPN). A VPN is a restrictedcommunity of interest that communicates onthe Internet but use security safeguards tolimit the access from others who are notmembers. By using a VPN, OSINTproducts can be accessed safely and withworking links directly to the original sourcematerial. Link tables can also be maintainedthat enables the rapid collection ofinformation. Other OSINT centres withinNATO member countries have direct accessto the Internet; few have access to theNATO WAN. A VPN provides the meanswith which to exchange OSINT productswith other OSINT centres across NATO.Finally, the use of a VPN provides themeans with which to disseminate OSINTproducts with non-NATO elements such asNGOs and other international organizationsas mission requirements demand.
For these reasons, exploring the feasibilityand desirability of a VPN to support theNATO OSINT Initiative remains a priority.SACLANT has begun a trial VPN with theU.S. Open Source Information System(OSIS) to examine the viability of linkingNATO OSINT production centres with U.S.OSINT holdings.
Virtual Intelligence Community
The NATO OSINT initiative is the firstmajor multi-national OSINT initiative everundertaken. While there is much still tolearn from those member nations thatadopted OSINT as an independent disciplinein the 1990's, as well as from the emergingbusiness intelligence community (such asrepresented by the Society of CompetitiveIntelligence Professionals at www.scip.org),
it is NATO that is leading in theestablishment of formal doctrine and tablesof organization and equipment specificallyearmarked for OSINT. It is helpful, incontemplating this activity, to understandthat there is a substantial but still fragmentedcommunity of interests with whom NATOcould co-develop many OSINT initiatives.This community is illustrated in Figure 16.
35
Policy Intelligence
MilitaryIntelligence
LawEnforcementIntelligence
CoalitionIntelligence
Business Intelligence/OSINT
Mass & Niche Media Intelligence
Citizen Intelligence--Intelligence “Minuteman”
Basic, Advanced, & Corporate Education
Figure 16 - Elements of a virtualintelligence community
As commanders and their staff evaluate theirneeds for OSINT, and new methods as wellas budget deficiencies, SCs and subordinatecommands should seek to establish aconstant process of interactive liaison witheach of the elements of the "virtualintelligence community" shown here. In thisfashion, NATO intelligence could benefitfrom a greater OSINT effort that cuts acrossbureaucratic and cultural boundaries, andleads to improved cost efficiencies and newforms of information sharing.
36
CHAPTER IVOSINT AND THE EMERGING FUTURE INTELLIGENCE
ARCHITECTURE OF NATO
SECTION A. BLENDING OSINT INTO THE ALL-SOURCEPROCESS
Overview
Apart from the importance of OSINT as ameans of establishing consensus and acommon view with external parties aboutthe shared area of operations, OSINT isabsolutely vital to the all-source intelligenceprocess. OSINT provides the historicalbackground information, the currentpolitical, economic, social, demographic,technical, natural, and geographic contextfor operations, critical personality
information, and access to a wide variety oftactically useful information aboutinfrastructure, terrain, and indigenousmatters. The relationship between OSINT,the traditional collection disciplines, and all-source analysis is shown in Figure 17.
Cracks are shown in the OSINT foundationto emphasize that this vital element of theall-source intelligence process has been toolong neglected. Following the publicationof the Alliance’s Strategic Concept in April1999, OSINT is even more important.NATO, along with other internationalorganizations, is now striving to understandethnic conflict, water and food scarcity,mass migrations, the collapse of public
health across entire continents, transnationalcrime, and all of the small wars—and thepotential threat of large wars—that remain atraditional responsibility. OSINT can andshould be integrated into every aspect of theall-source process, from collection throughproduction.
HUMINT
SIGINT
IMINT
MASINT
ALL-SOURCE ANALYSIS
OPEN SOURCE INFORMATION
OPEN SOURCE INTELLIGENCE
Figure 17 - Open Source - All-Source relationship
37
Nations and NATO commands differfundamentally in their approaches towardsOSINT. Both begin with intelligence needsthat lead to the generation of intelligencerequirements. The approaches diverge atthat point. While nations may use OSINT toguide classified collection, NATO rarely hasclassified collection means beyond thetactical level and those assets are largelyrestricted to theatres in which forces arealready deployed.
NATO commands can use OSINT-V tosatisfy intelligence gaps for a large numberof its intelligence needs. While nations areable to turn to classified intelligence
collection, NATO can and should use theOSINT process described as the first step inits collection process. Too often, NATOcommands have defaulted to sending RFIsto nations rather than seeking first to address
their intelligence requirements themselves.The range of open sources now within reachof NATO intelligence staffs provides otheroptions.
The new Strategic Concept articulated avision for the Alliance that is largelyfocused on non-traditional operating areasand transnational threats. The intelligenceservices of the NATO member countries arealso struggling to deal with a similarproblem set. These areas and interests,while not well covered by traditionalintelligence production are well addressed inopen sources. Rather than relying solelyupon nations for intelligence products,
NATO intelligence staffs should developtheir own network of open sources as thestarting point for the compilation of theirintelligence assessments.
Alternative ParadigmsNATIONAL APPROACHNATIONAL APPROACH
CLASSIFIEDCLASSIFIEDCOLLECTIONCOLLECTION
INTELLIGENCEINTELLIGENCECOLLECTIONCOLLECTIONTO FILL GAPS IN UNCLASTO FILL GAPS IN UNCLASKNOWLEDGEKNOWLEDGE
OPENOPENSOURCESOURCE
OPENOPENSOURCESOURCECOLLECTIONCOLLECTION
OPEN SOURCEOPEN SOURCECOLLECTIONCOLLECTIONTO FILL GAPS IN INTELTO FILL GAPS IN INTELREPORTINGREPORTING
NATO APPROACHNATO APPROACH
NATIONALNATIONALINTELINTEL
CONTRIBUTIONSCONTRIBUTIONS
INFORMATION REQUIREMENTSINFORMATION REQUIREMENTS INFORMATION REQUIREMENTSINFORMATION REQUIREMENTS
Figure 18 - Alternative Paradigms between NATO and National OSINT Approaches
38
Direction
Open information sources are as easy forNATO leadership to access as they are fortheir intelligence staffs. No longer areintelligence staffs in a position to regulatethe flow of relevant information to thecommander or his staff. Virtually alldecision-makers make regular use of open
sources to varying degrees. Knowledge ofthose sources routinely consulted by thestaff principals is an important means withwhich to stay ahead of their intelligenceneeds.
Rather than attempting to stem the use ofopen sources by the commander or his staff,an effective OSINT effort facilitates it.Intelligence staffs at both StrategicCommands (SCs) have access to specializedinformation retrieval tools and commercialsources. In addition, both SCs are in a
position to provide training and advice onthe effective retrieval of information fromopen sources. An OSINT process shouldinclude the provision of validatedinformation sources for each issue thataffects the command. The provision of LinkTables as well as quality assessments of
other information sources is an essentialOSINT product.
Typically, informed decision-makers makereasoned requests for intelligence. Whilenot always the case, this statement generallyholds true. With an appreciation for what iswidely known, intelligence users will tend torestrict their requests to that informationwhich they do not already have available tothem.
OSINT can support the direction phase of an
RESOLUTIONRESOLUTION
CONFLICTCONFLICT
ESCALATIONESCALATION
EMERGINGEMERGING
NORMALNORMAL
TRACK POLICY IMPLIMENTATION
REAL-TIME INFO TO UNITSRAPID SUPPORT TO PUBLIC AFFAIRSNON-NATO INTEL DISSEMINATION PRODUCTS
FASTER DELIVERY OF PRODUCTSENHANCED SEARCHINGINCREASED DETAIL ON TARGET ISSUE
ALERTSUNDERSTANDING OF THE CONFLICTSUPPORT TO PUBLIC MEDIA CAMPAIGN
DETAILED ACCURATE INFORMATIONCONSISTENT REPORTINGSECURITY RELATED ALERTS
CONFLICT STAGEINTEL USERS UNIQUE OSINTREQUIREMENTS
INTELLIGENCE STAFFSPOLICY STAFFS
POLITICAL LEADERSHIP
PUBLIC AFFAIRS
OPERATIONALFORCES
Figure 19 – Unique OSINT Requirements across the Conflict Spectrum
39
all-source intelligence effort throughdiscovery of an issue or providing contextwith which to understand issues.
The intelligence problem varies dependingon the nature of the issue being addressed,which elements of the staff are engaged andwhat degree of information is required.Figure 19 shows a representative range ofinformation products that a robust OSINTcapability can provide.
Assuming an OSINT capability is in place inadvance of a crisis, it is likely that theleadership will have had access to qualityopen source products prior to the onset of
mission requirements. In that case informedRFIs can be expected. If there is nofamiliarity with the issue, decision-makerscan be directed to either established OSINTproducts or open sources of information thatcan be made available through access to aninformation portal such as a VPN of anothernetwork. Finally, an OSINT collectioneffort can be initiated to quickly producerelevant background information. Thisimmediate OSINT effort will quicklyestablish what is easily known about thesubject and guide the priorities for classifiedcollection and all-source production.
Collection
Within the intelligence cycle, the collectionphase includes the translation of theintelligence need into a collectionrequirement, the definition of a collectionstrategy, the selection of the collectionsources and the actual informationcollection. Open sources should be the firstrecourse in the collection process. OSINTsaves money in reducing unnecessaryclassified collection. In a NATO context, itsaves time as RFIs to nations requiresufficient lead-time for them to be properlyaddressed.
While open source information is not free,the costs pale in comparison to those of theclassified collection disciplines. If opensources can be collected to produce anOSINT product that addresses completely orto a large degree the intelligence need,classified collection resources can be moreeffectively deployed elsewhere.
While nations have classified collectioncapabilities, these are expensive and mustalways be used wisely. NATO has notasking authority over national intelligencecollection capabilities. Its reliance uponintelligence contributions from nationsmakes it incumbent upon its intelligencestaffs to know what can be known without
technical collection.
Open sources have always been used byintelligence organizations. Open sourceshave typically been referred to as collateralreporting. In fact, all single sourceintelligence disciplines refer to informationprovided by another intelligence disciplineas collateral reporting.
However, when this collateral reporting ismaintained with a systematic disciplinedapproach as discussed in this OSINTManual, the “collateral” grows in its ownutility. Instead of being acquired once andused by one intelligence element, it isacquired once and applied across a broaderrange of the intelligence process fromstreamlining collection to increasingdissemination.
OSINT’s four main contributions toclassified collection are: tip-off for classifiedsources; targeting of those sources; contextand validation to better understand materialcollected from classified sources, and;providing plausible cover to protect theclassified source.
40
Tip-off.
• Open sources are particularly well suitedto providing tippers for other collectiondisciplines. The reduction in thenumber of denied areas since the end ofthe Cold War and the advent of cheapinternational transportation options haveenabled greater media access than everbefore. Internet NEWSGROUPS, wireservices and other traditional print andbroadcast media are all within the reachof anyone.
• The Internet remains a primary meanswith which to gain access to thesesources. While traditional print andbroadcast media are restricted in theamount of information that they canprovide, the Internet has providedvirtually limitless disseminationcapabilities for information producers.Rather than the editor’s selection ofstories, the Internet provides the meanswith which to gain access to all storiesfiled with all of the wire servicesdepending on the degree of access that ispurchased.
• A number of services provide newsalerts that are either free of charge orlow cost. Non-traditional sources ofinformation include those who witnessimportant events and who post messageson the Internet about what they haveseen. While prone to disinformation,this is another source of information thatmust be evaluated like all others. Thosewho witness an event and publish on-line or forward emails to theircommunities of interest can provide thefirst indication of an event even beforemedia publication.
Targeting.
• While OSINT will often be able toaddress elements of an intelligenceproblem quickly and efficiently, OSINTwill never invalidate the need for
classified collection capabilities.
• When intelligence gaps can beaddressed without the need to taskclassified collection sources overalldemand upon limited collectionresources decreases. This permitsconcentration of effort on those issuesthat can only be discovered throughclassified collection.
• This model of complementary collectionpermits both open and classified sourcesto be optimized for a particularintelligence problem, while at the sametime, affording the all-source analyst theability to use the classified collectionproducts to validate the OSINTproducts.
Context/Validation.
• Supplemental open source reporting canprovide the means with which to placeclassified reporting into context.Classified reporting, particularly currentintelligence reporting, often fails toprovide the necessary backgroundinformation with which to tailor theinformation to the needs of the recipientor to explain the nuances of thesituation.
• While imagery can provide knowledgeof ships alongside piers, additionalinformation from open sources canprovide an understanding of the cargothat the port handles or the schedule ofthe ship. Similarly, UN reporting onagriculture production shortfalls in aparticular country will give insight intopopulation movements detected withnational technical means.
Plausible Cover.
• OSINT is particularly useful inprotecting classified sources andmethods. The discovery of an opensource that corroborates classified
41
Figure 20 - Commercial imagery of San Diegonaval base
reporting may increase the releasabilityof the initial information by providing aplausible alternate source. This also hasapplicability to the staffing of requestsfor the sanitation of classified reporting.
• A thorough understanding ofinformation that is available inunclassified channels facilitates thediscovery of plausible alternate sourcesto classified intelligence reporting. Thisultimately increases the ability ofintelligence staffs to release intelligenceinformation to non-NATO elementswithin missions.
ProcessingThe objective of intelligence processing isthe creation of an intelligence product that isvalue-added, actionable information tailoredto a specific user. All-source analysis withits fusion of all relevant and validatedsources of information remains the bestmeans to convey intelligence to the user.This process includes both classified andOSINT reporting as appropriate. In mostcases, NATO will serve as one element ofan international crisis response. Experiencehas shown that these operations likelyinclude the leading of a broader coalitionalongside non-NATO troop contributingnations (NNTCNS). The processing ofintelligence products to support theinformation needs of both the NATO-ledforce and the international responseelements is greatly enhanced with a robustOSINT capability.
Intelligence products can be prepared with atear-line – classified intelligence restrictedin its dissemination above the line andsanitized information that can be morebroadly disseminated below the line.
OSINT–V products can be producedspecifically tailored for the broader coalition
audience but validated by the all-sourceprocess. During actual operations, the needto disseminate to non-NATO elementsincludes not only their operational forces,but also their political liaison elements atNATO headquarters in Brussels.
The maintenance of information sources thatcan be disseminated outside of NATOchannels can often prove essential to bothestablishing a common view of the operatingarea and initiating an exchange with otherentities that can contribute to theunderstanding of an issue.
Figure 21 - Nature of international operations
42
Dissemination
As stated earlier, OSINT is itself optimizedfor dissemination through VPNs. Thisenables ready access to the original sourcematerial, direct interaction with other relatedopen sources and access to other OSINTproducers.
The dissemination of OSINT products asstand-alone intelligence products onclassified systems should also beencouraged. OSINT as either stand aloneproducts or as collateral reporting adds tothe body of knowledge on a particular issue.Intelligence staffs at all levels should be ableto benefit from the effort put into theirproduction. It is rare that all subordinatecommands will have access to everyintelligence system. Thus, efforts should bemade to ensure that products are availableon all intelligence dissemination systems assecurity constraints permit.
Typically, the lower the classification of anintelligence product the wider is its uses. Ifdecision-makers are able to leave theiroffices with an intelligence product, it ismore likely that it will receive undisturbedattention. OSINT products provide themeans to place high quality low-classification or unclassified products in thehands of intelligence users. This is onlypossible if they are disseminated on systemstypically used to deliver other forms ofintelligence.
The objectives of a robust OSINT capabilityshould be to increase the range ofinformation available to intelligence usersand to facilitate interaction with non-NATOelements as appropriate. The disseminationoptions developed should seek to achievethese two objectives.
43
APPENDIX A: GENERAL REFERENCE LINK TABLEMaps:
World Ports http://www.world-ports.com/United Nations http://www.un.org/peace/kosovo/pages/kosovo1.shtmlCIA World Factbook http://www.odci.gov/cia/publications/factbook/indexgeo.htmlQuick Maps http://www.theodora.com/maps/abc_world_maps.htmlCNN Video Select http://europe.cnn.com/video/netshow/The Place For Maps http://www.maps.com/?AID=41160&PID=186662Map Quest http://www.mapquest.com/Expidia.com http://www.expedia.com/pub/AgentMedia Maps.com http://media.maps.com
News:
NBC Daily http://www.nbc.com/Bloomberg http://www.bloomberg.comMSNBC http://www.msnbc.comCNN Videoselect http://europe.cnn.comFox News http://www.foxnews.comBBC Monitoring http://news.monitor.bbc.co.uk/BBC NEWS http://news.bbc.co.uk/CBS NEWS http://www.cbs.com/daytime/bb/show_update/update.shtmlCNBC Dow JonesBusiness Video http://cnbcdowjones.com/msnbcCNET Today http://news.cnet.comABC News http://abc.go.comCNN http://www.cnn.comThe Sunday Times http://www.information-britain,co.uk/news.sundaytimes.htm"News Now 1401 http://www.newsnow.co.uk/MSN News http://www.msn.comReal Radio http://realguide.real.com/tuner/?ABCNews http://abcnews.go.com/Business Journal http://business.netscape.com/business/main.tmplFox News http://www.foxnews.com/International News http://www.internationalnews.com/AJR News Link http://ajr.newslink.org/ITN News British http://www.itn.co.uk/The World News http://www.theworld.org/Out There News http://www.megastories.com/index.shtmlCNN International http://europe.cnn.com/CNNI/The Times http://www.thetimes.co.uk/LA Times http://www.latimes.com/Jerusalem Post http://www.jpost.com/Belfast News http://www.belfasttelegraph.co.uk/index.shtmlThe Washington Post http://www.washingtonpost.com/South China Morning Post http://www.scmp.com/The Japan Times http://www.japantimes.co.jp/Yahoo http://www.yahoo.comThe CNET Channel http://channel.cnet.com/Channel/Intro/index.htmThe Wall Street http://interactive.wsj.com/ie4intro/index.htm
Conflict:
United Nations HighCommission For Refugees http://www.unhcr.orgWeapons OfMass Destruction http://www.fas.org/irp/threat/wmd_state.htmTerrorism Research http://www.terrorism.com/index.shtml
44
Counter Terrorism http://www.state.gov/www/global/terrorism/Intelligence Net http://www.intellnet.comFederation of American Scientist http://www.fas.orgWar Information http://www.psycom.net/iwar.1.htmlChina's Military Developments http://www.commw.orgKosovo Info http://perso.respublica.fr/infokosovo/Institute for GlobalCommunications http://www.igc.orgAnti War Home Page http://www.nonviolence.org/archivedsites/iraq/Missle, Threats & Response http://www.cdiss.org/tempor1.htmModern Day Piracy http://www.geocities.com/Tokyo/Garden/5213/modern.htmKORB Marine Links http://www.pg.gda.pl/~korab/kor_lnk.htmlPiracy Centre http://www.iccwbo.org/ccs/menu_imb_piracy.aspThe Panama Canal http://www.pancanal.com/eng/index.htmlRoyal Australian Navy Sites http://www.navy.gov.au/html/links.htmRoyal Navy Association http://www.royal-naval-association.co.uk/page6.htm
Regional Information:
CIA World Factbook http://www.odci.gov/cia/publications/factbook/indexgeo.htmlGeo Spatial Information http://www.geoplace.com/Geographic Learning Site http://geography.state.gov/htmls/plugin.htmlAssociation For GeographicalInformation http://www.agi.org.uk/Salam Iran http://www.salamiran.org/IranInfo/General/Geography/Limes Geo review http://www.limesonline.com/doc.navigation
Reference:
Britannica http://britannica.com/Dictionary http://Dictionary.comEvery Rule http://Everyrule.comFBIS http://199.221.15.211/Central Intelligence Agency http://www.cia.gov/Indian Naval Review http://www.janes.com/defence/naval_forces/galleryBureau for International Narcoticsand Law Enforcement Affairs http://www.state.gov/www/global/narcotics_law/Archive Site for StateDepartment information http://www.state.gov/index.htmlNaval Technology http://www.naval-technology.com/index.htmlJanes Naval Forces http://www.janes.com/defence/naval_forces/index.shtmlEncyclopedia http://Libraryspot.comWorld Fact Book http://Worldfactbook.comThe Intelligence Community http://www.odci.gov/ic/One World http://www.oneworld.net/Yahoo http://www.yahoo.comLloyds List http://www.lloydslist.comAsk Oxford http://www.askoxford.com/(WMD) Weapons Of MassDestruction http://www.fas.org/irp/threat/wmd_state.htmIncident Response http://www.llnl.gov/nai/rdiv/rdiv.htmlConference ForMiddle East Peace http://www.cmep.com/
45
APPENDIX B: TRAINING LINK TABLE
Below are a few of the essential references that are available online. Please note that theNATO guide Intelligence Exploitation of the Internet is also available online at theSACLANT Intelligence homepage on the NATO WAN. This publication is regularlyupdated with the best resources available to guide in the use search strategies and tools toexploit open sources available on the Internet. The Open Source Intelligence Proceedingsinclude over 5,000 pages from over 500 international authorities including the (then)Director General of the International Red Cross and many other European and Asianexperts, and comprise the "information commons" on the state of the art for open sourceintelligence.
OSINT Presentation to SHAPE/PfP Flags http://www.oss.net/Papers/white/SHAPE.pptInformation & Intelligence Bibliography http://www.oss.net/Papers/white/23-
BibliographyAnnotated.rtfEight Self-Paced OSINT Lesson Plans http://www.oss.net/DispFrame.html?Papers/training/in
dex.htmlCreating an OSINT Cell (DIA Report) http://www.oss.net/DispFrame.html?Papers/white/DI
AReport.htmlBusiness Intelligence Primer (1994) http://www.oss.net/DispFrame.html?Papers/white/TH
ETHEORYANDPRACTICEOFCOMPETITORINTELLIGENCE.html
Open Source Intelligence Proceedings http://www.oss.net/Proceed.htmlIndex to OSINT Proceedings http://www.oss.net/Papers/white/index.rtfOSINT and the Military http://www.oss.net/Proceedings/95Vol1/aab0aw.htmlCanadian Intelligence Studies http://www.sfu.ca/igs/CASIS/Come Back Alive "Ground Truth" www.comebackalive.com/df/index.htmFuture of Intelligence www.future-intel.itHistory of Intelligence http://intelligence-history.wiso.uni-erlangen.deIntelligence Resource Program http://www.fas.org/irp/index.htmlLinks to International Media http://www.esperanto.se/kiosk/index.htmlLiterature of Intelligence http://intellit.muskingum.eduOpen Directory Project http://dmoz.org/Strategic Intelligence http://www.loyola.edu/dept/politics/intel.htmlForm for Evaluating the Value of Web Pages http://www.lib.berkeley.edu/TeachingLib/Guides/Inter
net/EvalForm.pdfInternet Training Course by Russ Haynal http://navigators.com/fbis.htmlBerkeley University Tutorial for FindingInformation on the Internet
http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/FindInfo.html
Search Techniques for the Invisible Web http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/InvisibleWeb.html#Table
Techniques for “Searching Upstream” http://websearch.about.com/library/weekly/aa061101a.htm?once=true&
47
APPENDIX C: CATEGORIES OF MISPERCEPTION AND BIASEvoked-Set Reasoning: That information and concern, which dominates one's thinking based on priorexperience. One tends to uncritically relate new information to past or current dominant concerns.
Prematurely Formed Views: These spring from a desire for simplicity and stability, and lead to prematureclosure in the consideration of a problem.
Presumption that Support for One Hypothesis Disconfirms Others: Evidence that is consistent withone's preexisting beliefs is allowed to disconfirm other views. Rapid closure in the consideration of an issueis a problem.
Inappropriate Analogies: Perception that an event is analogous to past events based on inadequateconsideration of concepts or facts or irrelevant criteria. Bias of "Representativeness".
Superficial Lessons From History: Uncritical analysis of concepts or event, superficial causality, over-generalization of obvious factors, inappropriate extrapolation from past success or failure.
Presumption of Unitary Action by Organizations: Perception that behavior of others is more planned,centralized, and coordinated than it really is. Dismisses accident and chaos. Ignores misperceptions ofothers. Fundamental attribution error possibly caused by cultural bias.
Organizational parochialism: Selective focus or rigid adherence to prior judgments based onorganizational norms or loyalties. Can result from functional specialization. Groupthink or stereotypicalthinking.
Excessive Secrecy (Compartmentation): Over-narrow reliance on selected evidence. Based on concernfor operational security. Narrows consideration of alternative views. Can result from or causedorganizational parochialism.
Lack of Empathy: Undeveloped capacity to understand others' perception of their world, their conceptionof their role in that world, and their definition of their interests. Difference in cognitive contexts.
Mirror-Imaging: Perceiving others as one perceives oneself. Basis is ethnocentrism. Facilitated by closedsystems and parochialism.
Ignorance: Lack of knowledge. Can result from prior-limited priorities or lack of curiosity, perhaps basedon ethnocentrism, parochialism, and denial of reality, rational-actor hypothesis (see next entry).
Rational-Actor Hypothesis: Assumption that others will act in a "rational" manner based on one's ownrational reference. Results from ethnocentrism, mirror imaging, or ignorance.
Denial of Rationality: Attribution of irrationality to others who are perceived to act outside the bounds ofone's own standards of behavior or decision making. Opposite of rational-actor hypothesis. Can result fromignorance, mirror imaging, parochialism, or ethnocentrism.
Proportionality Bias: Expectation that the adversary will expend efforts proportionate to the ends heseeks. Interference about the intentions of others from costs and consequences of actions they initiate.
Willful Disregard of New Evidence: Rejection of information that conflicts with already-held beliefs.Results from prior commitments, and/or excessive pursuit of consistency.
Image and Self-Image: Perception of what has been, is, will be, or should be (image as subset of beliefsystem). Both inward-directed (self-image) and outward-directed (image). Both often influenced by self-absorption and ethnocentrism.
46
47
Defensive Avoidance: Refusal to perceive and understand extremely threatening stimuli. Need to avoidpainful choices. Leads to wishful thinking.
Overconfidence in Subjective Estimates: Optimistic bias in assessment. Can result from premature orrapid closure of consideration, or ignorance.
Wishful Thinking (Pollyanna Complex): Hyper-credulity. Excessive optimism born of smugness andoverconfidence.
Best-Case Analysis: Optimistic assessment based on cognitive predisposition and general beliefs of howothers are likely to behave, or in support of personal or organizational interests or policy preferences.
Conservatism in Probability Estimation: In a desire to avoid risk, tendency to avoid estimatingextremely high or extremely low probabilities. Routine thinking. Inclination to judge new phenomena inlight of past experience, to miss essentially novel situational elements, or failure to reexamine establishedtenets. Tendency to seek confirmation of prior held beliefs.
Worst-Case Analysis (Cassandra Complex): Excessive skepticism. Reflects pessimism and extremecaution, based on predilection (cognitive predisposition), adverse past experience, or on support of personalor organizational interest or policy preferences.
Source: Lisa Krizan. Intelligence Essential for Everyone. Washington D.C. Joint Military IntelligenceCollege, June 1999.
47
APPENDIX D. LIST OF ABBREVIATIONS
AIIB – Association of Independent Information BrokersAOO - Area of OperationsAPI - Application Program InterfacesBBC - British Broadcasting CorporationCOSPO - Community Open Source Program OfficeEEI - Essential Elements of InformationFBIS - Foreign Broadcast Information ServiceICRC - The International Committee of the Red CrossISPs - Internet Service ProvidersMCCIS – Maritime Command and Control Information SystemNATO - North Atlantic Treaty OrganizationNDA - Non-Disclosure AgreementsNGO - Non-Governmental OrganizationNNTCNS - Non-NATO troop contributing nationsOPSEC - Operational SecurityOSIF - Open Source InformationOSINT - Open Source IntelligenceOSO - Open Source OfficersPfP - Partnership for PeaceRFI - Requests for InformationSACEUR - Supreme Allied Commander, EuropeSACLANT - Supreme Allied Commander, AtlanticSAR - Synthetic Aperture RadarSC - Strategic CommandsSCI - Science Citation IndexSME - Subject-Matter ExpertsSSCI - Social Science Citation IndexSTN - Scientific and Technical NetworkUN - United NationsVPN- Virtual Private NetworkWEU - Western European Union
48
47
FEEDBACK
This manual is intended to be a living document. It represents the first attempt by NATOto place OSINT within the broader context of intelligence efforts. The intention is tosubject this publication to regular review and updating to reflect new sources andmethods for open source exploitation.
As such, feedback is welcome in any form. Comments, amendments, additions or errorscan be reported either with the form below or via email to [email protected].
Name: __________________________________________
Parent Command: _________________________________
Telephone number: ________________________________
Email address: ____________________________________
Comment:________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
Fax to: HC-310SACLANT Intelligence BranchNorfolk, VA757-445-3572
49
