By Dougal Robertson
This article appeared in the November-December 2019 issue of ADBR
Defence industry and the military must embrace and exploit new and emerging information-gathering techniques to keep abreast of rapid technological change. The effective use of open source intelligence can provide a competitive edge if effectively prioritised, tasked and managed.
In July 2014 Ukrainian separatists shot down a civilian Malaysia Airlines Boeing 777, MH-17 over eastern Ukraine while it was flying from Amsterdam to Kuala Lumpur. In the confused aftermath, Russian government and intelligence services denied and attempted to disguise the involvement of Russian military personnel in the catastrophe.
Initial investigations by the Dutch Safety Board struggled to gain access to the area where the aircraft had been destroyed, and little credible information was available on the cause of the crash. Shortly after, a small website supported by citizen journalists began to establish the facts surrounding MH-17.
The UK-based investigative website Bellingcat identified and tracked the 9K37 Buk-M1 (NATO reporting name SA-11) surface to air missile (SAM) system from its garrison located in Russia to the eastern Ukraine, located the field where the missile was launched from, and identified suspects involved in the incident. The conclusions published by Bellingcat pre-empted the findings of the criminal investigation led by the Dutch Ministry of Justice – and were all drawn from publicly available information.
Widespread publicity surrounding Bellingcat’s findings – helped in some measure by the unsophisticated Russian counter-factuals put onto the internet – identified open source information as a credible intelligence source for business and governments.
In parallel with the exponential growth of internet-connected devices over the last decade, open source intelligence, or OSINT has become synonymous with social media aggregation and internet data-mining. Vendors and companies now specialise in the aggregation and filtering of ‘user analysis’, or the depiction of network structures.
But what has been sidelined as internet research becomes automated and focused on ‘big data’, is the traditional, or capabilities-based assessment, provided through a functional application of open source intelligence across multiple data points.
WHAT IS OSINT?
Open source intelligence is information gained for advantage through publicly available or ‘open’ sources. Open source information is obtained using ethical means; that is, not through the use of agents, or controlled, or compromised sources.
Before the rise of signals intelligence, or SIGINT in the mid-20th century, OSINT was simply ‘intelligence’. For example, Rudyard Kipling’s Kim (and even George MacDonald Fraser’s Flashman) were tasked with describing and assessing the capabilities of the various tribes of Afghanistan, and determining the intentions and expectations of Imperial Russia and Germany. They received their priorities from the government and military, collected information, and turned this into intelligence by selecting or removing specific data points, processed what they received and prepared reports, added their assessment, and disseminated the report back to customers in Peshawar, Delhi and London.
This was the intelligence cycle in action, describing military and political facts, assessing capabilities and attempting to understand intentions. Until the rapid growth of technical collection, intelligence was largely seen as an art. However, the process of intelligence is a science.
THE APPLICATION OF OSINT
Intelligence can be used for four purposes: descriptive (what or where something is), capabilities (what something can do), intentions (what someone plans to do) and expectations (what we think they will do). The payoff from getting each of these right increases in inverse proportion to the likelihood of success. To understand intention and describe expectations, analysts must predict the future.
Due to the multitude of complex variables involved in this prediction, consistent predictive analysis is impossible for all but the most experienced intelligence analysts – and history is littered with ‘intelligence failures’.
For example, very few (perhaps one or two) Israeli Defence Force analysts predicted an attack by Egypt across the Suez Canal in October 1973, let alone a combined Arab attack on two fronts. But multiple intelligence sources had confirmed troop and equipment movement prior to the attack, and intelligence reporting existed on the capabilities of new Soviet equipment such as the Russian 2K12 Kub (NATO SA-6) SAM system.
The outcome of the Yom Kippur War is contested – was it ultimately a victory for the IDF on the battlefield, or a failure of preparation across the Israeli defence establishment? But it is clear that an understanding of capability would have provided clear information to prepare for the threat. The IDF could not predict the future, but it could have developed a plan based on a realistic understanding of what could happen in the future based on adversary technical capability. This is capabilities analysis.
Intentions and expectations are extremely difficult and expensive to understand. They can be subject to observer bias and deception by an adversary or opponent. Capabilities analysis is potentially more accessible, at a lower cost, and can be delivered through OSINT. This may be entirely as an ‘open’ product if used for business intelligence, or as a supplement to classified reporting for government and military intelligence. Capabilities analysis – the breaking down of complex problems into specific questions – is a useful analytical start-point. And the source for capabilities analysis is capabilities intelligence.
USING OSINT FOR CAPABILITIES ANALYSIS
Capabilities intelligence consists of the observation of ‘things’. Before the internet age, we considered things such as military equipment as existing within a system. Understanding the system – the human decision-maker – was the most important goal, as this would give us intent. Listing equipment was a means to divining this end, such as the meticulous counting of the Soviet bomber fleet during the Cold War.
Now, with the advent of network technologies we need a more defined typology. A way of framing the problem is to characterise the science of intelligence as mapping objects (things), networks (the links between things) and systems (the people and decisions that are enabled by networks). All three are linked. If we understand all of one, we will understand some of the other. Things – equipment, entities, objects – are immediately evident and can be mapped to understand the whole.
We could call this approach ‘object-based intelligence’. Focusing on the ‘object’ allows us to isolate it and ask specific questions about it – including emissions, signatures, performance, numbers and type, and affiliated location and position information.
Object-based OSINT allows us to formulate the problem we are trying to solve and the questions we are trying to answer. It exists purely to describe something and assess its capabilities. Once we have characterised enough objects we can start to understand a sample or small part of intention by looking at previous trends, analysing and disaggregating historical data points, and developing questions based on what we know of the object.
Instead of a linear approach to understanding intent such as asking one question, an object-based approach using OSINT establishes multiple questions and continues to develop new questions, which form a network of attributes around an object. The complexity of an object is reduced, and the problem is broken into smaller constituent parts. Some of these smaller components may only be answerable via direct acquisition of a piece of equipment or through classified means. But object-based OSINT establishes a framework for knowing through description and assessment of capability.
As the investigation around the cause of the crash of MH-17 progressed, significant object-based intelligence began to be reported in the media through the work of professional journalists and technical analysts. The reporting was supplemented by the release of information from the Dutch Safety Board’s technical enquiry and documents from the joint investigation team.
The facts were compelling – shrapnel at the crash site that could only have come from the 9N314 missile launched by the Buk-M1, and fragmentation patterns observed on the fuselage could only have been from a specific warhead. Narrowing down the weapon type meant the launch area could be defined. Within that area, possible launch sites were identified.
The location of the object and its visual signature then became relevant – it could only have come from the Russian 53rd Anti-Aircraft Missile Brigade, garrisoned in Kursk close to the Ukrainian border. The Kremlin tried to hide intent by lying on a massive scale and conducting what MI6 described as a ‘hugely intensive, multichannel propaganda effort’, but this was ultimately unsuccessful. The analysis of capabilities clearly revealed what had happened.
CONCLUSION
When it comes to predictive intelligence, trying to understand a target’s intentions and develop our expectations of their behaviour is expensive, difficult, and often wrong. It is trying to predict the future – an endeavour in which humans are notoriously ineffective.
To reduce the risk of surprise and focus intelligence efforts on specific and answerable outcomes, capabilities intelligence provides a framework for knowing. This framework focuses on objects and provides an inbuilt flexibility to define the relationships between objects. But it uses the object as the start point of analysis. While multiple intelligence disciplines can provide inputs to this analysis, it is open source that should be the start point for building capabilities intelligence.
Dougal Robertson is an executive analyst at Felix Defence, with 13 years’ experience as a military intelligence officer. He has worked in tactical, operational and strategic commands and deployed with the ADF to multiple locations.
He is a graduate of the RAAF Fighter Intelligence Instructor Course and holds Masters degrees in International Relations and Intelligence & Counter-terrorism.