Pages

24 March 2020

The Value of Open Source Intelligence in a Pandemic Environment

By Travis Wright

The extreme and necessary measures taken to restrict the spread of COVID-19 (Coronavirus) have impacted the day-to-day lives of everyone around the globe. From schools and jobs to sports and entertainment such as restaurants, bars and movie theaters – all been closed or impacted. The federal government has not been spared as the Office of Personnel Management (OPM) has directed agencies to utilize telework to the maximum extent possible.

Many Federal agencies are able to adapt to this new paradigm and can provide provisions for their employees to access the necessary government networks from home using government furnished laptops and sensible security protocols. Not to say there won’t be hiccups in this process. The scale and speed of this shift to telework are unprecedented, and there will certainly be challenges as government workers and contractors shift to this new reality. What is certain is that the nature of work has changed for the foreseeable future.

What has not changed is our adversaries attempts to leverage and exploit this vulnerable situation for their own gain. Recently, a cyber-attack on the Department of Health and Human Services (HHS) by a presumed state actor attempted to overload the Department’s cyberinfrastructure. As the lead agency in the pandemic response, HHS is the trusted source for the latest pandemic information. When trust in the source is compromised or threatened, the public loses confidence and the results can be confusion at best, panic at worst.


The need for keeping our government networks secure is vital for agencies to accomplish their missions.

While many government workers and contractors are adjusting to remote work, there are several groups of workers that cannot. These include our first responders, military members, medical staff and other critical roles that are essential to the day-to-day security of our nation.

Another large group that must continue onsite work are those in the intelligence community. The critical work they carry out every day, often unseen and unheralded, must continue regardless of pandemics, natural disasters, or other events. This work goes on in secure facilities and on secure networks that keep the information safe and to prevent such events as those faced by HHS. As noted by Thomas Muir, the Pentagon’s acting director of administration, and director of Washington Headquarters Services, “You will not have the capacity, obviously, to log on to a classified system from your home, you will be required to perform those duties at the workplace.”

However, with these challenges comes an opportunity for our IC leaders. How much of the work conducted in our nation’s most secure facilities must be classified? Gen Hyten, the Vice Chairman of the Joint Chiefs of Staff, was addressing this question even before the pandemic by saying, "In many cases in the department, we're just so overclassified it's ridiculous, just unbelievably ridiculous."

Case in point, at the agency I support, I needed a parking pass for the visitor's parking lot. This would allow me to park my vehicle a little closer to the building until my permanent parking pass became available. I searched the unclassified or "low side" systems on the building's operations site but could not find an option to request or print a pass. I asked a colleague if they could point me in the right direction, and she pointed me to the classified or "high side" system. I must have had a perplexed look on my face because she just rolled her eyes and shrugged. Keep in mind, this pass would not allow me access into the building, I would still need to pass multiple other security measures before I could get to my desk.

The path of least resistance in the name of security has caused simple items to become overly secured. The still secure networks of the unclassified systems provide adequate security for mundane administrative tasks such as parking passes and numerous other similar items. While this is a small example and only represents a minor inconvenience to me, it is indicative of a larger problem across the IC to default to classifying all information out of routine, on the side of extreme caution, or in some cases, simply convenience. Of course, the challenges with over-classification are not new and have been documented in the past

But what if it didn’t have to be this way?

With the explosion of publicly available information, there is more data available today than ever before and growing at an exponential rate. Leaders and organizations are no longer looking for needles in haystacks, they are looking for specific needles in mountains of other needles. Sifting through this data requires the assistance of computers through machine learning and artificial intelligence to find patterns and insights that were previously only available in the most classified environments.

This is not your father’s open-source intelligence or OSINT. The days of the Early Bird emails and newspaper clippings are long gone. The data available includes everything from shipping to industry financials to overhead imagery. All of this is available to commercial companies that are able to pay subscriptions to data providers. Hedge funds, insurance companies, and other industries that are assessing risk use this data on a daily basis to make financial decisions. Our adversaries have much of the same or similar data available to them and are using it to make informed decisions about us.

Not only is this information readily available, but it is also accessible from outside secured classified environments. Work in the open-source community continues unabated as long as there is a reliable internet connection with sensible security precautions enabled and information from data providers. 

Many long-time IC members will immediately scoff at the use of OSINT and say that it does not meet the rigor of the classified environment. That may have been true years ago – however, with the speed of social media and availability of technology, events that used to take weeks to assess are now unfolding in the public eye instantaneously, and in some cases, real-time. One only has to look at the Iranian shootdown of Ukraine International Airlines flight 752 as a good example. Iran denied the aircraft was shot down and challenged Western governments to provide proof. Within just a few days, a Twitter user shared a video of what was clearly a missile hitting the plane, and the Iranian government quickly backpedaled and admitted they had made a mistake.

This type of definitive proof was not something that was widely available even 10 years ago, yet is nearly ubiquitous today. There must be a change in culture in the IC as new methods are adopted to supplement traditional methods and sources. In his article "Open Sources for the Information Age," James Davitch succinctly captured these challenges, “As breaking the current paradigm is difficult, but essential, if the IC is to assume a more proactive posture. Barriers to this goal include organizational inertia, the fear of untested alternative methods, and the satisfaction of answering simpler questions, no matter how illusory their utility.”

In addition to the cultural challenges, there are logistical and financial considerations that must be addressed. A recent RAND study titled “Moving to the Unclassified, How the Intelligence Community Can Work from Unclassified Facilities” addresses many of the pros and cons of the tactical considerations and how leaders might address them. Perhaps the most significant advantages are the intangibles that the RAND authors noted, “The advantages of remote-work programs include greater access to outside expertise, continuity of operations, and increased work-life offerings for recruitment and retention.”

While OSINT is not the panacea for all intelligence challenges, it is a worthwhile tool for a leader to exploit this INT to its fullest potential. As we adapt to the new realities of telework and ways of operating, it is a good time for our IC leaders to advocate for a new way to operate outside of the secure environment.

No comments:

Post a Comment