/* */

11 March 2008

OSINT and faint indicators in the new cyber environment

For all of the sound and fury regarding the potential OPSEC implications of military and intelligence blogging, we must continually remind those mired in the old ways of thinking that there are far more pressing problems which inflict damage on the enterprise - be that enterprise government or commercial. While indiscretion will always remain a cardinal sin, the worst indiscretions are rarely committed by those that put pen to paper with proper foresight and consideration of the potential higher order effects of the discussion. The prohibition argument also rarely takes into consideration the kind of deliberate self-censorship that is routinely practiced by those with an active stake in the reputation market of the blogsphere – one that increasingly crosses into normal professional life in much the same manner as do one’s writings in an academic journal. The higher order benefits, on the other hand, of a robust and evolving literature, can be clearly shown to outweigh the actual problems identified in the kinds of studies which call for widespread prohibition of online writings on topics of relevance to the field. Worse yet, if such a prohibition would come to pass, the community will essentially have yielded the floor entirely to those who write without true understanding, and who increasingly lead the discussion further astray from the real issues and opportunities that today’s intelligence professionals face – as well as those critics which seek to deny entirely the legitimacy of the profession itself.

We have recently had occasion to note counter-examples which prove by comparison the vast gulf between the discretion of those current and former professionals engaged in active current debate in furtherance of the literature, and the kind of negligence and errors of the “official” discussion that if the shoe were on the other foot would provoke widespread (and justified) outrage. The first of these comes from the commercial world, at the Corporate Intelligence blog, where a case study examining the inferences which can be drawn from job vacancy postings is presented. We can recall quite a few similar issues emerging in the national security space, particularly with certain less than discrete contractors that tend to advertise in the major regional papers for rather explicit position descriptions, revealing rather more detail than one would like to see in public. These are rarely cited in prohibition discussions, however, but in the aggregate have likely done far more damage to the community than all of the public deliberative literature over the past sixty years.

We also recommend highly the analysis over at In From the Cold of a recent and much publicized incident involving the F-22 Raptor program, in which a pilot was less than discrete in online discussions. While we certainly feel that the individual responsible for disclosures deserves a long counseling session on appropriate standards for representing oneself in public, we take well the number of points in which supposedly “protected” information was previously disclosed through official public affairs channels. We also find observations of the interest displayed by certain parties more valuable than the information provided back to them, especially when the alternative pathways for those parties to obtain the same answers could have been used through entirely passive means, of which the community might never have been aware.

Of course, OSINT does have its dark side in that the adversary is always capable of using it against friendly interests. However, it requires a level of effort, understanding, and skill to parse through the overwhelming volume of noise to find those faint indicators – a task not unfamiliar to those that have ever worked with publicly available source information. In our view, it is better our adversaries waste that time – not knowing the wheat from the chaff – than they should spend efforts pursuing real collection against more sensitive activities that might yield a return on that investment that is more damaging to friendly interests in the long run.

The modern information environment is increasingly complex, and now that the genie of those technologies is out of the bottle, there is no chance of returning to a simpler era. It thus becomes all the more critical that the discussion regarding the effects of new media and online public discussions focus more narrowly on those areas which are truly essential elements of friendly information that must be protected with exceptional caution, rather than a blanket of prohibition that will harm our own side’s sensemaking and adaptation more than it will impair the enemy’s collection efforts.

Labels: , , , ,