OSINT in support of the Defence Intelligence Enterprise (DIE) - part two

Speaker 1: Welcome to The World of Intelligence, a podcast for you to discover the latest analysis of global military and security trends within the open source defense intelligence community. Now, onto the episode with your host, Harry Kemsley.

Harry Kemsley: Hello, and welcome back. For those of you who listened to part one of this podcast, you'll know that we're about to pick up the second part now. Thank you for listening. Yeah. Let me just spin this in a slightly different direction. Sean, I'll come to you first. But I'm sure, Bob, you'll have a view on this as well. How do we do that governance, where we take into consideration the necessary ethics and the collection processes and all the rest of it? And not put ourselves at a disadvantage, where a potential adversary feels less constrained by the ethical environment that we are considering. Sean, how do you feel as though we should tackle that? And by the way, I know that's a difficult question, but I'm coming to you first to give Bob some more time to think about it.

Sean: For me, it's a moral issue, isn't it? The ethics is what is right, which doesn't necessarily mean what is legal, as when we had that one with Amy, of course. So I think you just have to accept that there are things that we won't use. Like on the battlefield, we won't use tactical nuclear weapons, or will we? We won't use banned weapons, et cetera, et cetera. So it's the same thing for me. But I don't think that necessarily puts us at a disadvantage. We just have to be smarter, actually. But I think on the governance side, and this is where I agree with Bob, and this is always the problem that any Western government will have. How do you coordinate everything and bring it into one bucket to make it efficient so you're not buying it lots and lots of times? But then, also, make it usable for the huge spectrum of who needs it within the community, from the tactical to the strategic. They're different requirements. So whereas it's fine to say, " Okay, this organization will lead all the rest of it." But each organization then must have the flexibility to say, " Well, I need this that nobody else needs and, therefore, I'm going to do that." So I would say in terms of the coordinating level, is it CIA, is it DNI, whatever? We need some sort of directive, whether it's an ICD or not. And I think it's pretty much there actually that says, " Right, this is the legal, this is the ethical, this is the policy by which open source intelligence will be governed, will be run," just like the other ICDs. " There's your direction. Now, go and do your own thing." It's not as simple as that, of course. And, of course, the other thing, the part of it, which Bob actually touched on very well indeed as well, was follow the money. Where is the money? Because if you're a commercial organization, you're not going to invest in these things. You're not going to do anything unless you think there's going to be a return on your investment. But, equally, if you're a government organization, you say, " Well, actually, we could do all this ourselves. Why would I spend umpty, umpty dollars on developing this capability when the instinct is always to do it in- house?"

Harry Kemsley: So, Bob, turning the same question to you then, in terms of the ethical disadvantage, if I can use that phrase, how do you feel about the constraints we put on ourselves for ethical reasons? And the advantage that might give adversaries, if that indeed is an advantage?

Bob: Yeah, so we are a values- based society. And so with those rules going forward... Yeah, does it put it as a disadvantage over an autocratic authoritarian government? Yeah, but I would frame it in the context of risk mitigation. So what can we do, when you think about our values, to mitigate some of that risk? And so we have oversight, whether it's through intelligence committees, whether it's through what we do from the Defense Department. But the other part is transparency. So if you don't know what your intelligence committee's doing, and you don't know what your government's doing, and you don't know what your Defense Department's doing, because there's a lack of transparency, then you default toward a lack of trust. So part of that risk mitigation, for me, is building trust. And my hat's off to the DNI. That report from 27 January of'22 that talks about public available commercial freedom of information. If you go through the body of the document, there's only just a couple of words that are redacted. The bulk of the document is there. And the fact that, now, was there a little bit of pressure? This is a little bit of the cart and the horse. Was there pressure from the Hill to do that? Or was it just from the own volition of the DNI to go, " Yeah, we got to release this"? That's probably another argument. But I compliment the DNI for releasing this document which says, " Hey, here's the kinds of things," and it doesn't make a judgment, but it gives some recommendations, " that are going on. And where the risk lies if we don't provide the proper oversight to our US citizens as it relates to the Fourth Amendment." So I think it really is transparency, creating a dialogue with the IC, which has been... Let's go back to Ukraine. There's a bit of a forcing function here. We've had intelligence where we've shared where we knew the IMITS of the attack. So the administration decides, " Hey, we're going to put that out there. We're going to share it with partners so that you don't have this false flag from the Russians where they're going to come in." So I just think creating transparency to the degree that it doesn't put national security at risk. And having a dialogue. I think your IC, they're in the business of national security, and not necessarily in the business of keeping secrets from the American public. So creating that dialogue is building trust. And I think that in itself is foundational to our values. And it's the right thing to do. And so when you build that trust, then what do you get? You get a little more leeway with some of the things you probably want to be able to need to do, but you keep the dialogue going. And I think that's the perspective.

Harry Kemsley: You probably also" recruit" a large part of the population that become part of your intelligence community, by virtue of the fact they're also looking at open source intelligence or information, and creating intelligence, potentially. All right, so... Go ahead, Bob, sorry.

Bob: Yeah, I just want to follow up to Sean's point. We were talking about the follow the money and stuff like that. So the other part is, there is a little bit of inherent risk, I guess, in that over centralization, if you don't manage the requirements well. Because you may purchase some package of license for certain kinds of production, but Southcom goes, " Yeah, but you're not meeting my requirement for X." So the COCOMs and the outliers have to be able to make sure that their requirements are known, that they're brought in. So that whatever centralized business arrangement or purchase agreement is put in place, it has the agility, the flexibility, to address the requirements of the broader community and what they need. So it's not like I just bought 10 pounds of open source, you get what you get. No, I want to push my requirements in. And let's make sure that your business model and your purchase agreement is dynamic enough for me to be able to be value added.

Harry Kemsley: Yeah, we've certainly had plenty of conversations, Sean, have we not, about the capital procurement programs. Procurement programs that were designed for the procurement of ships and airplanes, rather than intelligence. But let's not go there today. Let's push onto something else. All right, so with all that we've said, we've talked about the coming of age of open source intelligence. We've talked about its utility. We've talked about the proximity to that moment where it becomes more integrated. Let me ask you to look into your crystal ball, Bob. And we're now in 2028, gusting 2030. What do you see as the big changes between now and then that open source needs to think about preparing itself for that might affect the way we do governance? What's the changes coming that we need to be ready for, both in the commercial sector as much as in the government sector, in terms of how to integrate it?

Bob: Yeah, I think the challenge, it goes back to that conversation we had early on. How do we bring all the partners together, both inside the fence and outside the fence, to talk about how do we integrate this at scale to address national security issues? And so I think we're poised to have that conversation but someone's going to have to lead it from inside the fence. Sean, you and I can do some cajoling from outside the fence. But we need the leadership inside that looks at this and says, " We have a strategic opportunity. Are we going to take it?" Because unless we fully integrate this at scale... We're already seeing the Chinese do this. So set aside the authoritarianism, set aside the values issue, they're starting to do this at scale, fully integrated. Of course, when you've got one person in charge and can drive the nation toward a certain vector, then that's easier to do. So our challenge is the complexity of what it means to be a democracy. And I'll go back to one of your statesmen, who said, " It's the worst form of government, but it's better than all others," Winston Churchill. So it also makes it very complicated for us to be able to put this in place. But we have a strategic opportunity and the door is open. Are we going to walk through it and we're going to bring industry with us? Or are we going to start doing this as an extended enterprise of the IC, which is where that opportunity lies, to start leveraging more and more of this? And look at the relationships with business as well. The discussions we had on the Fortune 500. Not everything brilliant was invented inside a three letter agency. And they know that. Not to be critical, but our ability to send feelers out to these Fortune 500 companies. If I'm running an open source center, I want to go out to the ExxonMobils and some of these international corporations, and go, "Tell me how you're leveraging this." It's interesting. If you go back to post 9/ 11, if you go to the New York Fire Department, they have an ops intel center that was advised and built under the tutelage of one of our pristine special operations organizations. And they do phenomenal things. So I think our ability to share both ways, in commercial industry, as well as inside the government from commercial industry, is a strategic opportunity. And we need to seize it.

Harry Kemsley: Sean, strategic opportunity, it's there in front of us. What do you see as the opportunity for us in the next few years for open source?

Sean: And this is where I go back to revert to type and where I'm not as positive as I was. So the nirvana is an ability to just hoover up all the data from whatever sources, apply some proper algorithms to come up with the assured information that we need to provide the intelligence that is comprehensive. That is the nirvana. And that's what we should be working to. But it goes back to the risk appetite. How much risk does the community actually take? Very, very, little. We are a risk averse organization. When I say us, I mean the ex- defense side of things. But I think, to an extent, that also applies a little bit to the commercial world. Unless that risk is embraced... And I don't mean being reckless, what I mean is being prepared to take risk by understanding what that means, in using and integrating both classified and unclassified data. Unless we do that, we're going to be in a bad place in five, 10 years time. Because if there's one thing that is an absolute cert is the data is just going to get greater and greater and greater. They get more granular. Doesn't mean to say it's all going to be more right, because you've got to actually sift the misinformation, disinformation out there. But the nirvana is to take it all and be able to filter in a way that we're using the assured data to come up with the fullest analysis. Are we going to make it? Well, for all the reasons we've already talked about, right now, and it is cultural more than anything else, I'm not sure we're going to get there.

Harry Kemsley: Well, maybe, sadly, we might need another strategic shock to get that changed. So, Bob, let's just turn back to the governance. And this will be a little bit more directly pointed at the government environment in the US. We have civilian and defense intelligence. How do you feel about the command and control in that environment as it is today? What do you think are the benefits of it currently set up as it is? Or should that be changed in any way?

Bob: So I think we have a good framework right now. Because the way it's set up is, even though the CI has the overall responsibility, you have a significant role for DA. Because DA has responsibility to the Defense Department. So when you look at requirements, the IC has requirements for the broader IC. The CI does a lot to focus on the national decision makers within the administration, the executive branch. But for Scott Berrier, General Berrier, in Defense Intelligence Agency and the Open Source Center, they're answering requirements for Secretary Austin and the Defense Department. So it's not duplicative in nature. So you've got structure because you have different requirements and you have different customers. And so, for the IC, for CIA, handling that broader executive branch responsibility, for the president of the Security Council. And that particular clientele for General Berrier and the Defense Department through DIA, combat commanders, the services, the Defense Department, the OSD staff. So different requirements, there's a little bit of overlap, and we have a mechanism to deconflict some of those. But you got to understand that there's different constituencies, different requirements. And that allows them to focus their efforts on those requirements, on those clients, and be much more laser focused on addressing their needs. So that's set up. While it may appear that it's somewhat duplicative, that bifurcation is necessary. And then they come together where it makes sense, and talk about a governance, and talk about procurement, and a number of things that we've talked to over the last hour.

Harry Kemsley: Let me just throw in a quick wild card question, if I may, Bob, before we close. We've had recent conversations. In fact, we've had several conversations on these podcasts about the advent of the artificial intelligence based analytics. We had a guest on recently, a very knowledgeable guest about AI, Keith Dear. And he spoke greatly about the essential inclusion of artificial intelligence. I sense from conversations I've had elsewhere that people are... I'm talking about people inside the defense intelligence community. Are still not clear about the full potential of AI and are concerned about the black box element of AI. What's your view about the inclusion of artificial intelligence in the intelligence trade craft that we understand today? How do you feel about introducing those kinds of techniques and technologies?

Bob: Yeah, I think we absolutely have to leverage it, but we have to go in with eyes wide open. I think the black box analogy is one, where I am right now, is unacceptable to say, " This is what the box told me." Because it gets back into the trade craft. You have to be able to explain to me, " How did the algorithm come up with the answers three?" And so because we inherently owe that to our senior leaders. And the conversations I have with senior leaders is, " Ask us about our trade craft. Ask us about our sources and methods. Ask us about our confidence level." I think that should be inherent in the dialogue. And so when you present something to a senior leader, the question should be, " And how do you know that?" And I never want to be in a position where I go, " Well, that's what the box told me." So you got to understand that. So that's part of it when you think about large AI. The other part is, you're as good as the data in your holdings. So the data for large language models is much more replete. But we're discovering things like ChatGPT will have hallucinations. Hallucinations where, I'm probably butchering this, but if there's a gap, it may fill in the gap with what it thinks. But there are errors that come out of that. And then for us to take some of these artificial intelligence algorithms, a lot of it is taking... Because we want to jump to this cognition model. When, in fact, where we are right now is, " Hey, just go find the following things and a bunch of imagery." Or, " Find the following things and some data just to aggregate it to help me reduce the burden of my workflow." So there's some basic functions that we need to bring it in to be able to do. And then I think we learn over time the more complicated use. But it will be integral to what we do going forward. I think it's great for red teaming analysis. What are alternative analysis to what maybe the analyst comes up with? Or plugging in the same data they're reading and see does it come up with the same kind of information? It's interesting. So as I look at on my screen here, I've got Sean and Harry. And if I were to ask them, let's say, they've got the same 35 years of experience in the UK working in analysis, and they have the same data that they read, doesn't mean they're necessarily going to come up with the same conclusion. So AI may be part of it. And the example, because it's much to the frustration of senior leaders that go, " How come CI and DI have a different opinion of what's the likelihood of X happening? Aren't you guys reading the same data?" And the response they always get back is, I ask that senior leader, I go, " What's the highest court in the land?" And they'll look at me like I'm an idiot. And they go, "It's the Supreme Court." And I go, " Yep, and every time the Supreme Court has a controversial issue, they're always nine and zero on their decision." It's the same document. It's been around for over 200 years. No, because there are some biases there that go into that. So you're going to have the same thing in artificial intelligence. You have the same thing in human intelligence. And you just got to figure out how do you manage that? How do you make sure that's transparent? And how do you explain it? Because the Supreme Court is seldom nine and 0. And they're all reading the same constitution.

Harry Kemsley: Yeah, yeah, well said. All right, I'm going to draw stumps on the conversation. A quick reference to the game of cricket, by the way. I'll ask you in just a second, Bob, if you had the opportunity to have the audience take away one thing from this conversation, what would it be? Sean, I'll come to you second, and I'll give myself the opportunity to fill in the blank after that. So, Bob, you have the audience in front of you. What's the one thing you want them to take away from this conversation concerning open source intelligence?

Bob: We have a strategic opportunity at our feet. What are you going to do to help educate the folks that you work with in your network to help them understand that strategic opportunity and drive change?

Harry Kemsley: Perfect. Sean?

Sean: It wouldn't surprise you to know, that would've been mine as well. But there are several big ones out there. I think, for me, and Bob brought it up actually, is the need from the community as a whole to broaden their focus from a razor sharp view on it's all about the data, to looking at the wider elements of it, including the analytics, including the analysis, so the wider piece. So that's really the big thing I took away, actually.

Harry Kemsley: Yeah. So, Bob, you've talked about the strategic opportunity. Sean, you've talked about it from the community's perspective. I'm going to talk about it from the commercial perspective. The one thing that you said earlier, Bob, that really struck with me is that transparency will, in certain circumstances anyway, develop trust. If the agencies, inaudible, UK based, NATO based, are to trust the corporate environment, we have to be more transparent about how we do what we do. Certainly, at Janes, we spent a huge amount of effort talking about our trade craft, honed over many, many decades. We need that to be the standard for all commercial providers, I would suggest, to get to the point where the agencies see and understand what we do more than they do today. So, for me, that transparency piece is huge. Bob, go ahead.

Bob: So one of the great things that senior leaders do is they reach out to this broad network that's not in the Defense Department. And so I'll give you an example, just not that this is exact details. So a chief of staff of the Army, he probably reaches out to a lot of people that have never been in uniform, that are in the broader commercial industry, to talk about business. To talk about opportunities, to talk about what's going on in the world. So within the open source, and this is takeaway on this one, if you think about open source, then there's an executive council. There's an executive council that exists that is co- chaired by CI and DI. And it happens inside of SCIF. And I've sat in it several times. And you look around, it's in a SCIF, with a bunch of people that are all part of the IC. Where is the OSINT executive council that half of the people sitting there are industry? Not selling, but talking about what we potentially could achieve. Because that's what chiefs of staff of the services do. They have broad networks, whether it's reaching out to Bloomberg, or PIC, these global companies. Because these individuals, men and women, are leading these... These CEOs have tremendous insights. So why are we not thinking about... And maybe that's the one catalyst that starts that whiteboard conversation of what's in the art of the possible about the fact that we get this out of this insular inside of SCIF design of how we think about it. And we pull in data or tools as a commodity as opposed to thinking about a capability. Because we think about things we buy, as opposed to the capability and what we could produce.

Harry Kemsley: Yep. Yep, perfect. All right, well, because time is always going to evaporate on us, I will pull stumps at this point. Bob, thank you so much for taking the time to talk to us. Sean, as ever, thank you for your contribution. And for the listener, we get a lot of questions coming in, sometimes, around these podcasts. If you have any questions about anything you've heard today, then please let us know. Bob, I'm highly confident there will be some questions which may well warrant another conversation between the three of us. And I look forward to that day. So thank you very much for your time today. Great contribution, great conversation. Thank you.

Bob: Harry, Sean, always great to be with you. I absolutely love it. And we own part of this responsibility, as we move ahead, so we'll keep working it.

Harry Kemsley: Thank you again.

Speaker 1: Thanks for joining us this week on The World of Intelligence. Make sure to visit our website, janes. com/ podcast, where you could subscribe to the show on Apple Podcasts, Spotify, or Google Podcasts so you'll never miss an episode.