Optimising OSINT for the Intelligence Community

Media Thumbnail
  • 0.5
  • 1
  • 1.25
  • 1.5
  • 1.75
  • 2
This is a podcast episode titled, Optimising OSINT for the Intelligence Community. The summary for this episode is: <p>Randy Nixon, Director, Open Source Enterprise, CIA and long time user of Janes joins Harry Kemsley and Sean Corbett to discuss the power and utility of open source intelligence in the intelligence community, why the people in these organisations are so important and how this community can optimise OSINT in their organisations.</p>

Speaker 1: Welcome to The World of Intelligence, a podcast for you to discover the latest analysis of global military and security trends within the open source defense intelligence community. Now onto the episode with your host, Harry Kemsley.

Harry Kemsley: Hello, and welcome to this edition of World of Intelligence by Janes. My name's Harry Kemsley, your host for today. And as usual, my co- host, co- conspirator is Sean Corbett. Hello, Sean.

Sean Corbett: Hi, Harry.

Harry Kemsley: Hi, Sean. So in number of our episodes with a number of guests, we've had the opportunity to talk about the potential uses and factors in consideration for the use of open source information to derive intelligence. And often, Sean, I think we've heard it said by a number of guests that the intelligence community is not yet fully engaged with open source intelligence. It's not necessarily a matter of not wanting to, maybe there are cultural blocks, maybe there are other technical blocks, but not yet fully engaged. So, what better, we thought, than to ask the Director of Open Source Enterprise at the CIA, Randy Nixon, to join us and talk about exactly this issue? So, I am absolutely delighted to welcome Randy, Randy Nixon. Randy, thank you for joining us.

Randy Nixon: Oh, thanks for having me. As a longtime military analyst to be here with Janes, I'm kind of geeking out on that myself, because I've been a user, consumer and fan of your company for as long as I've been in this business.

Harry Kemsley: Well, thank you very much, Randy. It's great to have you here. Randy Nixon, since last December has served as CIA director of Open Source Enterprise. Randy first joined CIA in 1991 as a student intern. He served five years active duty in the army and returned to the agency in 1998. Most of his career was spent working war zones or unstable regions until Randy was tasked to stand up the Office of Advanced Analytics in 2015. When not at work, Randy has three sons, two dogs, a very understanding wife and loves anything that is competitive. Randy, great to have you here. Okay, so Randy, let's get started with your understanding of what you and the agency believe open source is and then open source intelligence as a capability. How do you regard open source?

Randy Nixon: Yeah. The definition keeps changing over time. Open source enterprise is what we are called today. Before it was open source center. If you go all the way back to 1941, we were FBIS, the Foreign Broadcast Intelligence Service. And it was easier in the FBIS days. Our job then was to read all the newspapers, do all the translation, collect all the radio. And then TV came along and disrupted our entire world. And as you keep moving through time and with social media and then big data and now it's commercially available datasets, tomorrow it will be something else that comes along. If it's out in the open and it is collectible or purchasable, that's open source and it's a great source of information that we do everything we can to take full advantage of.

Harry Kemsley: Right. So, we've certainly talked about that, Sean, plenty of times in the past. And Sean, you have your four points of open source intelligence, but I'm not going to ask you to repeat again, but if anybody's interested, go back a few episodes, you'll find Sean talking about it. Well, what I think is clear to ask Randy is that the scale of open source information that's available to us, the variety, the velocity at which it moves, and of course, the veracity issue, which no doubt, we'll talk about at some point today. If not today, another time. These are the opportunities and challenges in the open source arena, and ones that I'd like to explore to some extent in the opportunity we've got now in the next 30 minutes or so. So, in your estimation, what is the position of the CIA currently, the agency's view of open source? Is it still seen as the poor twin? Is it the outer sibling that's not really that important? Or, is it increasingly now seen as a very important part of the agency's work in the intelligence realm?

Randy Nixon: I get asked that question a lot and I usually take the different approach. I dispute the idea that OSINT hasn't always been important. What it's not is, they don't make movies about us. There's one stanza in one song by The Fugs called CIA Man that talks about open source information. That's about the best we get in the Hollywood world. But throughout my entire career I have been a user of open source both for the agency and the army before that. Sometimes that open source is Janes and looking at your military equipment, but it's always been right there. I think what we're having today is a renaissance in the public's understanding of the power of open source. And I think there's several main reasons for that. One is the explosion of information. We talked about that a little bit, a second ago. From TV, radio, to social media, to commercially available, the amount, the scale of open source is exponentially growing year by year and the public's understanding of that has grown. The other is private sector has moved into this space in a way that we haven't seen in the past. And with that, you're able to advertise and talk about your successes in a way that we can't in open source center. So, Janes, Bellingcat, y'all are in the news and some of the amazing work you do is highlighted by the press all the time, New York Times, Washington Post, they've done some great open source work as well. We're also doing on those same times, some amazing work that Janes and Bellingcat and the others are doing. We just can't talk about it. From the very tactical OSINT of what our targeters do, working with operators and war fighters, to the strategic OSINT that goes to our policymakers, and to the technology and innovation that we do to make sure that we can use this vast scale of information. So, to me, has OSINT, is it being used in a different way? Is it more important than it was in the past? I don't think so.

Harry Kemsley: That's interesting.

Randy Nixon: As a user, it's always been valuable.

Harry Kemsley: Yeah, that's interesting. Sean, I want to come back, but I can see you got a point. Go ahead.

Sean Corbett: Yeah. No, I was just going to say that's such a refreshing attitude and I agree with it actually, that we've always used it, but I think the key now is that the formalization of it, for good reasons, because people both internally and externally are seeing the power of it and as you said, the explosion of data. And if you look at the exquisite collection capabilities, we saw that same evolution in terms of, " There is so much data out there now that, how do we manage it?" And I know we're going to come talk to this in a little while as well, but the same is now true of open source intelligence. And I think it's worth saying that the world is such a complex place in terms of security threats and challenges that we really have to not just pay homage to, but really get into all sources from wherever we can globally and really embrace. And the other thing about open source intelligence in terms of not getting into the definition, but it covers all the separate INTs, as I would call them. So, whether it's human, whether it's GEOINT, whether it's operational intelligence, it covers all of those. So, that makes it even more powerful. And I know we might get on to speak later about how we'd best use that, but for me it's all about the formalization. And of course, being a government organization, we absolutely have to, or you absolutely have to make sure the rules and protocols are there to make sure it can be used in the right way. So, it's the accessibility and the formalization that I think is the big thing that we're going through now.

Harry Kemsley: I think we should come back to that point about formalization maybe in a second, Randy, in terms of the organization of the open source community, commercial and otherwise, but let's come to that in just a second. All I wanted to say in terms of your point, I agree with Sean, refreshing point of view actually. And one we've heard, Sean, actually before from military people and they've said, " What do you mean open source? What else is there? We only use open source anyways." You think about the diplomatic community, they live and breathe in an open source environment and they use exquisite where they actually absolutely have to. So, I think there is perhaps a misperception about the utility, but it's the formalization, the fact that it's becoming" codified." It's becoming a trade craft. It's being recognized as maybe a separate part of the intelligence community. That's the bit that I think is perhaps novel today. And I also agree with your point, Randy, that there's been a sort of coming of age, we had a couple of podcasts ago looking at the Ukraine conflict and the amount of open source intelligence, and I do mean intelligence, that's come out from various organizations about what's happening on the ground, that is quite remarkable and frankly looks a lot like the sort of stuff you would see previously behind a vault door. But that, I think, is what's happened in the recent times. Who knows? Maybe there'll be enough of that, that eventually Hollywood will notice and they'll start to make movies of the open source center and you'll be a star again. Let me move on though, if I may, to the uses as they stand. Where do you see open source intelligence now that it's had a breakthrough, where do you see open source intelligence going? Given where it's now, where do you see it going in the future? What's the potential for open source for an agency like the CIA?

Randy Nixon: Our greatest weakness today, and I think you probably find it in your company and other places as well, is the vast scale of what open source and the collection is. It becomes a usability issue to our analysts and operators and war fighters, because there is just so much of it that we can deliver from open source center and from the intelligence community, from my other partners, to the user. The ability to get through that, it's just impossible. So, for us it's, how do we find the gold nuggets in all of that? I think I've heard it described, " How do you find the needles in stacks of needles, in fields of needles?" That's really what we're doing today. I had read there's like 12.8 quintillions bites of data produced every single day. Most of that's garbage, cat videos and BS like that, but the most important things are buried in that. So, I think, well I described it, we were in a renaissance in people's understanding of open source. I think we're on the cusp of a revolution of what technology's going to do to us to make this vast amount of open source information usable. You're seeing that in the press today. These large language models that you can play around, you can write some great poetry with ChatGPT. I asked it to write a song about OSINT the other day. It did, it won't be a hit, but it was still pretty good. Helps to raise morale. But you can also ask it to summarize vast troves of information and to help you find what's important and make it more usable for our reader right from the very beginning. That's our future, using that technology and where we're going with artificial intelligence and machine learning. That takes millions and millions of documents we bring in every second, at thousands and thousands of hours of video. I mean, it makes it where we actually can deliver that to our consumers in a way that we've never been able to do before. And it's going to make that what today can be a weakness, our greatest strength.

Harry Kemsley: Sure.

Sean Corbett: I think what you're saying, Randy, is that you can actually use open source intelligence for any subset of a problem. It's just finding the right data and assuring it. And I'm sure we'll get onto tradecraft, my favorite subject, in a moment. But it's interesting and it's back to this coming of age thing and the renaissance, because until last year I'd have said that open source intelligence, it's good for foundational stuff, it's good for context. So, lots of good academic stuff. It's good for data that you know is fair and reliable, but I wouldn't really have said, you can use it for what I would call current intelligence in terms of understanding what's happening now. There's always that CNN factor that they say they're always ahead of the intelligence community. I'm not entirely sure that's true by the way, but leveraging anything like that can really help us with all the extra stuff that we've got. And my mantra has always been that, one day not too far away, whereas probably 80% of what we do now is through exquisite collection and that expertise, and 20% is open source. I would probably flip it around the other way. I mean, that's finger in the air sort of thing, but it could well be that in the future that the 80% is derived from either public or commercially sources, but that 20%, the real value added that the IC brings, it can focus that and really bring out what needs to be done internally.

Randy Nixon: Yeah. I would say it's probably not 80/ 20 today, exquisite and open source. And I would take it even further. Some of that exquisite it's being found because of the tactical open source specialists that we have, that are helping put the operator on target or put the war fighter on target, because we are able to take that vast trove of information and find what they need to put them in the right place. And many times what we're writing, even if it is 80/20 at the exquisite, the HUMINT, the SIGINT, I probably could have written the exact same thing with open source and delivered it to a wider audience. Now, is it as sexy? No, certainly not. Have the same funding as the other places? No. And it doesn't need it quite the same, because it's a lot more expensive to do imagery, or SIGINT, or HUMINT. But I would say, those INTs, they can't do it without us. That's a reason we say our vision is to be the INT of first resort, because it should be, because it's cheaper, faster, it's not a problem if it leaks because it's out there in the open and it's what we should be able to use at the very beginning, so that we can use our money and our exquisite and the things that are hurtful if we lose, for what we need to use it on rather than trying to cover the entire world with it.

Harry Kemsley: Yeah. And I think to use your analogy earlier, putting yourself in the right part of the stack of needles to find the needle you're looking for, is one of those things that open source we see regularly, Sean, don't we? Being used for, knowing where to start. Indicators of warning, sure, but knowing where to start in that foundational and current intelligence piece is and has been key for us. I'd like to move us on then, Randy, to facing up to this challenge of the colossal, vast amount of information that's being generated. You used the phrase I'd never heard before, quintillion, I think you said, quintillion-

Randy Nixon: Yeah. 18 zeros.

Harry Kemsley: Yeah. Well, okay. I don't even know what that means other than to know it's bigger than I can imagine. What I think that tells us is that the organization that we bring together to attack this problem within the government environment, within the commercial environment, how do we organize the resources we do have? I'm curious to know your view about how the US intelligence community faces up to this problem where we all agree open source intelligence is useful, should be exploited. So, how do we organize ourselves to be able to deal with the challenges and achieve the opportunities that open source brings? What's the best form of organization that you can think of at the moment, Randy?

Randy Nixon: Well, there's a lot of play on in my country and in the UK and others about, should open source be its own agency? I'll leave that to the politicians to debate. It would take acts of Congress to make that happen. What I know is in our intelligence community, the director of CIA, he is the functional manager of two INTs. He is in charge of HUMINT and he is in charge of OSINT. Now, he rolls that down for me to operationally drive that for him. So, a lot of the folks who are out there talking about, " Should we be our own agency?" They don't understand how we do act as a community and this a federated model. So, that Director Burns, he has his board of governors, we had a meeting of that last week. That's the director and all of his counterparts, where we help drive where OSINT's going as a community. Underneath that and meeting with right now, it's been meeting monthly, is our national open source committee. That's chaired by myself, my DIA colleague, and a DNI colleague. DNI is adding in an exec sec right now and they'll be right there working as a close partner with us on OSINT. And from there, we drive collection and tradecraft and training and sharing of data across the entire community. And then under that we have subcommittees who are working these problems day in and day out. So, those calling for new agencies, I think they don't understand what we do, do across the community. So, while as a private citizen, I might have my own opinion. As Randy Nixon in charge of open source center, my job is to take the full authorities that Director Burns has and operationalize those with my counterparts across the community. And I can tell you that's being done and it's being done with a fervor. So, that also goes where people talk about resources, " Do you have enough resources?" If they're only looking at me, or only looking at DIA or NSA, or others in OSINT centers and our professionals in this. Sure, we look very small, but if you actually look at us as a federated community and how we operate and work together, we're okay. Everybody can do more with more, especially for when you're trying to cover the globe.

Harry Kemsley: Sure.

Randy Nixon: But that's a zero- sum game. There's only so many tax dollars coming in.

Harry Kemsley: Indeed. Indeed. Sean, you've had the background that might help here as well. You've worked in DIA as one of the first non- US citizens to be a deputy director. You've worked in the UK in very senior roles, you've worked in NATO. What's your view about how NATO or the UK might approach this same question of organizing OSINT as a function within those organizations?

Sean Corbett: Yeah, I feel empowered actually to have a view on this because I don't belong to a government organization now. So, the first thing is, when there's a new challenge or a new bright, shiny object, the natural instinct, " Oh, well, let's create a new organization." Whether it's a national open source center, whatever. But that exactly as Randy said, I mean, it's really inefficient because you've got to get all the trappings and all the admin and the J1 to J9 support, as you and I would know. So, the full logistics, et cetera. And so, it's kind of redundant, but I think it's more than that though, because what we're trying to do really is develop a capability. And I love the federated word, in this case it really does apply, because you think about open source intelligence, it needs to be applied in different ways for different problem sets and for different decision- makers. So, the way OSINT is used within CIA, for example, will be different to the way that DIA use it, because it's a different set. Now, but that's not to say that it shouldn't be done in a coherent manner. And this is where again, it's interesting what you're saying, Randy, because we need tradecraft to be reflective across the board. So, what we are looking for is open source intelligence specialists. And I do contend, and we might get onto this later, that you do need specialists in open source intelligence. Just because you can Google something does not make you an OSINT specialist at all. It's just as specialist as all the other intelligences. So, we need professional people that understand, that have tradecraft, that have policies and have rules and ethics and all those sort of thing, legalities. So, they need to be trained and they need to be trained in this similar way, so you've got that foundation then. And it's interesting, I'd have put that down to DNI, but obviously you're saying, Randy, that's CIA, which is really interesting actually. It doesn't matter who, as long as you've got the authorities and then they're cascaded down, so that you can pick up one open source intelligence specialist and put them into a different organization. Similar to what we do with the other INTs as well. So, I think that's really important, actually. So, we love to get wrapped round about organizational discussions, because it's fun over a couple of beers, and it's like, " Well, we own that." " No, we own that." It doesn't matter. But as long as the best practice, I think is what I'm trying to say, is shared amongst everybody. And this is the tricky bit, because this is cultural. So, if you've got an OSINT organization embedded within whichever three letter abbreviation you want, having that awareness of what everybody else is doing, say, " Look, I don't really need this but this is really good stuff. Who else will need it?" Now, that is an education thing, it's a time thing, it's a cultural thing, it's also a connectivity thing. And I always found that as one of the biggest challenges actually when I was working within the IC, whether I was UK, NATO, or the US, is that as analysts, and at the end of the day, I'm an analyst, it's like, " This is what I'm doing. Oh, isn't this special?" I don't go, " Oh, actually, right, such- and- such in that organization." So, having that federated approach is really important, but also, having that single authority is also important.

Randy Nixon: No, you're exactly right. It's the sharing of what we're all doing. So, here from the open source center, we run the tech stack for the entire IC. So, it's our open source data layer, our way that we deliver open source information and share, it's very important to us. At my job before that, I ran next- generation Trident, that's the IC search engine. So, making sure that we're delivering our information on the high side. So, I've done both. And often what we're talking about inside of OSE, and I know my other counterparts are doing the same is, " We did this piece, you name it, for our operators, should we also flip that into a different kind of product to get it delivered to others as well?" Another point to go back to is how we view ourself as federated. It's not just our own intelligence. We work very closely with our liaison partners across the world. We have forums of where we meet regularly there as well. We're sharing across ourselves. And we, inside OE, and I think that my counterparts as well, we talk a lot more about how it's the private sector as well and how we partner and work with y'all, because there's a lot of really good data and technology and just tradecraft and expertise that's being done outside our walls. And making sure we're aware of all of that and bringing it to bear.

Harry Kemsley: Let me bring us to the role of the commercial sector alongside partners in the IC, in just a second, Randy. Can I just step back half a step though, to something that I think you were alluding to, Sean, and I think you've just said as well, Randy. Underneath all that you've said, there's a degree of standardization that's echoing out of that, in that you get a sense of what good looks like. You capture that in military terms, you talk about the doctrine, best practice, you capture those things and then you make sure that people are adhering to them. If I were devil's advocate, I would sit here if I was coming from a startup industry world and say, " We don't need all that standardization, we just need to know what the latest tricks are and we then share them and organically we improve as a community." One of the things that I have heard from previous guests is that we might get in the way of progress if we stifle progress, if we try and wrap it up too much. I think there is a need for good tradecraft, sharing best practice, sharing product, but one of the things that I haven't seen yet is the ability to learn both ways. So, there's not always a top- down model, but the community around you are able to share their best practice and their approaches, their new techniques, back up to you as well. Do you see that as something that's already in place or do you think that's something we could aspire to?

Randy Nixon: I think there are pieces of it in place and there's ways that we're looking to improve it. So, we do need to be sharing our tradecraft. And it's not just throughout the OSINT community, because Sean said it earlier, it's not just going on to Google, but people who don't understand OSINT and the deep tradecraft that we have on it and the continuously evolving tradecraft for it, they make our job harder because they'll go out there and Google something and then especially if they're doing it from inside any of our walls. Then the OSINT professional comes along and it's already been compromised that we looked. And where we would've been approaching it from a sideways direction and taking hours of time to make sure we did it right, or having real exotic tradecraft to get behind two- factor authentication, and all these things that are coming up that make our job hard, we have ways to do that and the ways to do it the right way. And a general analyst sitting at their desk doesn't understand that, the operators don't understand that. And we have to do a better job of explaining why we are just as exotic as they are in the techniques that we all use as a community to do our jobs. It's not, go Google it. If you're going onto Google, then everybody saw what you did. We don't want that, because we are the intelligence community.

Harry Kemsley: Right. Indeed. Indeed. Sean?

Sean Corbett: Yeah, there's some really good points there, actually. Balancing that need for structure and tradecraft with not making that stifle the ability to do stuff. I think this is bigger than open source intelligence, it's the whole community. And we're going to get onto this, of course we must do. When you're talking about the application of artificial intelligence and machine learning, at some stage we've got to learn how to trust the algorithms that are doing it. Right now, it's magic in, magic out. Okay, it's a bit better than that obviously. But even when we're getting to unexplainable AI, how do we manage that in the intelligence community anyway, when we do need to show our working, if you like? Now, I've got a little bit of a different perspective from most people. If you look at the algorithm as being an analyst, if you like, you will trust the analyst up to a point because they've had training and because they've had the right input, but if they get their things wrong two or three times, or in some of my boss's case, once, they will never be asked to do anything again in terms of stand in front of the boss and analyze. So, it's almost the same thing, if you've got bad algorithms, as long as it isn't catastrophic that you've acted off that algorithm, then if it doesn't work, then you change it. So, it's kind of learning while doing and having the flexibility to say, " Well, going off in that direction in terms of developing the technical capabilities is paying dividends for us, let's keep that going." And another one's going, " Well, okay, let's not do that." And so, you're always going to have the human in the loop. It's another conversation we've had, that you will never get rid of the analyst by doing that. And open source, I know it is an argument that, "Well, if you can do open source intelligence, why do you need these really skillful analysts?" Well, there's a reason for that, because they actually take all this data and turn it into the so what, and the, what if? That only analysts can do. So, I'm not scared about that, but embracing it is quite a challenge.

Randy Nixon: Yeah. I think there's two points there, Sean. And one is, our tradecraft has to be continuously evolving. So, even yesterday we ran a class for the very first time about how to ask questions of large language models in a way that helps get you answers, or how you may have to ask a series of questions to get the right answers that you're looking from, from this new technology. It's very powerful in what it can do for us in these large corpuses. Same thing with the machine translation. It works great on some languages, it works okay on some others, and you have to know which ones you can use. It doesn't mean I'm not still going to deliver something in a very hard language that the machine spit out a first draft on, but we're teaching our experts and we speak more languages in OSE than any other part of the government I've ever worked with, to also look at that and make sure that it's right, because one word being wrong can change the entire meaning of what we're trying to deliver there. So, tradecraft is always moving.

Harry Kemsley: I've worked in capability management for the UK Ministry of Defense, and I know that government procurement is often lambasted for being incredibly not agile but incredibly slow. So, I want to use that as a segue into the role for commercial organizations to partner more fully with the intelligence community. My contention is that the commercial environment can move more quickly, can be more agile with technology, can find the pitfalls as much as it can find the benefits of it. And then bring that, in- source that into the intelligence community. That's my hypothesis, if you will. What's your view about the role, Randy, of commercial organizations in and around the intelligence community?

Randy Nixon: I think they're increasingly great partners and I think the agency and the IC in general has gotten a lot better about opening the doors to those partnerships. I mean, historically it doesn't matter if it was us or DoD, you would think that we worked with five big companies and that's about it, if you go back to the World War II era, and there's an entire industry that grew up around this. My job, previous to OSE, for a year I ran our organization called Digital Futures, and in there we were really pushing how we revolutionize how we work with the private sector. One of those things we did was a broad agency announcement called Digital Hammer. We have over 300 companies that are signed up to participate on Hammer and they're from across the United States. So, from there, we'll put out an unclassified challenge, and then the companies in a very short matter of time can give us back a summary of how they would accomplish that. So, take for instance, if I asked for industry out there on the cutting- edge... And on Hammer, we have everything from brand new startups that are just getting their first series A from a venture capitalist, all the way through large companies that have been around forever. And they can compete. So, we can say, " I'm looking for the best new OCR for whatever language you want to talk about." And they in two weeks time, will send us a three to five- page white paper on how they would accomplish that. And then we can rapidly say, in that case I get 35 papers, that's 35 companies that got a chance to be seen. And in many cases, three fourth of those will be companies who have never done business with us before. So, we're opening the door to them. We can then very quickly narrow it down and say, " Okay, I want to see full proposals from these five and you've got 30 days to get it back to us." So, now we're up to six weeks since I put out the problem set. And then from there, we can narrow down to one to three, or however many, and say, " We want to actually test it." We'll take it to one of our labs and work with that company and see how it works. And then at the end of that, I have sole source justification and can very rapidly be working to bring this technology on. On the other side of that scale, in open source, because we're working not on the high side systems, we can start working with companies super rapidly. And so, if Microsoft develops something or Janes developed something, like we love Intara, so I'll give you a plug on that, we can very quickly be working with you on the low side systems and testing this. So, I see OSE as the tip of the scale of what innovation can be done throughout the IC. And then from there, the lessons we have from that, we can start working to bring it onto our high side systems, which do take longer. When people think about the traditional systems and how we work with companies, they're thinking about how do they get on our high side systems, that is long and it should be, because of the threat that that brings to us.

Harry Kemsley: Yeah. Yeah. Fantastic. Sean, I'll come to you in just one second. So, you mentioned Digital Hammer, that sounds like an awesome process. Is that something that organizations that listen to this podcast might actually be able to join? Is that something they can apply to be a part of?

Randy Nixon: Yes. They should send a note to df- engage @ uci. gov and we'll get you all the information, and it's very simple. We made the barrier to entry easy on purpose. And we'll give you some other paperwork to fill out that you would need if you actually win a program. But historically, we've said, " You're going to have to go do all these security checks that can take 18 months before you even get to compete." We've made it where we're telling you to, " Get started on that, but we want you to compete even before that's done."

Harry Kemsley: Fantastic. We'll make a point if we can, Sean, of getting that address in the podcast notes, so when people will look at the podcast, they can see the address right there and make sure people access it. Sorry, Sean, you had a point?

Sean Corbett: No. I was just going to say first, that's going to be educational for us to see how many new requests you get. I suspect you're going to get some really interesting ones now, actually. But just to your point about the commercial world and its agility, I also think, yes, that's absolutely true, but the agility depends on what the demand signal is, because I know many, many companies that build something that is just amazing but there's no requirement for it, or the requirement is too expensive so nobody bought it. So, the key for me in the IC and commercial and any government and commercial partnership is setting sufficient a demand signal that people have got a reasonable confidence that what they're developing might be of use. I've seen too many companies very, very confident about what they're producing and it is great, but they don't understand what the requirement is. So, you come along and go, "Well, thanks very much." And then they feel all aggrieved that government hasn't listened to them. So, that partnership, which I think in the past, and I'm not saying it's in this case at all, because it doesn't sound like it, has always been the difficult bit, where you need to be a little bit coy about what your gaps are in terms of capability, but let people know enough so that they're developing things along the right line and then they've got a chance of competing for something that you actually need and they've invested time and effort money in.

Randy Nixon: Yeah. And I think that's a great thing that Hammer does is putting out those problems in an unclassified way, so that the companies can have an idea of what we're looking for. And we might be saying it in a vague way at times, like, " We want something that can do automated alerting across 10 different data sets on a ArcGIS system." That's not really what we're using, but it's something that says it close enough that you can get to the idea. That was our very first solicitation we put out on Hammer. To me, there are other barriers to working together. One is, the very first one that the CIA has to overcome and the other intelligence agency is, " Does the company even want to work with us?" That's a fair one, because if you're working with us, maybe that makes it harder for you to make money working in the civilian sector because of trust problems. Get it. The second one in the intelligence community is we don't have DoD dollars. So, if a company got their first contract from the Pentagon, they may have and often have very unrealistic expectations of what I can afford to pay and my colleagues can afford to pay. And we have to have those conversations. And the third is... I guess there's actually a third and a fourth. The third is, we don't understand companies and business and we have to work with you in a way to leave you space to make money. Your job in the commercial world is to make money so you can survive and grow. Our job is to get it as cheap as we actually can. So, we need to have real conversations and real partnerships as we go into these relationships together, to make sure that we've left you space. Because if we wrote a contract that said, " I can deliver Janes' stuff to the entire world." Well, then how's Janes going to profit from that? I would say that's a terrible contract and none of us should have signed it. It's a great one for me. It's a terrible one for you. We have to understand that and be able to go into these things as partners. And the last one on that is... No, forget that one. inaudible.

Harry Kemsley: We'll come back to that. We'll come back to that. So, I was going to take us on, but I think we actually got there all by ourselves, this, what do commercial organizations need to do better in your view, Randy, to engage more effectively with the IC? We've started touching on it right there, but if you were talking to an audience of commercial organizations, small or large, in the open source center that you run, what is the big message you want them to take away in terms of what they could be doing better to help you and therefore, help themselves?

Randy Nixon: Tell us what you're doing and tell us what you're doing with the rest of the community, because that opens our eyes to what might be possible inside of our part. Because they may have a great contract with FBI and they don't think about how that could be used here or with DoD, how it could be used here. So, to help us understand the art of the possible of what you're doing. And likewise, you understand where we're coming from and how we're going to have to partner on this journey.

Harry Kemsley: Yeah. Yeah, that's a good point.

Randy Nixon: And some things are going to be hard. I mean, our systems are different. When we're working together on our unclassified systems, it's closer to what the outside world is. But as we start to move forward and if it's something we want on the high side, we're probably going to need your engineers and engineering help and we're going to have to work with you to make sure that that's possible, too. A lot of things that'll work on the low side you, it's like, you want an inaudible tool on the low side. It's great, it'll work, it'll work every time. You bring it to the high side and I ask it to run across our own data and the metadata at the top and the bottom and the varied way, there are different reports from different agencies. Look, they can screw that entire thing up. And when they're coming back saying, " Your most common term is top secret and the location is Washington or London." Completely unhelpful. So, we have to work together to tune that technology to work as well. We really have to approach it as a partnership. And it's increasingly important as technology's advancing. If I want to go hire hardware and software people or hardware and software companies, we can all find that. But if we need artificial intelligence or machine learning, or you name it, the next thing that's coming, data science, that universities haven't kicked out enough of those yet. So, we're all competing for that same talent. It makes that talent expensive and hard to find, and it makes it that much more important that we work across private sector and government to partner on these problems.

Harry Kemsley: Yeah. I definitely like that point about the art of the possible. It's not always easy. I can tell you that from Janes perspective in the commercial sector, you do sometimes see opportunities across agencies, but you've got to nudge the first agency to talk to the other one, because they don't want you telling the other agency that you are doing X, Y, or Z with them, with this capability always. So, that lack of sharing, which we've certainly encountered in other conversations also occurs in the commercial relationships. But I definitely like the point, art the possible, help us understand what we could be doing or should be doing, could be a really obvious and helpful thing. Sean, you've had the benefit of working in enough different organizations, some of them very supported by commercials. Other, less so. Have you seen any big lessons in terms of what the commercial organization should or could be doing to better support the IC you've been a part of?

Sean Corbett: Yeah. I think it's a cultural issue, is remain engaged. So, we always think that within the commercial world that we need to wait for the demand signal, but it's a conversation that needs to be ... So, it's building trust by saying, " Look, is this what you really need?" And then, testing and adjusting, demonstrating what you're doing and what stage you're at, without getting too ridiculous about it. But it's got to be a proper partnership. And I feel at the moment, certainly in many cases, there's a written demand signal goes out there, this is probably more true of the UK actually, that gets interpreted in a different way because language does matter, by the commercial company. They develop something and then come back and say, " Here you are." And they go, " Well, that's not what we wanted." But at no stage there's been check understanding. So, I used to get frustrated within defense when I used to be one of those unusual people that did reach out to industry, but I probably didn't articulate what I needed quite enough. But they'd go away and come back, think, " Right, we've spent lots and lots of dollars on this." Thinking, " Have you? We didn't even know you were doing that." So, it's having the constant conversation. And that is probably the biggest frustration, I think, for many commercial companies is that they don't think it's a proper partnership. And it's down to that word trust, isn't it? And the reality check from the IC or whichever government organization to say, " Look, we're probably not going to invest in this." Or, " There's not going to be a huge amount of money in this." Or, " We are genuinely interested, but you're not definitely going to win." Having that reality check of a conversation, that you know how much resource and effort to put into it.

Harry Kemsley: Yeah. Well, certainly the words partnership leap out at me from that observation. Sorry, Randy, I cut you off.

Randy Nixon: No. Talking about the development. I mean, if I'm using my own developers, we're using lean, agile development principles where the developers are working right with the users, so the analysts or the operators, or even the OSE professionals if they're building it for us, get what we need. And if we don't do that type of development, it always ends up 10 to 15 or worse degrees off, and it can take you forever to get it back to what you actually wanted to use. And by that time, the user's already lost trust in it. It's the same for purchasing it, because what's coming out of that box isn't going to be exactly what the IC needs, and we need to have that same lean, agile type development work with that company to make it work for our systems, to solve our exotic problems. And so, it goes all back. We have to be partners in a way we've never done before. And I'm really proud of the success I think we're starting to have in that and working with companies and helping develop these relationships and broaden who we're working with in this scope.

Harry Kemsley: Yeah. So, I've heard partnership, I've heard trust, I've heard engagement. And consistent engagement, to your point, Sean. Yeah, those all leap out with me. They certainly resonate with me. Certainly where Janes has had the benefit of many, many decades of working in the spaces we're talking about here, that engagement should be easy, but we're making it not as easy as we could be. And I think that's one of those things we'll take away from this conversation, for sure. Engage, build trust, maintain the engagement, endure through that process, and you're more likely to be successful. Because time is always precious, I'm going to start to draw stumps here, sorry, a cricket reference. Bring the conversation to an end. What I'd like to do, and I always do in the conversations is look for that one takeaway. What's the one thing, Randy, you would like the audience to take away from this conversation about the open source environment in the US from the agency's perspective? I'll come to you first, Randy. Sean, as always, I'll come to you next, if I don't interject mine first. Randy, what's the one thing you'd like the audience to take away from your perspective as the director of the open source center for the CIA?

Randy Nixon: I think we talked a lot about technology, we talked about innovation, we talked about partnership. A point that I started to make earlier and forgot, it's really our people that make us special. And the common folks who are out there, I wish that they would understand that more. That while we talked about tradecraft is the people who employ that tradecraft and develop that tradecraft. And the OSINT professionals that we have, the way they can find those diamonds in the rough and find that needle that we actually need, and to do it in the way that protects people's privacy and meet all of our legal standards that are across the world, and the use case standards may be different than US standards, but we're out there making sure we're doing things properly. That's all the people behind it and they have dedicated their lives to serving these nations and protecting our freedom and democracy and all the things that make it where people choose to work in the intelligence community instead of the business world. They're sacrificing money, often time with families and whatnot, to do these jobs and they are real heroes. And while they're not making movies about OSINT, they really could, because these people are special. They have great techniques, languages out the wazoo, that are novel, and passion for what they're doing and protecting our countries. And I say countries because we do work across those liaison communities and work as units. In a way that should make the American and the British and our other partners' publics really proud. And I know I am. And that's what astounds me and keeps me coming into work every day is, how can I be a servant leader for those officers in OSE and the greater OSINT community?

Harry Kemsley: That's fantastic. A heartfelt comment. Thank you. Sean.

Sean Corbett: Oh, good, you are coming to me next. I agree with all that, Randy, absolutely. We are never going to replace our brilliant people. Some of the analysts that I've come across from all of the agencies who can now particularly, especially the youngsters, who can not only analyze and have got really good geopolitical understanding, but also probably now to code as well, which is a bit scary as far as I'm concerned. And I'm going to step straight out of character for my point, because I'm normally a glass half empty guy, because I'm an analyst. But I think the big things I've taken out of this is encouragement and optimism. I mean, you've really opened some eyes there, Randy, in terms of how the organization thinks about open source, but also what it's actually doing, that I don't think always the IC, for good reasons and for bad reasons as well, always advertise what it's actually up to as much. And I've been really educated on this, so really grateful in terms of, oh yeah, and without being arrogant, but the IC's clearly got this and it's moving out on it. As opposed to, like you said at the first, just the people outside the community just writing white papers saying, " Why isn't the IC doing this? And now it's time for an open source." Et cetera. Well, they're doing it from point of ignorance, but maybe there's something that we could do better from within the community to get that out. And this is a classic case of doing exactly that.

Harry Kemsley: Yeah. Fantastic. And in fact, Sean, as is often the case the other way around, you've just eaten my sandwiches because that was exactly the point I was going to make. The point I've taken away from this, Randy, is exactly what Sean just said. So, I'm just going to underscore it. I think what's been really refreshing about this conversation apart from your candor is that it's very clear you as the director of that organization at the center of the CIA, really do get the point about the power and utility of open source. You fully appreciate the need for the good people that you've got working for you, who you quite rightly lauded a few minutes ago as being at the center of that success. Allied to that, which is almost sounded like a second point, which I'm not allowing anybody else, but I'm going to get away with it because it's my chance to speak, is I think the organizational point that you've made as well, which speaks to the point Sean just made. People don't appreciate that the organization they're calling for is already in place. It's there, the open source intelligence agency that director... You're of. That, for me, feels like one of those things just isn't well understood. If it was understood, people would be spending less time talking about the need for another agency, but let's not start that conversation again. So, it comes to me then to bring a pause button to the conversation, Randy, but not before I've said a very, very sincere, thank you. I can only begin to imagine how busy you will be in the organization you work for, and to take the time out to speak to us about a topic we think is really important, clearly you think is important, is a magnificent thing that you've done. So, thank you, Randy, for your time. That was really, really generous of you. Thank you.

Randy Nixon: Thank you for your time and for the 120- plus years of Janes being one of the leaders in the open source community and we love your work and your expertise in military equipment and military affairs, and as we're seeing you grow even beyond that is inspiring to the rest of us as well. And thank you for your time.

Harry Kemsley: Thank you, Randy. And thank you, Sean. Thank you.

Speaker 1: Thanks for joining us this week on The World of Intelligence. Make sure to visit our website, janes. com/ podcast, where you can subscribe to the show on Apple Podcasts, Spotify, or Google Podcasts, so you'll never miss an episode.


Randy Nixon, Director, Open Source Enterprise, CIA and long time user of Janes joins Harry Kemsley and Sean Corbett to discuss the power and utility of open source intelligence in the intelligence community, why the people in these organisations are so important and how this community can optimise OSINT in their organisations.

Today's Host

Guest Thumbnail

Harry Kemsley

|President of Government & National Security, Janes

Today's Guests

Guest Thumbnail

Randy Nixon

|Director, Open Source Enterprise, CIA
Guest Thumbnail

Sean Corbett

|AVM (ret’d) Sean Corbett CB MBE MA, RAF