Producing effective open-source intelligence
Producing effective open-source intelligence
Lee Wylde MBE is a former UK Military Intelligence (OPMI) and CAPDEV specialist and first soldier to go through the Military Data Science Operator program. Lee developed intelligence focused solutions for UK Gov (during COVID-19) and FVEY community. In this episode we discuss how to produce effective open-source intelligence (OSINT), the benefits of automation in intelligence and the future of OSINT.
Lee Wylde MBEPresident & Co-Founder at Atreides
Speaker 1: Welcome to the World of Intelligence, a podcast for you to discover the latest analysis of global military and security trends within the open source defense intelligence community. Now onto the episode with your host, Terry Pattar.
Welcome to this episode of the Janes podcast. I'm Terry Pattar. I lead the Janes Intelligence Unit. I'm joined on this episode by Lee Wylde, President & Co-Founder at Atreides. Lee, welcome to the podcast.
Lee Wylde MBE: Thank you very much for inviting me.
Terry Pattar: I've been looking forward to this because you and I talk on and off for the last couple of years and I've always been really impressed by a lot of the work that you've been involved in with open source intelligence in particular. It'd be great to hear from you about some of your background, how you got to where you are now and what the work is that you're doing at Tradies inaudible and what the offerings are that you're developing really, because I think it's really exciting work that you're doing.
LEE WYLDE MBE: Excellent. Thank you. So, yes, I'm ex-military. Just the other month I left and specifically, like you said, focused on CAPDEV, which was really born out of identifying needs from having the inertia to solve problems for partners or our own issues and identifying things that can be fixed. That's wha I love doing building capabilities and identifying disparate pieces of information, either structured or unstructured and fusing them all together. And that's what I've always done. It's just nice to be able to do them in an environment and an industry where you can see the end result. Really, really rewarding and that's what I really focused on and loved doing.
Terry Pattar: How do you see open source information developing at the moment and open source intelligence?
Lee Wylde MBE: For me personally, there is an element of, I think you have to put the blinkers on and kind of ignore all the buzz words and all the promises of X, Y, and Z from a multitude of different places. You're an architect. And I used to be an architect.
Terry Pattar: I was going to say you used to be an architect. Yeah, that's interesting.
Lee Wylde MBE: There's a saying that that architects know something about everything and engineers know everything about one thing, and I've never seen that and it's truly true for a reason. Within the J2 inaudible sphere, you're an architect of the truth. Now it doesn't mean you created with the truth, it means the way in which you've got to an answer that satisfies what has been asked of you to go and find out. For me there's one word. Automation. I think that when you read through and through and through about what AI and they're fantastic, great. However, there lacks a lot of tangible, real world scenarios where either of those is coming to fruition for someone to go, I'm redundant. I don't need... I can sit back and answer a third of my work because it's not there yet. But what is there is the ability to increase an analyst cadence through the technical capability. Sources are always going to be there, whether one turns off their API or not and we have to get a very creative way of go to find some other data or disparate data sources over here, over here, over here. Automation is the key to uplift and to level analysts or existing, or kind of midway analysts who are bogged down in the scene inaudible, if you will. And the transition to be able to concentrate on what's up and coming in the open source space has to start with whatever got to inaudible. Let's get rid of all that that can be automated and that can take over. I'll tell you what that automation now can turn into my own alerts, my own watch lists. Again, prompting and poking and provoking the intelligence cycle to work for us and not the other way around. So there's a transition from very mandraulic ways of going out to do things versus the automation. And then the ability to focus on really what is the golden opportunity, which is indicators and warnings that are automated, regardless of the content that you're looking at in the maritime space, in the airspace, on the land space. It doesn't matter which domain you're in. You and I both knew metrics that are measured for performance within our space. How many hours can you save an analyst? I did that for you. I saved you two hours a day. That's 10 hours a week, 40 a month, and then forever for infinite. Brilliant. I've just saved 10,000 people an hour. Crazy. It's great but actually, it's only great if you can do it again, it's repeatable. So it's problem inaudible. And I think that's where the foundations of the future of open source lies. And it's not specifically just within social media. I think there's a lot, whilst it can tell you a lot, back in the day early 2000s onwards fantastic. It was a real niche and a real head turner. However, as you'll know, and we all know, it's data everywhere, information everywhere. And it's the ability to automate and enrich. So take multiple data sources, something like entity resolution, or enrichment, low level enrichment, and start piecing these together to bring to the full world human behavioral, real insights as an analyst or as a cap dev specialists serve in the analytical community, I'd be doing a great disservice five through 65,000 dots on a map. It looks great. It looks amazing what you're going to spend the next six hours trying to figure out exactly what does it mean? I'm going to filter this. I'm going to carve this data up. That's why trainees exists. We said, well, let's do the favor to the analyst and say, look, you've got 12 dots on your screen, but those 12 dots absolutely mean something because they are from 16 different enrichments, which means you've got now that justification to underpin a new, inaudible saying, this is something in here. Why brilliant. Okay. Now we've got an understanding. We've never seen that before. Fantastic. Well, we have seen that before. It's just normal. Good that validates theory or hypothesis. So the kind of the future of Austin is while there are a lot of companies out there coming up with new data feeds, entity extraction from different, unstructured data feeds and structured them and feeding them through some taking quite diluted data sets and Richard them for the sake of enrich and whatever. I don't know but what we are our primary focus within this space to make sure the future of inaudible is a space where it's accessible, it's reliable and that it's shareable as well. And it gives you insight. And that's the way I see it going. There's no doubt the future of the open source is going to be underpinned by an operator's technical capability. Absolutely. And the UK defense specifically has done a phenomenal job. When you look at the Jacob coding scheme, when you look at some of the other units who are with two feet dipping into this space.
Terry Pattar: Do you mean efforts to teach people coding and more technical skills that can help them do their own automations?
Speaker 1: Yes, exactly. I know it's difficult. You know, we all I say we I'm out a bit, but, and then we all have certain rules to keep and to maintain. And, it's slightly, I'll say it slightly easier with, from industry, but just the exposure to this exists. You've got the power to be able to do that, supercharge your kind of tier one analytical skills, if you will. And we don't have a tier one analytical kind of function in the UK, we would fantastic, right. To take a lot of people who I speak with from certainly the fire by can use. So I, and I thought it was like Jack Ryan, or, but like Karen Matheson thought it'd be like that. And you know what? Yeah, take a bit of that. Take a bit of Hollywood and use that to supercharge your own capability and say actually, and that's how I started. That's exactly how I started. I came into my job with the assumption of X, Y, and Z that assumption and my high standards were met, whatever.( laughs) Well, how can I bridge that gap? So when I used to hear that something can't be done, it would be red, red rag to a bull because I'd like, that can be done. I'm up to this,(laughs) we've got the technology, right. And by hook or crook, get there and say, look, it can't be done. Now we need these resources.
Terry Pattar: That's a great way of thinking about it. I mean, I've lost count, probably the number of movies I've seen where I've sort of, on the one hand, I've been shaking my head thinking that just isn't feasible. And then on the other hand, I'm looking at it thinking, I wish it was feasible.
Lee Wylde MBE: That is to attain to that for recruitment purposes, as well as a phenomenal opportunity, really connecting people with, again, the architect or engineer, you can still take an engineer and infuse a little bit of color in there and turn them into architects, but with the right skills to be able to deliver. And that's, the majority of our team, I like that, the treaties engineering team is, it's a wonderful thing to have because they are driven by the output and the impact of the output. So the engineer and approach becomes second nature, which it is to them. But the output is one of, wow, we've just uncovered this and it's on a global scale. Okay. That's a massive value to X, Y, and Z. We can perpetually provide that saving, or complimenting. And the other thing that's really important, Terry, and we've talked about this before, I don't think there should be, or you should exist in one central supplier of, what were the dominant providers of, of X, right? Because no one can ever replace any other sources. It's a big, big pool, a big, big marketplace, and everyone's got the right to be able to provide and do X, Y, and Z. But what's beautiful is regardless of where whichever feeds, you'll bring it in, they'll still fit through the framework of IRM.
Terry Pattar: I think what you mentioned there in terms of, that kind of exclusivity around information or supply, etcetera. It's what I love about open source information is that it's available to everyone and it's what you do with it really, that adds the value. And, you talk to that around enrichment and things like that. It's about what you do with those different data sets that you might bring in. Or even if you're an individual analyst who maybe doesn't quite have those technical skills, any information you're bringing together and then figuring out what it means and what it means in relation to the questions you're being asked, not just what does it mean generally, but what does it mean specifically for the person who's going to read this? I have to make a decision with why. Right. So yeah, that outcome focus is really interesting. And I'm always keen to drive that home for people is that's what we're all focused on. Right. And I think one of the things I've seen is that we're all creatures of habit. We all tend to go to the same sources of information, so whatever the requirement is that comes in we'll studly dash off to try and get the answers or in an ideal world, if we could we'd get the answers ready made. But as you know, we're often piecing it together to figure out what's going on. So, but analysts tend to be creatures of habit. They tend to go to the same source again and again. But there's a lot of unusual sources of information out there. I think in terms of the ones that aren't used very often, and what I've always liked in some of your work is that, you're very good at identifying where those sort of disparate sources of information might be that people otherwise might not consider. Are there any, in particular you think at the moment that people that you see that you think analysts should make more use of that are out there, that people aren't really using enough of?
Lee Wylde MBE: Yeah. So a really good point. So we have, I like to think a global colleagues in the NGO space. I mean, the NGO effort in different countries can get to the spaces that we can't, the Mondays allow them to do that. And, and they collect and they structure and they disseminate, sometimes they're always in English, but that's fine. That's where the tree craft comes in, right. To be able to convert and give you that in a readable format and be able to pull from that network of global resources, really granular insights that can affect decision- making or support decision making and affect, ops on the ground or, efforts in wherever to do whatever. I think sources are sources. The output really, for me, I've always had in my mind is what can we create as a service provider, as a human, what can I provide to give the person who's using tools or whatever I've built, the ability to underpin their dissemination with analytical rigor, analytical rigor, really important and overlooked. And we're taught, you know, fact common assessment, what happened, something about what happened in terms of our own knowledge bank, and then the analysis coming out, is it likely to happen again or not. And that nice little triangle of that trigram of solidarity to underpin analytical rigor, but in terms of data sets. So for instance, there's some fantastic stuff there. So we look at NGO databases, so let's take Northeast Nigeria, leach our base in the conflict there that's been on for years, you and HCR in. So all these different places that are bound by that Monday to establish an IDP camp. So internally displaced personnel camp, they have to take stock of who's on there. The percentage of fine age males, the percentage of females, or if the com guarded or not GS, where it's plotted, what languages are in there, those kinds of things are absolutely phenomenal pieces of low- hanging fruit that yes, they may be desperate and over here, and not as sexy as images, however, the kind of insight you can pull from that on a perpetual basis, because it is time series as well, every month they provide this and every quarter they'll do a larger report on, if their re IDPs have gone away and come back and X, Y, and Z, but analytical rigor wise, when you're underpinning or hypothesizing about what function of book or AMA Islamic state, he was going to move through a certain area and, unlikely they would run through here because, two thirds of the population of female, of these IDP camps, then you can start to really underpin your analysis with cited information that's, really high grade. And it's out there in the ether. Another example, in a way you can start connecting things like social media and videos and whatever else is look for those disparate datasets that can underpin your hypothesis or look for evidence inside those videos to say, ah, okay, X, Y, and Z. So for instance, if a certain group we're releasing communications by video to purposely undermine the incumbent regime who was trying to fight them, and it showed them living off the land and it showed them fishing, and it showed them surviving as a kind of a defiance, there is plenty of information in there to be able to pull out. So for instance, if one of the people on the ground was showing you a certain type of vegetable or root vegetable, you can start using things like pH levels in the soil, from legacy soil testing data within that region to say, I know that that can only grow between certain pH levels. Let's see all the dots on the map and start pH profile in the certain areas. Now it's not a smoking gun or a silver bullet, however, intelligence and traditional IPA intelligence preparation environment is about a layered approach, not just about dots on maps, it's about okay, water brilliant, which isn't drinking water. Do we even know that's an information gap, guess what that goes back into intelligence collection plan, brilliant, however, the wrong, the map next IDP cups, next pH levels in the soil, brilliant next, events, next X, Y, and Z. So again, it's the architecting of that analytical rigor that is ultimately, and let's be honest. The IC is a product based community. And we love sending products out. We love graphics and that, and sometimes things can fall by the wayside, but it's the future of open source, as we just touched on is about taking those desperate and very unique data sources that are often overlooked and pulling them together and saying, actually, X, Y, and Z is from this, this and this. And it's worth sending X, Y, and Z to go and validate or using another source, maybe close sources to validate that. And that's what I love doing. That's what's out there and it's endless opportunity.
Terry Pattar: Interesting. Yeah. It's just some of those things you mentioned. I mean, things like soil pH levels. No one's really going to think about, okay. Yeah. Actually, if you want to track where this group is moving around, then maybe they are going to move to the more fertile areas and yeah. That is an important indicator. So, yeah, I guess for analysts it's about thinking a little bit more laterally sometimes isn't it about where information could come from that could be useful to them rather than going back to the same sources and then especially if they're coming up with zero and they're not getting anything, where else can they go? Yeah.
Lee Wylde MBE: I noticed that something inaudible UK defense is very good at, which is right where we're choosing to go back to basics now. Let's take, a look at things that we may have missed or given the inertia of what we've just been involved in, let's just roll that back and retrospectively, see if we can arrive at the same hypothesis and the same output. Right and there's other things out there as well. That's the automation piece, you look at things like clad, you look at things like the global terrorism database and another collection databases that is absolutely beautifully ripe for automation. So for constant threat integration or for constant center of gravity analysis, some bright spark out there can just keep that structured data coming in and using, so many personal choices, Python, whatever else, but, stripping down that unique signatures inside there and saying, Hey, look at the weapon systems associated with this group along this time. So for the past, that didn't use, indirect fires for whatever, suddenly when you're looking at your threat integration, which has pulled from all the data you're pulling in very structured. Now you've got three, four new weapon systems that are suddenly being talked around. Okay, fine. Now, what do we have understood that in the traditional context, perhaps would we have missed it if we didn't have this tool maybe, but now we've got it. And one of my litmus tests for building what we built and people inaudible, and there's a lot of club of people out there. There's a lot of organizations out there that will say, yeah, we do that. Yeah, we do that. Yeah, of course we do that, and that's great, but my question is, could you do it yesterday? Can the customer do that yesterday? Can they do that today? Yes. There you go. That's the fulfillment that we get from building what we built and our job is to make sure that whilst it would be ideal for everyone to be able to go out and have research days. One of my previous bosses was very big on research weeks, allowing and empowering people to take that one week off, still in the office, of course. But, to work on things that generally interest them in line with the job that they do....
Terry Pattar: Kind of getting away from the intelligence requirements anyway.
Lee Wylde MBE: Yeah, yeah. A break from operational continuation aside, it keeps going, but certainly through the eyes of innovation and, cut down and things like that, how are you going to know what sort of the fence, if you're not allowed to peek over it?
Terry Pattar: If you're so busy looking at what's right in front of you. Yeah. You don't know what's to the right and left.
Lee Wylde MBE: Yeah. And, as new sources come in, it's like, great. Oh my gosh, how am I going to integrate that in what I'm doing now? I just don't have the time that kind of thing. But, being able to take a step back and there's a lot of talk and movement around innovations you've seen within defense and specifically in the inaudible. And that's really allowing for these things to creep in and to say, right, just take a tactical, pause a second. And, everyone always says I don't have enough sources or, I want to be able to get the imagery or I want to be able to get that, we're not going to get it. You know, we're not going to get it, but certainly not in time. And again, time is really important or counting, what can we get to in that amount of time that will, again, under the heading of analytical rigor, be able to be disseminated to the people who need it. And so there's lots of opportunity in that space. Absolutely.
Terry Pattar: Yeah. I mean, that's fascinating. And in terms of what you described there, that there is still that challenge of people being naturally biased towards being focused on collecting information and getting as much information as they can, but not always having the time to get what they need for it not being available. And then not thinking laterally enough, potentially about what else is out there, because maybe they haven't their organization doesn't give them what you described those kinds of research weeks, where they can spend a bit of time doing their own capability development, which enriches the capability of the organization. But there's a lot, that you've described there that organizations and individuals can embed in their processes or in their workflows to help them get better at doing open source intelligence without even going out and buying some fancy new tool or anything like that. It's just, it's down to them. Their efforts, I guess, in terms of, can they build in for themselves a way to think more laterally or a way to find those other sources of information or share them internally? I think there's so much there that chimes with what I've seen in the way that organizations can improve their open- source intelligence and, individuals can, and like you said, it is about rigor. It is about approaching it from that perspective of what is the requirement? What are we trying to do here? What are we trying to achieve? What's the outcome and keeping that focus. But at the same time, being open to thinking about, what else is out there that we might maybe aren't seeing?
Lee Wylde MBE: Yeah, absolutely. And you know what, you don't have to go on a special course or start doing a degree or a Master's to do it. I taught myself how to code and because the need was there and with a Jupiter notebook and the endless resources that are online at the moment, either unhappy for the past two or three years, as an analyst, who's wanting to really push and, passion is one thing capitalizing on that passion is another, there are enough resources out there to be able to go out and do exactly what we've been talking about. And there's another piece to this as well. The analytical rigor can be met. And I've found this personally, when you start carving up data, let's say the Jupiter notebook and using pandas or whatever else, when you start carving data up and having a cursory glance it and start grouping it by this and start grouping it by that, before you know it you'll start to see patterns and it's very geeky, but you start to see the times and you really did. And that's what those patterns are, phenomena that will underpin your analytical rigor. Now what you could do with weapon systems that could do with events, whatever else it could, like I said pH selves and the side. Correlations can only be found if you are intimate with that data. And there are other tools are out there probably available to be able to go out and do this and push yourself to add the value to the organization and ultimately the end customer that you are supporting. And that's what we're about, effect.
Terry Pattar: I think that's a great way to sort of wrap up this discussion. Thanks for taking the time to talk to me and to give us the benefits of your work and your wisdom and knowledge it's been great.
Lee Wylde MBE: I'm still learning, that's it.
Terry Pattar: We all are. inaudible learning together.
Lee Wylde MBE: Pleasure as always, and always got time for Janes. The stuff you do is remarkable and very much needed, but anytime.
Speaker 1: Thanks for joining us this week on the world of intelligence, make sure to visit our website janes. com/ podcast, where you can subscribe to the show on apple podcasts, Spotify, or Google podcasts. So you'll never miss an episode, uncover the threat landscape with assured and interconnected threat intelligence from Jay's covering military capabilities, terrorism, and insurgency country risk, and CBRN support your threat and capability assessments and enhance your situational awareness with Jane's threat intelligence solutions. Find out more at janes. com/ threat.