Professional Documents
Culture Documents
7-11 The ¡®how To¡ of Intelligence
7-11 The ¡®how To¡ of Intelligence
7-11 The ¡®how To¡ of Intelligence
Collection
managers
collect
according to
requirement
The problem
Intelligence
Analysts prepare
managers
reports based on
OPERATIONS develop
collected
collection
material
requirements
Collection
managers
collect
according to
requirement
A network and target-centric
approach to intelligence - 1
Problem Information
(customers)
target Sources
(collectors)
Analysis: answers,
Actionable intelligence New information
How do we:
Define the intelligence problem;
Manage the intelligence process?
Despite what Clark says about the virtues of
interconnectedness, we still need a ‘system
of systems’ over the top to make things work
And the rest of the lecture will deal with
these issues
Defining the problem
Rumsveld on threat
The Unknown
As we know,
There are known knowns.
There are things we know we know.
We also know
There are known unknowns.
That is to say
We know there are some things
We do not know.
But there are also unknown unknowns,
The ones we don't know
We don't know.
—Rumsveld, Feb. 12, 2002, Department of Defense news briefing
Rumsveld in graphics
ROC
car OMG
rebirth That which
? we know we
don’t know
heroin ?
major
bank That which we don’t
fraud Know we don’t know
Rumsveld in steps
1. Organise and assess what you do know
2. Identify from that what you know you don’t know (and
need to know)
3. Develop an ICP for filling those gaps
4. Use what you now know to assess possible ‘unknown’
threat
1. For example encountered in other times or places
2. Or generated by new conditions (drivers)
1. Environmental scan
5. Examine your risks
6. In light of #4 and #5, develop an ICP to fill that gap
Organise and assess what you
know
menu
Environmental
put
to policy
scan
Initial ICP
problem Agreed
analysis: menu of ICP
scan + existing threat
threat ICP
The environmental scan
Focus down on your business
Use counterpart agencies (domestic and international) and OS to assess
threats elsewhere
Assess drivers of change relating to the threat environment in:
Technology
Economy
Legal framework
We need to
Evaluate the source
S
Each agency
s can go direct into
the warehouse
P p i I
c
S = security
P = police
C = customs
C I = immigration
Data mining setup - 2
Managing
Committee,
filtration
tools
Some typical filtration rules
P - police
C - customs F P C
S - security U
other
I - immigration S C
agencies
I
S S
O
N I
Output:
reports, I
intelligence
The role of fusion – the US
model
Information management
within organisations
Distributed model
In which all members of the organisation are involved in developing
information
And extracting information/intelligence
Centralised model
In which specialist intelligence units organise information
And extract finished product from it to provide to clients
Mixed model
In which a specialist intelligence unit extracts intelligence from a
distributed information system
Or all members can extract information from a system maintained by
intelligence
Simple distributed model
P5
P1
P2 P6
Database
P3 P7
P4 P8
Centralised model
Information in Intelligence out
P1 P4
Intell.
unit
P2 and P5
data
base
Operations Operations
teams teams
external management
client
Intelligence
product
Mixed model
Intelligence
unit
Specific intelligence
Intelligence
database
Intelligence
unit
External
sources
Organisation
P1
Pn
database
‘Use it or lose it’
for intelligence
management and R
Database/s
strategic intelligence
A
CM3 OCM3
Strategic intelligence
T
I
CM4 OCM4
O
N
Monitors external CM5 OCM5 S
developments
domestic
Shared
intelligence
Problems with intelligence
sharing
Intelligence is intrinsically difficult to share, and
doubly so internationally
For cultural factors
Security factors
For legal factors
Between agencies
Cultural factors
Just as we have different national cultures, we also have
different ‘intelligence’ cultures. These differences can
make it difficult to share and mean the same thing
They occur not only between countries, but also between
agency types – ie police share with police but are
reluctant to do so with other agencies. We sometimes
hear reference to the international ‘brotherhood’ of police
z On the latter point, it may be better to liaise between like and
like externally and like and unlike internally
Security factors
Security factors
In some jurisdictions there is no separation between
security and military intelligence
z eg Burma’s DDSI
Those jurisdictions in which there is a clear demarcation
will be reluctant to share if they think criminal or security
intelligence might be misused for military purposes
z Or, for that matter, criminal intelligence misused for political or
security purposes
Legal factors
Legal factors
Privacy
Intelligence and human rights; use of death penalty
Separation of powers; different legal systems
Need for parallel offences
International law framework for
sharing
Extradition treaties and mutual legal assistance treaties
(MLATs) need parallel offences in the sending and
receiving jurisdictions
They can often be sensitive due to different cultural attitudes to
crime
The United Nations Office on Drugs and Crime (UNODC)
offers a mechanism for international sharing of intelligence
through its Palermo Convention (UN convention against
transnational organised crime, 2000)
But this requires that
z Both sides be signatories and states parties
z Both sides have parallel law
Interpol
Regional and ad hoc mechanisms
Each national unit
and liaison unit
Europol – is subject to national
an international law in respect of how
fusion centre material is handled
German
terrorism liaison
drugs
UK
immigration Europol UK UK
national
etc database liaison jurisdiction
unit
French
liaison
Legal and
IT ‘firewall’
Jurisdiction informal
A
F
Provincial/local U
Central police S INTERPOL
NCB I
O
Security intelligence service N
/ B
Military intelligence C
O
Other agencies – customs, O ASEANAPOL
R
Emergency management, D
MOFAT, etc
C
EUROPOL
Some rules for sharing
Internal rules External rules
Share unless told otherwise: Always know and respect the
never assume the other person rules and legal governance of
knows what you know the counterpart, but not to the
Maintain, prioritise and update extent of breaching your own
a menu of current intelligence rules and governance
issues and keep it distributed Understand the culture and
Replicate central office CMs sensitivities of the counterpart
with regional counterparts Use effective multilateral means
working to the region but where they exist (such as
responsible for reporting to the Interpol and Europol)
centre (can be either
Establish effective liaison
intelligence or operations, part
networks – well worth the
or full-time)
investment
Intelligence manager to be on
Use MOUs and other quasi-
the main executive committees
legal means
Intelligence to be provided on a
Internalise cross-functional
regular basis including to the
communications (ie go military-
highest level with feedback
to-military, police-to-police etc)
provisions