Understanding operational security for the security intelligence process

The Intelligence Process
An intelligence analysis usually consists of 75 to 80 percent open source material. This amount of open source content might lead you to assume that anyone with an Internet connection can produce intelligence. Experience dictates otherwise.

Information collection requires in-depth knowledge of sources, including their strengths and weaknesses and in the case of social media, a thorough knowledge of its peculiar argot. Open sources include more than just Internet sites and social media. Over time, the professional cultivates relationships with subject matter experts and other human sources. However, information is merely information — you do not gather intelligence, you produce it. Information plus analysis produces intelligence. Intelligence saves the decision-maker from drowning in raw data.

The information collection process always leaves a void in a large picture puzzle. The added value comes from the analyst’s perception used to envision what the whole picture should look like. Intelligence does more than present knowledge, it facilitates understanding.

Security Intelligence
Many businesses adopt the prudent practice of monitoring activists, protesters and others who may have undesirable effects on business operations. This is usually termed Security Intelligence.

Security intelligence is a dedicated function equipped to find and analyze information to produce actionable intelligence that helps defend the enterprise against broad-based, opportunistic, hacktivism, and physical attacks on business operations and assets.

The security department can easily identify what needs protecting. Security intelligence identifies from whom it needs protecting. The threat can be a person, foreign government, social unrest, economic, environmental, or a group.

Groups or movements that seek radical political or economic changes rarely respect private property or the wellbeing of any business or its employees. Unfortunately, businesses that monitor these potential threats often fail to understand that the menace returns the attention.

OPSEC Fundamentals
In the age of radical crowd-sourced hacktivism and broad-based threats, it is important to understand the five elements of OPSEC.

The first OPSEC element must be to identify the group or groups that threaten to disrupt your business operations. (Your adversary appears herein as the opposition.)

With the identity of the opposition in hand, create a list of your critical information that the opposition could use to harm you and examine how they might access it. Next, organize items of information in priority order based upon the sensitivity of each, and list operational security countermeasures. From this, deploy security practices and countermeasures to protect your most vulnerable assets, in priority order.

The OPSEC Foundation for Security Intelligence
If your goal is to maintain a successful security intelligence function, then you must limit its exposure through ‘enemy action’. The opposition will try to engineer a variety of situations, or take advantage of your technical naïveté, to portray your intelligence efforts as something petty, incompetent, and evil. The opposition’s success in this will depend on your lack of preparedness or your inappropriate reactions. The opposition’s successes will be widely broadcast. Yours will not.

If the opposition is a group of political activists, then they are certainly organized and can use the same techniques used by your intelligence and public relations (PR) operation. They will also have lawyers at their beck and call.

Experience dictates operating on the assumption that legislated or court-ordered disclosure will eventually expose some portion of your intelligence process. Employees with a variety of motivations may expose vital security intelligence information and analysis reports. Hackers will also plague your security and intelligence functions.

Groups of hackers often appear surrounding a specific cause. For example, the occupy movement generated groups of sympathetic hackers that vandalized web sites and exposed the identity of a security officer who was gathering intelligence from online forums and social media.

How much of your intelligence practices are exposed and compromised will depend upon how well you structure the OPSEC surrounding your intelligence gathering, analysis, and reporting functions. This applies to both your online intelligence gathering and collection efforts in the physical world.
If your location, company, or product is iconic, then expect ongoing attempts to penetrate your intelligence system by unrelated parties such as open data activists and hackers without any specific cause.

In the next article, I will illustrate the security intelligence OPSEC challenges and solutions for iconic locations.

Richard McEachin is the principal of McEachin & Associates Ltd. (www.ConfidentialResource.com).