The Intelligence Enterprise

2.3 Intelligence Collection Sources and Methods

A taxonomy of intelligence data sources (Table 2.2) includes sources that are openly accessible or closed (e.g., denied areas, secured communications, or clan- destine activities). Due to the increasing access to electronic media (i.e., tele- communications, video, and computer networks) and the global expansion of democratic societies, OSINT is becoming an increasingly important source of global data. While OSINT must be screened and cross validated to filter errors, duplications, and deliberate misinformation (as do all sources), it provides an economical source of public information and is a contributor to other sources for cueing, indications, and confirmation [7].

In contrast with open sources, clandestine HUMINT and both open and clandestine technical means of collection provide data on topics and subjects that are protected by denial of access or secrecy [8].

Imagery intelligence (IMINT) provides assessments of resolvable objects from imagery of the Earth. IMINT reveals the location, composition, and char- acterization of resources, infrastructure, facilities, and lines of communication to perform order of battle estimates, indications and warning, situation assess- ment, targeting, and battle damage assessment functions. Signals intelligence (SIGINT) monitors electromagnetic signals for electronic data (e.g., radar) and

Table 2.2

Major Intelligence Categories Are Partitioned by Access (Open or Closed) and Collection Means (Human or Technical)

Access

Source Type

Intelligence Source

Category Representative Sources

Open

Human and technical means

Open source intelligence (OSINT)

Foreign radio and television news sources

Foreign printed materials: books, magazines, periodicals, journals Diplomatic and attaché reporting

Shortwave radio, telecom, Internet conversations Foreign network computer sources

Gray literature (printed and electronic) Human

means

Human intelligence (HUMINT)

Reports from agents in foreign nations Discussions with personnel in foreign nations Reports from defectors from foreign nations Messages from friendly third-party sources

Closed Sources

Technical means

Imagery intelligence (IMINT)

Surveillance imagery (static air and space imagery of the earth) Surveillance imagery (terrestrial static and video imagery) Signals

intelligence (SIGINT)

Electromagnetic signals monitoring (ELINT):externals—

events, activities, relationships, frequency of occurrence, modes, sequences, patterns, signatures—orinternals—

contents of messages

Radar intelligence (RADINT), including moving target indications (MTIs) tracking data

Communications traffic monitoring (COMINT) for externals and internals

Foreign instrumentation signals intelligence (FISINT): telemetry (TELINT), beacons, video links

Closed Sources

Technical means

Computer network exploitation (CNE)

Network analysis and monitoring

Network message interception, traffic analysis Computer intrusion, penetration, and exploitation Measure-

ments and signatures intelligence (MASINT)

Technically derived intelligence from all sources (parametric data) to support real-time operations (e.g., electronic support measures, combat identification, and tactical intelligence analysis)

MASINT exploits physical properties (nuclear, biological, chemical), emitted/reflected energy (radio frequencies, infrared (IR), shock waves, acoustics), mechanical sound, magnetic properties, motion, and materials composition

communications (e.g., voice and data telecommunications) to detect traffic and geolocate individual emitters. The emerging requirement to collect intelligence from digital networks (rather that radiated emissions) is provided by computer network exploitation (CNE). This involves the understanding of network infra- structures, network traffic externals, and data communication internals, as well as access to computer nodes and exploitation of networked computers [9].

Measurements and signatures intelligence (MASINT) is technically derived knowledge from a wide variety of sensors, individual or fused, either to perform special measurements of objects or events of interest or to obtain signatures for use by the other intelligence sources. MASINT is used to characterize the observable phenomena (observables) of the environment and objects of surveillance.

U.S. intelligence studies have pointed out specific changes in the use of these sources as the world increases globalization of commerce and access to social, political, economic, and technical information [10–12]:

• The increase in unstructured and transnational threats requires the robust use of clandestine HUMINT sources to complement extensive technical verification means.

• Technical means of collection are required for both broad area coverage and detailed assessment of the remaining denied areas of the world.

Competitive intelligence operations are also conducted in the commercial business world, with growing use of electronic collection sources and open sources available on the Internet. The same principles of strategic intelligence planning, development of the intelligence cycle processes, source development, and analysis apply. Leonard Fuld’sThe New Competitor Analysisdetails the intel- ligence processes applied to commercial businesses and the sources available in this domain [13].

2.3.1 HUMINT Collection

HUMINT refers to all information obtained directly from human sources [14].

HUMINT sources may be overt or covert (clandestine); the most common cate- gories include:

• Clandestine intelligence case officers.These officers are own-country indi- viduals who operate under a clandestine “cover” to collect intelligence and “control” foreign agents to coordinate collections.

• Agents. These are foreign individuals with access to targets of intelli- gence who conduct clandestine collection operations as representatives

of their controlling intelligence officers. These agents may be recruited or “walk-in” volunteers who act for a variety of ideological, financial, or personal motives.

• Émigrés, refugees, escapees, and defectors. The open, overt (yet discrete) programs to interview these recently arrived foreign individuals provide background information on foreign activities as well as occasional infor- mation on high-value targets.

• Third party observers.Cooperating third parties (e.g., third-party coun- tries and travelers) can also provide a source of access to information.

The HUMINT discipline follows a rigorous process for acquiring, employing, and terminating the use of human assets that follows a seven-step sequence [15]. The sequence followed by case officers includes:

1. Spotting—locating, identifying, and securing low-level contact with agent candidates;

2. Evaluation—assessment of the potential (i.e., value or risk) of the spot- ted individual, based on a background investigation;

3. Recruitment—securing the commitment from the individual;

4. Testing—evaluation of the loyalty of the agent;

5. Training—supporting the agent with technical experience and tools;

6. Handling—supporting and reinforcing the agent’s commitment;

7. Termination—completion of the agent assignment by ending the relationship.

HUMINT is dependent upon the reliability of the individual source, and lacks the collection control of technical sensors. Furthermore, the level of secu- rity to protect human sources often limits the fusion of HUMINT reports with other sources and the dissemination of wider customer bases. Directed high-risk HUMINT collections are generally viewed as a precious resource to be used for high-value targets to obtain information unobtainable by technical means or to validate hypotheses created by technical collection analysis.

2.3.2 Technical Intelligence Collection

Technical collection is performed by a variety of electronic (e.g., electrome- chanical, electro-optical, or bioelectronic) sensors placed on platforms in space, the atmosphere, on the ground, and at sea to measure physical phenomena (observables) related to the subjects of interest (intelligence targets). A wide vari- ety of sensor-platform combinations (Table 2.3) collect data that may be used

Table 2.3

Surveillance and Reconnaissance Sources

Platforms Radar and IFF IMINT SIGINT MASINT

Space Geostationary spacecraft Polar orbital spacecraft Low Earth orbit spacecraft Cooperative space- craft constellations

Spaceborne radar (MTI or target tracking modes) surveillance

Weather satellites Imaging broad area search and precision imaging

SIGINT ferrets IR missile warning/

tracking Nuclear detection

Air

Tactical aircraft Standoff manned Recce aircraft Penetrating high, medium altitude en- durance unmanned air vehicles (UAVs)

Airborne warning and control aircraft Fighter aircraft

Synthetic aperture radar (SAR), electro-optical (EO), infrared (IR), and multispectral imaging sensors on manned and unmanned Recce

Airborne SIGINT standoff and penetrating UAVs

IR/EO, laser surveil- lance aircraft Atmospheric sampling Nonacoustic anti- submarine warfare (ASW) sensors Ground

Attended fixed sites Mobile manned vehicles Man portable sensors

Unattended ground sensors in denied areas

Air defense, air surveillance sensors Counterbattery radar Ground surveillance (intrusion) radar

Combat tactical digital cameras Long range IR/EO video

IR night vision IR search and track

Ground-based ESM sites and vehicles Unattended electronic support measures (ESM) sensors

Seismic arrays Acoustic arrays IR radiometers

Sea, Undersea Shipboard sensors Submarine sensors Ship/submarine towed sensors Heliborne dipping, air dropped sensors Fixed, autonomous buoys

Underwater arrays

Shipboard and submarine air, surface

surveillance radar

Ship and submarine long- range IR/EO video IR search and track

Ship, sub, and helo ESM sensors UAV ESM Sensors

Ship, sub towed sonar array Ship, sub hull sonar array

Nonacoustic ASW sensors

Sonobuoys Dipping sonar

Recce: Reconnaissance

for tactical, operational, or strategic intelligence. The operational utility of these collectors for each intelligence application depends upon several critical factors:

• Timeliness—the time from collection of event data to delivery of a tacti- cal targeting cue, operational warnings and alerts, or formal strategic report;

• Revisit—the frequency with which a target of interest can be revisited to understand or model (track) dynamic behavior;

• Accuracy—the spatial, identity, or kinematic accuracy of estimates and predictions;

• Stealth—the degree of secrecy with which the information is gathered and the measure of intrusion required.