Intelligence analysis management is the process of managing and organizing the analytical processing of raw intelligence information into finished intelligence. Intelligence analysis is informally called "connecting the dots". Creating an intelligence mosaic is a vivid descriptor for the process. Analysis, processing, and production are all names for the organizing and evaluating of raw information, and putting it in a form in which it can be disseminated to varying consumers. The same body of information may result in multiple analytic products, with different security classifications, time scales, and level of detail.
While analysis goes back to the beginning of history, Sherman Kent is often considered the father of modern intelligence analysis. He wrote extensively both in open and classified sources, including a seminal 1947 book, Strategic Intelligence for American World Policy [1]. In a long career in the Office of Strategic Services (OSS) and Central Intelligence Agency (CIA), he defined many of the parameters of modern analysis and its use by policymakers. In particular, [2]. Kent disagreed with the philosophy that analysts never recommend policy, but advise policymakers. "Intelligence analysts are needed because policy officials face challenges that analysts can help them manage, Kent would argue, through mastery of background knowledge, evaluation and structuring of all-source material, and tradecraft expertise, analysts help intelligence users make decisions.
While attentive to problems not yet on the policymaker’s screen, the analyst’s first responsibility is to accommodate clients by producing assessments timed to their decision cycle and focused on their learning curve. This includes providing “actionable” intelligence that can help with curbing threats and seizing policy opportunities." He considered it a partnership, but one in which the analyst did not push a personal point of view:
He would have opposed providing analyses that were intended for use by one set of policy players to force its views on others. For estimative analysis, this requires paying serious attention to seemingly less likely outcomes. For action analysis, this means identifying and evaluating alternatives, leaving to policy clients the responsibility to recommend and choose....Kent saw no excuse for policy or political bias. He realized, however, that analytic or cognitive bias was so ingrained in mental processes for tackling complex and fluid issues that it required a continuous, deliberate struggle to minimize. ... he taught analysts to resist the tendency to see what they expect to see in the information. He urged special caution when a whole team of analysts immediately agrees on an interpretation of yesterday’s development or a prediction about tomorrow’s. ... One path he recommended for coping with cognitive bias was to make working assumptions explicit and to challenge them vigorously."[2]
Some intelligence disciplines, especially technical ones, will analyze the same raw data in different ways, for complementary purposes. For example, a signals intelligence collection platform will record all the electromagnetic signals it received from an antenna pointed to a particular target at a particular time.
Assuming the target was a radar, the ELINT analysts would be focused on the purpose and coverage of the radar. The MASINT analysts, however, would be looking for patterns not in the intentional signals of the radar, or side frequencies that were inadvertently generated.
In like manner, if the target were a voice communication, the COMINT specialists would be concentrating on the content of the message, but acoustic MASINT technicians might be "voiceprinting" the spoken words to validate that it was really from the supposed source. While Morse code telegraphy is largely obsolete, each operator has a distinct rhythm known as a "fist". Experienced telegraph intercept operators could recognize radio deception when the fist failed to match the purported operator identity.
A very basic preprocessing step would be translating the collected material into the native language of the analysts, unless, as is desirable, the analysts are fluent in the language of the information.
Librarians at CIA received large numbers of documents, not counting special source materials, cables, newspapers, press summaries, periodicals, books, and maps. Since these reports come from scores of different major sources, the daily volume fluctuates and shows lack of uniformity in format, in reproduction media, in length and quality of presentation, and in security classification. As they come in they must be read with an eye to identifying material of interest to some 150 different customer offices or individuals.
The reference office manages several registers (in effect special libraries) for special source materials, biographic data on scientists and technicians, films and ground photographs, and data on industrial installations. Demands made on our document collection stem from three types of requests:
The last, which requires literature search, is the most difficult. Where central reference services have been organized independent of research offices, it soon becomes evident that the functional line of demarcation between them and the research units is not clear. This becomes important when it results in duplication of effort or, worse, in non-use of reference materials by the researcher laboring under the misimpression that he has all relevant documents in his possession. Increasing use of collaborative technologies can help this misimpression.
Should a reference service be active or passive, dynamic or static? A passive approach to reference service would mean that reference personnel would merely keep the stacks of the library in order, leaving it to research analysts to exploit the collection. Under the active approach, on the other hand, reference analysts would discuss the researcher's problem with him and then proceed, as appropriate, to prepare a bibliography, gather apparently pertinent documents, screen them, check with colleagues in other departments for supplementary materials, make abstracts, have retention copies made of popular items in short supply, initiate a requirement for supplementary field service, or prepare reference aids.
Once a separate facility has been set up to provide reference services it is not long before it publishes. This comes about for several reasons, the least controversial of which is that a customer has made a specific request. We call this type of publication a research or reference aid. Some are quite specific; others are more general, being prepared in response to a need generally expressed. A number of different customers may, for example, make known that it would be very helpful to have a periodic compilation of all finished intelligence reports and estimates for ready reference.
Reference officers have the responsibility to make known the availability of services and information the existence of which may be unknown to the analyst; and, given a task, to make the preliminary selection of materials to meet the particular need of a particular user. To the analyst must be left the determination of its significance for the present; to the consumer its significance for the future; and to the policy-maker the indicated course of action.
Intelligence personnel, as well as end consumers, need their equivalent of reference books and encyclopedias. The US term for this is basic intelligence, while the WEU calls it documentary intelligence. Much of this information may itself be unclassified, but their indexing and cross-referencing, especially if that cross-referencing includes classified sources, the index itself, and bibliographies drawn from it, may be properly classified.
One means of organizing basic intelligence is with the acronym BEST MAPS [3]:
This is not a complete list, as the basic intelligence library also includes:
As a practical matter, these may be collected into:
With modern technology, these collections may be Web documents rather than hard copy.
Unclassified examples of a country reference, in much shorter form than the internal handbooks, is the CIA World Factbook, the Countries and Regions data sheets from the UK Foreign and Commonwealth Office [4], and the US Department of State Background Notes[5].
Closer to the internal reference books of the intelligence communities are the Foreign Area Handbooks[6], originally prepared under contract to the US Army by American University, and later by the Federal Research Division of the Library of Congress. The Country Studies/Area Handbook Program was "sponsored by the U.S. Department of the Army. Because the original intent of the series' sponsor was to focus primarily on lesser-known areas of the world or regions in which U.S. forces might be deployed, the series is not all-inclusive." At the time of original publication, there was a main unclassified handbook and a SECRET supplement, the latter dealing principally with biographical information. Area Handbooks had less restrictive distribution than the CIA National Intelligence Summaries.
Comprehensive indexing is the real value of a biographical registry. The names themselves are a challenge, with phonetic variations and aliases. Soundex is one technique for indexing names such that phonetic equivalents, with variations in transliterations into the local language, can be retrieved.
While there is no truly general solution, there has been considerable work in both in transliteration of non-Roman character sets. Soundex and related systems help search biographical databases by phonetics, but transliterated character sets allow people not fully fluent in the written language to search for names.
Relationships among the people in the biographical index are essential and constantly updated. One term of art used for relationships indices are "wiring diagrams" [7].
[8] The cycle of organizational activity for intelligence purposes extends from the collection of selected information to its direct use in reports prepared for policy makers. Between these beginning and end activities there lie a number of functions which can be grouped under the term information processing. These functions include the identification, recording, organization, retrieval, conversion into more useful forms, synthesis and dissemination of the intellectual content of the information collected. The ever-mounting volume of information produced and promptly wanted and the high cost of performing these manifold operations are forcing a critical review of current practices in the processing field.
Maps are obvious products, but in infinite variety, including simple outlines onto which specific information can be overlaid, and divisions by political jurisdiction, ethnicities and languages, terrain, etc. The line between maps and actual imagery grows increasingly blurry.
Online resources such as Google Earth are increasingly useful for other than the most detailed technical analysis. One challenge remains the indexing of maps in Geographical Information Systems, since multiple projections and coordinate systems are used both in maps and in imagery.
Principally a military term, order of battle refers to the composition of an adversary's organization, including units, key personnel, equipment, and strength. In general, this is a form of basic intelligence, but is so important, and often so rapidly changing, that it may be assigned to a specific branch of an intelligence unit.
The term is also used for the organizational details of other aspects of opposition. For example, electronic order of battle is an inventory of the equipment, location, and operating signal characteristics of enemy transmitters, antennas, and other electronic equipment.
A spectrum of activities falls under the term "current intelligence". At a minimum, a current intelligence facility receives raw or minimally processed reports, integrates them with information it has, and, depending on its mission, may support:
One function of watch centers, at least those in agencies and commands with collection and surveillance capabilities, is to monitor the availability of sensors, scheduled patrols, etc. Part of the tactical surprise at the attack on Pearl Harbor was that patrol aircraft were supposed to be aloft and the early radar station operating, but no watch center verified this -- senior officers assumed it was being done [9].
Intermediate in timeliness between tactical warning and situation awareness are 24/7/365 facilities that stay active on current matters. Perhaps the first modern watch center was the British submarine tracking center under Rodger Winn. This was the predecessor of the modern "all-source" center, where tactical reports, cryptanalysis, direction finding, and other functions came together to locate German submarines threatening Allied convoys.
Modern current intelligence facilities often use teleconferencing or videoconferencing to share information, such as the NOIWON (National Operational Intelligence Watch Officers Network) that links the (US) National Military Command Center, National Military Joint Intelligence Center, State Department Operations Center, CIA Operations Center, State Department Bureau of Intelligence and Research, NSA Operations Center and White House Situation Room. Other units may join conferences when appropriate, such as the FBI Strategic Information and Operations Center (SIOC).
Other countries have similar networks, or sometimes a physical installation to which all affected agencies send representatives, such as the UK Cabinet Office Briefing Rooms "COBRA".
When a crisis is not necessarily of international significance, a subset may be all that is needed, such as the SIOC for multiple simultaneous prison riots. In the case of an aircraft hijacking without terrorist implications, the FAA operations center may work with the SIOC, or with specific service components such as Coast Guard headquarters. The Coast Guard, other Department of Homeland Security offices such as FEMA, and technical specialists such as the EPA or National Weather Service may join ad hoc operations.
While some of these contingencies may not immediately seem related to national security, the reality is different, in that a major natural disaster, such as Hurricane Katrina, will need significant military support. In North America, the Incident Command System, with variants all the way from local to the National Incident Management System, are common to emergency service organizations.
Major military commands often have operations centers, into which subordinate headquarters feed information, and higher commands are kept aware of the situation but not its details. They, in turn, feed information to their national levels. The US and Russia have exchanged liaison teams in their aerospace warning centers, and there are "hotline" communications between countries that may need to resolve crises, such the HAMMER RICK system between the US and Israel.
Indications and warning are collated into indications check lists specific to particular countries and systems. For example, it might be routine for one country flying a given aircraft to launch formations on short notice, as part of its regular training. A different country might, due to shortages of fuel or maintenance personnel, rarely do formation takeoffs, and that would be indicative of an intended action. Some actions in one's own country or by one's own forces may trigger national-level alerts, such as an accident involving nuclear weapons, a major national disaster, etc.
Situation intelligence lies between the immediate and the moderate term. It draws on reference material, current intelligence, and raw information that is not directly relevant to a tactical goal. There can be very good situation material from unclassified government reports and databases, as well as private services. It gives policymakers a useful overview and context.
The Canadian Security Intelligence Service (CSIS) is especially good on publishing materials. An example of a situation study would be Commentary No. 70, The Threat from Transnational Crime: An Intelligence Perspective [10]. The Currently Listed [Terrorist] entities data base is very useful [11].
Another excellent source, technically not public but widely available, are the reports of the US Congressional Research Service. The Federation of American Scientists maintains one data base at http://www.fas.org/sgp/crs/index.html.
During 2001-2002, a Scholar-in-Residence at the Sherman Kent Center for Intelligence Analysis, the “think tank” attached to the CIA’s training center for analysts, [12] was tasked with something new: using an outside scholar to study the process of analysis itself, especially how Information Technology (IT) was, and could be, used. There has been substantial change since then.
Initially, he "watch[ed] as many DI analysts as practical and ask them how they performed their work. We discussed what kinds of tasks were hard to do and what technologies or procedures seemed to work smoothly. We also talked about their own ideas about how they might use IT more effectively. For the sake of comparison, I also met with researchers at organizations that perform functions similar to those of the DI (e.g., other intelligence organizations; the Congressional Research Service; The Washington Post; and business risk assessment services). Finally, I drew on my own experience in business and non-government research institutions. I was able to watch the DI respond to the terrorist attacks of 11 September 2001 and ramp-up for the war on terrorism.
"I came away from this experience impressed by the quality of DI analysts, but also concerned about their lack of awareness of and access to new information technology and services that could be of critical value to their work. The DI has used automated databases since the 1970s and has gradually improved its capabilities. With the existing system, analysts can perform most searches for source documents from CIA archives at their desks and retrieve the documents electronically."
It is sadly worth noting, however, that CIA analysts still do much better than their FBI counterparts, who have difficulty accessing any external secure networks, or sharing the most sensitive data within their agency. [13]. NSA, however, seems to be much more comfortable with using IT as a daily tool.
Agency internal data bases continue to improve over earlier generations, but, in many respects, are inferior to commercial search engines. It should be remembered, however, that ease of use is not an absolute requirement. Some search engine human interfaces are "expert friendly" rather than "user friendly", allowing analysts with solid backgrounds in complex search strategies to be at their most efficient. One indicator of some system shortcomings is simply the fact that an important part of a DI analyst’s tradecraft is building an informal source network. A good analyst either knows someone, or “knows someone who knows someone,” at another office or organization who can get the information they need. A good analyst will use these contacts to develop more leads in the process. In the commercial world, these contacts are managed with CRM, ERM, or social networking software.
Agency policies and practices create five kinds of constraints that prevent the DI from acquiring new IT and using it effectively. In 2008, the US intelligence community A-Space may have broken through some of these constraints, or will break through in time.
Security is probably the single most important factor that prevents the DI from applying information technology more effectively. Security is absolutely essential for intelligence, of course. The problem is that, when it comes to IT, approach is not “risk management,” but “risk exclusion.”
Until recently, personal digital assistants were forbidden in high-security facilities.[12] There are some very specialized electronic security threats that could apply, so it may be that a secure PDA needs to be developed and provided. Even in government agencies with sensitive but unclassified information (e.g., personal health information covered by HIPAA, there has been a serious concern over information bypassing safeguards on tiny solid state disk equivalents, which can fit into pens. Other agencies, however, are addressing this problem by requiring the devices to store information in encrypted form, and using biometric identification. [14]
Analysts are, by the nature of their work, especially aware of security threats. When they are told that a technology is potentially dangerous, their instinct is to avoid it unless absolutely necessary.
A laptop can be secured, but the security both has to be built-in, and maintained. Files need strong encryption. Multiple layers of security risk detection tools are needed. Biometric authentication will identify only legitimate users.
Security staffs must develop a better understanding of how analysts work. Rather than simply excluding technologies, their goal should be to develop methods of applying IT that are so user-friendly that DI analysts can operate securely with as few hindrances as possible.
Despite decades of trying to reduce the barriers between the Directorate of Intelligence and the Directorate of Operations (DO), sharp divides still exist. The DI and the DO, for example, have separate databases and separate IT architectures. Several DI analysts even told me that they had a better working relationship with their counterparts at NSA than with their own CIA colleagues in the DO.
The CIA already has experience that proves the gulf between the directorates is not inevitable. DI and DO personnel, for example, started to work well together in the Counterterrorism Center (CTC), which fell organizationally under the Director of Central Intelligence (DCI). It is now the National Counterterrorism Center under the Director of National Intelligence. In CTC, DI and DO personnel work side by side. As a result, DO officers treat DI counterparts like full members of “the team.” DI analysts in CTC have access to DO databases and tools that few analysts elsewhere in the DI can access.
One of the DI’s core beliefs is that coordination improves the analytic product. This idea goes back to Sherman Kent, William Langer, and other founding fathers of the analytic side of the CIA. Most were college professors who viewed coordination as the counterpart of the peer review process in academia . The problem is that coordination can defeat the direct interaction that modern IT makes possible.[12] There are ways to address both concerns in a nontraditional ways, such as wikis. .
One underlying issue is quality control. The traditional DI process ensures quality by employing multiple layers of managerial review of each product. But this is only one approach to quality control. Other organizations ensure quality by focusing on the people in the organization, rather than on each product. In other words, instead of doing quality control in the production process, they do their quality control in the promotion process.
A number of intelligence agencies, notably the FBI and CIA, historically has not used technology for managing people effectively and forming "virtual teams". In the business world, managers routinely use software tools to move people quickly from one task to another. These tools tell them how their staffs are allocated, and thus they can assign and reassign people more efficiently and effectively. Some government organizations also use such tools. For example, the Congressional Research Service (CRS) logs requests into a central accounting system, and assigns analysts to tasks in a manner analogous to how businesses assign analysts to charge numbers. CRS managers can always download an up-to-date record that analyzes its workflow, allocation of personnel, and the status of requests . There is a class of software called "customer resource management", which can track projects, act as a tickler file, and do other things that non-networked PDAs cannot. Excellent commercial systems are available off-the-shelf, and with at least partially compartmented security.[12]
Analyst work stations do not appear, at first, much different from what one finds in the offices and cubicles at most research organizations. But there are some significant differences, and even the small ones can have a huge effect on how an analyst works. The largest difference is security.
Analyst workstations commonly consist of two computers with a common keyboard and mouse, one for classified and the other unclassified work, with an "air gap" switch between them. There is a telephone for unclassified conversations and one that connects to the secure network, where most work is done. The unclassified computer is used mainly to browse the Internet and send unclassified e-mail.
Until a recent one-way transfer capability was introduced, DI analysts lacked any direct connectivity to the classified networks used throughout the military as the standard means of electronic communication. That is, data can “move up” to the higher classified Agency network but not “down” to a lower-level military network. To send classified but lower-level e-mails, analysts must go to separate terminals.
Security processes and regulations also dictate how the DI disseminates its products. While Intelink — similar to a classified World Wide Web — receives much attention in the press, many CIA products are not posted there because, once a document is posted, the Agency cannot control further dissemination.
There is no middle ground. All of this has the effect of making it hard for DI analysts to interact even with the classified outside world. The CIA view is that there are risks to connecting CIA systems even to classified systems elsewhere. Mitigating those risks sends implicit messages to analysts: that technology is a threat, not a benefit; that the CIA does not put a high priority on analysts using IT easily or creatively; and, worst of all, that data outside the CIA’s own network are secondary to the intelligence mission.
The most critical upgrade for the DI is deploying a fully integrated workstation that allows DI analysts to move easily among programs, databases, and security levels, including, with appropriate safeguards, connectivity to secure networks of a lower maximum classification level
In addition, DI management should propose that the CIA make greater use of the “intelligence center” model—specifically, by assigning more DI analysts into DO offices and locating more DO case officers and reports officers in DI offices. Past experience by DI and DO offices in setting up cross-directorate centers suggests that this would push all managers to address security issues that impede collaboration and the use of information technology.
One of the obstacles to moving DI analysts to new assignments is the challenge of bringing them up to speed on new substantive accounts. Currently, only two options exist: the analysts currently covering the accounts can take time off and brief the new team members; or the new analysts can try to find their way around by performing CIRAS and CIASource searches or plodding through folder after folder of hardcopy.[12] A Wiki-type subset of full web could well have a faster learning curve, and also encourages collaboration in a way that standard web pages, even with blog software, does not.
If analysts had personal websites on the CIA classified network, they could post links to all of their products as they are written. New analysts assigned to the account could then simply go to the website to get “read in.”
NSA analysts use similar technology to grapple with a problem like the one that the DI faces. One of the hard parts of cryptanalysis is developing an “attack” on a particular communications network. But, once an analyst figures out the step-by-step process to crack a system, he or she can post the attack plan on the NSA network. That way, others can try it themselves without bothering the analyst.
A DI analyst’s publications are analogous to the NSA analyst’s attack plan—they contain the knowledge that the analyst has developed by covering an account. A personal website would be an efficient way to capture this knowledge and make it, and analytic tradecraft available to others without taking the original analyst off his or her assignment.
Every day, DI analysts sit at their workstations and read through the daily take. They look at a variety of data from a variety of channels: internal data bases, domestic and foreign media reports, e-mail from other analysts, and so on. This labor—expert analysts working in specialized fields, retrieving data, filing them, and making mental links between items of strategic interest to US officials—is valuable intellectual property. In fact, it may be the most unusual “value-added” product the analysts generate.
Simple IT could make it possible for analysts to develop this knowledge more easily, capture it, and make it available for other analysts and intelligence consumers. A tool like a Google Search Appliance at their workstation would permit them to perform Boolean searches through their personal files. Several analysts could pool their personal files together and conduct combined searches, cross-correlations, etc. Again, this kind of tool would exploit the DI’s existing investment in analysts more effectively, and increase the power of their current tradecraft. This technology would raise issues concerning security and chain of command.
A teaming concept, reflecting the Agile Manifesto for software development, teams IT specialists with would work closely with analysts to become familiar with their analytic methods, much as "knowledge engineers" work with subject matter experts in a wide range of expert system developments. The teams would also serve as a liaison between the DI and In-Q-Tel, so that the CIA’s venture capitalists would have a better understanding of opportunities to develop new information technologies.
This would allow DI analysts and managers to allocate the hours of DI analysts to specific assignments. Managers could monitor workflow and workload. Analysts would estimate the level of effort that they plan to expend on a job, and later record the effort that they actually devote to it.
The DI already makes use of forward-deployed analysts, as in the CTC. But because they are the exception, not the rule, these analysts currently serve as mere support staff. Organizing these analysts as “cells” would enable them to continue to do true analysis, but in closer proximity to their customers. This would create more incentives for improving IT. Also, the current practice of concentrating analysts in a single facility creates an unacceptable target from the perspective of physical security. The most irreplaceable asset the CIA has is its workforce, and better networking could make it more survivable.
<ref>
tag; name "Berkowitz2002" defined multiple times with different content Cite error: Invalid <ref>
tag; name "Berkowitz2002" defined multiple times with different content