Notes on Open-Source Intelligence ATP 2-22.9

Notes on Open-Source Intelligence ATP 2-22.9

Preface

ATP 2-22.9 establishes a common understanding, foundational concepts, and methods of use for Army open- source intelligence (OSINT). ATP 2-22.9 highlights the characterization of OSINT as an intelligence discipline, its interrelationship with other intelligence disciplines, and its applicability to unified land operations.

This Army techniques publication—

• Provides fundamental principles and terminology for Army units that conduct OSINT exploitation.
• Discusses tactics, techniques, and procedures (TTP) for Army units that conduct OSINT exploitation.
• Provides a catalyst for renewing and emphasizing Army awareness of the value of publicly available information and open sources.
• Establishes a common understanding of OSINT.
• Develops systematic approaches to plan, prepare, collect, and produce intelligence from publicly available information from open sources.

Introduction

Since before the advent of the satellite and other advanced technological means of gathering information, military professionals have planned, prepared, collected, and produced intelligence from publicly available information and open sources to gain knowledge and understanding of foreign lands, peoples, potential threats, and armies.

Open sources possess much of the information needed to understand the physical and human factors of the operational environment of unified land operations. Physical and human factors of a given operational environment can be addressed utilizing publicly available information to satisfy information and intelligence requirements and provide increased situational awareness interrelated with the application of technical or classified resources.

The world is being reinvented by open sources. Publicly available information can be used by a variety of individuals to expand a broad spectrum of objectives. The significance and relevance of open-source intelligence (OSINT) serve as an economy of force, provide an additional leverage capability, and cue technical or classified assets to refine and validate both information and intelligence.

As an intelligence discipline, OSINT is judged by its contribution to the intelligence warfighting function in support of other warfighting functions and unified land operations.

Chapter 1

Open-Source Intelligence (OSINT) Fundamentals

DEFINITION AND TERMS

1-1. Open-source intelligence is the intelligence discipline that pertains to intelligence produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence and information requirement (FM 2-0). OSINT also applies to the intelligence produced by that discipline.

1-2. OSINT is also intelligence developed from the overt collection and analysis of publicly available and open-source information not under the direct control of the U.S. Government. OSINT is derived from the systematic collection, processing, and analysis of publicly available, relevant information in response to intelligence requirements. Two important related terms are open source and publicly available information:

• Open source is any person or group that provides information without the expectation of privacy––the information, the relationship, or both is not protected against public disclosure. Open-source information can be publicly available but not all publicly available information is open source. Open sources refer to publicly available information medium and are not limited to physical persons.
• Publicly available information is data, facts, instructions, or other material published or broadcast for general public consumption; available on request to a member of the general public; lawfully seen or heard by any casual observer; or made available at a meeting open to the general public.

1-3. OSINT collection is normally accomplished through monitoring, data-mining, and research. Open- source production supports all-source intelligence and the continuing activities of the intelligence process (generate intelligence knowledge, analyze, assess, and disseminate), as prescribed in FM 2-0. Like other intelligence disciplines, OSINT is developed based on the commander’s intelligence requirements.

CHARACTERISTICS

1-4. The following characteristics address the role of OSINT in unified land operations:

Provides the foundation. Open-source information provides the majority of the necessary background information on any area of operations (AO). This foundation is obtained through open-source media components that provide worldview awareness of international events and perceptions of non-U.S. societies. This foundation is an essential part of the continuing activity of generate intelligence knowledge.

• Answers requirements. The availability, depth, and range of publicly available information enables organizations to satisfy intelligence and information requirements without the use or support of specialized human or technical means of collection.
• Enhances collection. Open-source research supports surveillance and reconnaissance activities by answering intelligence and information requirements. It also provides information (such as biographies, cultural information, geospatial information, and technical data) that enhances and uses more technical means of collection.
• Enhances production. As part of a multidiscipline intelligence effort, the use and integration of publicly available information and open sources ensure commanders have the benefit of all sources of available information to make informative decisions.

THE INTELLIGENCE WARFIGHTING FUNCTION

1-5.  The intelligence warfighting function is composed of four distinct Army tactical tasks (ARTs):

• Intelligence support to force generation (ART 2.1).
• Support to situational understanding (ART 2.2).
• Perform intelligence, surveillance, and reconnaissance (ART2.3).
• Support to targeting and information superiority (ART 2.4).

1-6.  The intelligence warfighting function is the related tasks and systems that facilitate understanding of

the operational environment, enemy, terrain, weather, and civil considerations (FM 1-02). As a continuous process, the intelligence warfighting function involves analyzing information from all sources and conducting operations to develop the situation. OSINT supports each of these ARTs.

Publicly available information is used to—

1. Support situational understanding of the threat and operational environment.
   Obtain information about threat characteristics, terrain, weather, and civil considerations.
2. Generate intelligence knowledge before receipt of mission to provide relevant knowledge of the operational environment.
3. Rapidly provide succinct answers to satisfy the commander’s intelligence requirements during intelligence overwatch.
   Develop a baseline of knowledge and understanding concerning potential threat actions or intentions within specific operational environments in support of the commander’s ongoing intelligence requirements.
4. Generate intelligence knowledge as the basis for Army integrating functions such as intelligence preparation of the battlefield (IPB). IPB is designed to support the staff estimate and the military decision-making process (MDMP).
5. Most intelligence requirements are generated as a result of the IPB process and its interrelation with MDMP.
6. Support situation development—a process for analyzing information and producing current intelligence concerning portions of the mission variables of enemy, terrain and weather, and civil considerations within the AO before and during operations (see FM 2-0). Situation development—

• Assists the G-2/S-2 in determining threat intentions and objectives.
• Confirms or denies courses of action (COAs).
• Provides an estimate of threat combat effectiveness.

Support information collection. Planning requirements and assessing collection analyzes information requirements and intelligence gaps and assists in determining which asset or combination of assets are to be used to satisfy the requirements.

THE INTELLIGENCE PROCESS

1-9. The intelligence process consists of four steps (plan, prepare, collect, and produce) and four continuing activities (analyze, generate intelligence knowledge, assess, and disseminate). Just as the activities of the operations process (plan, prepare, execute, and assess) overlap and recur as the mission demands, so do the steps of the intelligence process. The continuing activities occur continuously throughout the intelligence process and are guided by the commander’s input.

1-10. The four continuing activities plus the commander’s input drive, shape, and develop the intelligence process. The intelligence process provides a common model for intelligence professionals to use to guide their thoughts, discussions, plans, and assessments. The intelligence process results in knowledge and products about the threat, terrain and weather, and civil considerations.

1-11. OSINT enhances and supports the intelligence process and enables the operations process, as described in FM 2-0. The intelligence process enables the systematic execution of Army OSINT exploitation, as well as the integration with various organizations (such as joint, interagency, intergovernmental, and multinational).

THE PLANNING REQUIREMENTS AND ASSESSING COLLECTION PROCESS

1-12. Information collection informs decisionmaking for the commander and enables the application of combat power and assessment of its effects. Information collection is an activity that synchronizes and integrates the planning and operation of sensors, assets, as well as the processing, exploitation, and dissemination of systems in direct support of current and future operations (FM 3-55). This is an integrated intelligence and operations function. For Army forces, this activity is a combined arms operation that focuses on priority intelligence requirements (PIRs) while answering the commander’s critical information requirements (CCIRs).

1-13. Information collected from multiple sources and analyzed becomes intelligence that provides answers to commanders’ information requirements concerning the enemy and other adversaries, climate, weather, terrain, and population. Developing these requirements is the function of information collection:

• A commander’s critical information requirement is an information requirement identified by the commander as being critical to facilitating timely decisionmaking. The two key elements are friendly force information requirements and priority intelligence requirements (JP 3-0).
• A priority intelligence requirement is an intelligence requirement, stated as a priority for intelligence support, which the commander and staff need to understand the adversary or the operational environment (JP 2-0).
• A friendly force information requirement is information the commander and staff need to understand the status of friendly force and supporting capabilities (JP 3-0).

1-14. The planning requirements and assessing collection process involves six continuous, nondiscrete activities. These activities and subordinate steps are not necessarily sequential and often overlap. The planning requirements and assessing collection process supports the staff planning and operations processes throughout unified land operations.

THE MILITARY DECISIONMAKING PROCESS

1-15. Upon receipt of the mission, commanders and staffs begin the MDMP. The military decisionmaking process is an iterative planning methodology that integrates the activities of the commander, staff, subordinate headquarters, and other partners to understand the situation and mission; develop and compare courses of action; decide on a course of action that best accomplishes the mission; and produce an operation plan or order for execution (FM 5-0).

1-16. During the second step of the of the MDMP, mission analysis, commanders and staffs analyze the relationships among the mission variables—mission, enemy, terrain and weather, troops and support available, time available, civil considerations (METT-TC)—seeking to gain a greater understanding of the—

• Operational environment, including enemies and civil considerations.
• Desired end state of the higher headquarters.
• Mission and how it is nested with those of the higher headquarters.
• Forces and resources available to accomplish the mission and associated tasks.

1-17. Within the MDMP, OSINT assists in enabling the planning staff to update estimates and initial assessments by using publicly available information and open sources. Major intelligence contributions to mission analysis occur because of IPB.

INTELLIGENCE PREPARATION OF THE BATTLEFIELD

1-18. Intelligence preparation of the battlefield is a systematic process of analyzing and visualizing the portions of the mission variables of threat, terrain, weather, and civil considerations in a specific area of interest and for a specific mission. By applying intelligence preparation of the battlefield, commanders gain the information necessary to selectively apply and maximize operational effectiveness at critical points in time and space (FM 2-01.3).

1-19. IPB was originally designed to support the MDMP and troop leading procedures, but it can also be incorporated into other problem-solving models like design and red teaming. OSINT plays a significant and integral part during IPB in satisfying intelligence and information requirements indicated during the MDMP in support of unified land operations. The indicators that can be satisfied using OSINT during IPB include but are not limited to—

1-20. IPB is used primarily by commanders and staffs as a guide to evaluate specific datasets in order to gain an understanding of a defined operational environment. Prior to operations, an examination of national, multination partner, joint, and higher echelon databases is required to determine if the information requested is already available. As operations commence, new intelligence and information requirements are further identified as a result of battlefield changes. Publicly available information and open sources, when produced and properly integrated in support of the all-source intelligence effort, can be used to satisfy intelligence and information requirements.

Chapter 2

Planning and Preparation of the OSINT Mission

Directly or indirectly, publicly available information and open sources form the foundation for all intelligence when conducting operations. This foundation comes from open-source media components that provide worldview awareness of international events and perceptions of non-U.S. societies. This awareness prompts commanders to visualize a plan. Planning occurs when intelligence and information requirements are identified and means are developed as to how they will be satisfied.

SECTION I – PLANNING OSINT ACTIVITIES

2-1. The plan step of the intelligence process consists of the activities that identify pertinent information requirements and develop the means for satisfying those requirements and meeting the commander’s desired end state. As an aspect of intelligence readiness, planning for OSINT exploitation begins before a unit receives an official order or tasking as part of the generate intelligence knowledge continuing activity of the intelligence process.

2-2. The focus of OSINT research prior to deployment is determined and directed by the commander’s guidance. Sustained and proactive open-source research using basic and advanced Internet search techniques plays a critical role in understanding AOs through foundational knowledge required for unit readiness and effective planning. Research during planning for possible missions provides insight into how nontraditional military forces, foreign military forces, and transnational threats have operated in similar AOs. Prior to deployment, organizations with dedicated OSINT missions can also be resourced to satisfy intelligence and information requirements.

2-3. After a unit receives a mission, the focus of OSINT research is further refined based on the AO in which the unit operates. OSINT supports the continuous assessment of unified land operations during planning. Effective research and planning ensure commanders receive timely, relevant, and accurate intelligence and information to accomplish assigned missions and tasks. The MDMP and IPB driven by the intelligence process frame the planning of OSINT exploitation. OSINT is integrated into planning through the four steps of the IPB process:

• Define the operational environment.
• Describe environmental effects on operations.
• Evaluate the threat.
• Determine threat COAs.

DEFINE THE OPERATIONAL ENVIRONMENT

2-4. When assessing the conditions, circumstances, and influences in the AO and area of interest, the intelligence staff examines all characteristics of the operational environment. There are preexisting publicly available inputs that can be used to identify significant variables when analyzing the terrain, weather, threat, and civil considerations. At the end of step one of the IPB process, publicly available information and open sources can be used to support the development of the AO assessment and area of interest assessment.

DESCRIBE ENVIRONMENTAL EFFECTS ON OPERATIONS

2-5. When analyzing the environmental effects on threat and friendly operations, publicly available information and open sources can be used to describe the—

• Physical environment (terrestrial, air, maritime, space, and information domains).
• Civil considerations.

2-6. Combine the evaluation of the effects of terrain, weather, and civil considerations into a product that best suits the commander’s requirements. At the end of the second step of IPB, publicly available information and open sources can be used to better inform the commander of possible threat COAs and products and assessments to support the remainder of the IPB process.

EVALUATE THE THREAT

2-7. Step three of the IPB process is to evaluate each of the significant threats in the AO. If the staff fails to determine all the threat factions involved or their capabilities or equipment, or to understand their doctrine and tactics, techniques, and procedures (TTP), as well as their history, the staff will lack the intelligence needed for planning. At the end of step three of IPB, publicly available information and open sources can provide the majority of the information required to identify threat characteristics, as well as provide possible information needed to update threat models.

DETERMINE THREAT COURSES OF ACTION

2-8. Step four of the IPB process is to identify, develop, and determine likely threat COAs that can influence accomplishment of the friendly mission. The end state of step four is to replicate the set of COAs available to the threat commander and to identify those areas and activities that, when observed, discern which COA the threat commander has chosen. At the end of step four of IPB, publicly available information and open sources can be used to determine indicators adopted by the threat commander.

SECTION II – PREPARATION OF OSINT ACTIVITIES

2-9. The reliance on classified databases has often left Soldiers uninformed and ill-prepared to capitalize on the huge reservoir of unclassified information from publicly available information and open sources,

OSINT EXPLOITATION

2-10. When preparing to conduct OSINT exploitation, the areas primarily focused on are—

• Public speaking forums.
• Public documents.
• Public broadcasts.
• Internet Websites.

PUBLIC SPEAKING FORUMS

2-11. Acquiring information at public speaking forums requires close coordination to ensure that any overt acquisition is integrated and synchronized with the information collection plan and does not violate laws prohibiting the unauthorized collecting of information for intelligence purposes.

2-13.  The operation order (OPORD), TTP, or unit standard operating procedures (SOPs) should describe how the unit that is tasked with the public speaking forum mission requests, allocates, and manages funds to purchase digital camera and audio recording equipment along with the computer hardware and software to play and store video-related data.

PUBLIC DOCUMENTS

2-14. Organizations within an AO conduct document collection missions. Once collected, documents are analyzed and the information is disseminated throughout the intelligence community. Before executing any OSINT exploitation related to collecting public documents, it is important to—

• Coordinate document collection, processing, and analysis activities across echelons.
• Identify the procedure to deploy, maintain, recover, and transfer hardcopy, analog, and digital media processing and communications equipment.
• Identify academic and commercial-off-the-shelf (COTS) information services that are already available for open-source acquisition, processing, and production.

2-15. The OPORD, TTP, or unit SOPs should describe how the unit requests, allocates, and manages funds for—

• Document collection and processing services.
• Purchasing books, dictionaries, images, maps, newspapers, periodicals, recorded audio and video items, computer hardware, digital cameras, and scanning equipment.
• The cost of subscribing to newspapers, periodicals, and other readable materials.

2-16. For more detailed information on public documents and document exploitation, see TC 2-91.8.

PUBLIC BROADCASTS

2-17. The DNI OSC collects, processes, and reports international and regional broadcasts. This enables deployed organizations to collect and process information from local broadcasts that are of command interest. Before exploiting OSINT related to public broadcasts, it is important to—

• Coordinate broadcast collection, processing, and production activities with those of the OSC.
• Identify the procedure to deploy, maintain, recover, and transfer radio and television digital media storage devices and content processing and communications systems.
• Identify Internet collection and processing resources to collect on television or radio station- specific Web casts.

INTERNET WEB SITES

2-19. Information collected, processed, and produced from Internet Web sites supports unified land operations. Before exploiting OSINT related to Internet Web sites—

• Coordinate Internet collection, processing, and analysis activities across echelons.
• Identify the procedure to deploy, maintain, recover, and transfer computers and associated communications and data storage systems.
• Coordinate with G-6/S-6 for access to the INTELINK-U network or approved commercial Internet service providers that support open-source acquisition, processing, storage, and dissemination requirements.
• Coordinate with G-6/S-6 to develop a list of authorized U.S. and non-U.S. Internet Websites for official government use, open-source research, and non-U.S. Internet Web sites restricted to selected authorized personnel engaged in OSINT exploitation.
• Identify academic and COTS information services that are already available for open-source information acquisition, processing, and production.

PREPARATION CONSIDERATIONS

2-21. Preparing for OSINT exploitation also includes—

• Establishing an OSINT architecture.
• Prioritizing tasks and requests.
• Task-organizing assets.
• Deploying assets.
• Assessing completed operations.

ESTABLISHING AN OSINT ARCHITECTURE

2-22. OSINT contributes to establishing an intelligence architecture, specifically ART 2.2.2, Establish Intelligence Architecture. Establishing an intelligence architecture comprises complex and technical issues that include sensors, data flow, hardware, software, communications, communications security materials, network classification, technicians, database access, liaison officers, training, and funding. A well-defined and -designed intelligence architecture can offset or mitigate structural, organizational, or personnel limitations. This architecture provides the best possible understanding of the threat, terrain and weather, and civil considerations. An established OSINT architecture incorporates data flow, hardware, software, communications security components, and databases that include

• Conducting intelligence reach. Intelligence reach is a process by which intelligence organizations proactively and rapidly access information from, receive support from, and conduct direct collaboration and information sharing with other units and agencies, both within and outside the area of operations, unconstrained by geographic proximity, echelon, or command (FM 2-0).
• Developing and maintaining automated intelligence networks. This task entails providing information systems that connect assets, units, echelons, agencies, and multinational partners for intelligence, collaborative analysis and production, dissemination, and intelligence reach. It uses existing automated information systems, and, when necessary, creates operationally specific networks.

• Establishing and maintaining access. This task entails establishing, providing, and maintaining access to classified and unclassified programs, databases, networks, systems, and other Web-based collaborative environments for Army forces, joint forces, national agencies, and multinational organizations.
• Creating and maintaining databases. This task entails creating and maintaining unclassified and classified databases. Its purpose is to establish interoperable and collaborative environments for Army forces, joint forces, national agencies, and multinational organizations. This task facilitates intelligence analysis, reporting, production, dissemination, sustainment, and intelligence reach.

 

Operational and Technical Open-Source Databases

2-23. OSINT exploitation requires access to databases and Internet capabilities to facilitate processing, storage, retrieval, and exchange of publicly available information. These databases are resident on local area networks (LANs), the World Wide Web (WWW), and the Deep Web (see appendix C for additional information). To support unified land operations, OSINT personnel use evaluated and analyzed publicly available information and open sources to populate information databases such as—

1. • Operational information databases, which support the correlation of orders, requests, collection statuses, processing resources, and graphics.
   • Technical information databases, which support collection operations and consist of unprocessed text, audio files, video files, translations, and transcripts.

 

Open-Source Collection Acquisition Requirement–Management System

2-24. The primary open-source requirements management operational information and technical information database is the Open-source Collection Acquisition Requirement-Management System (OSCAR-MS). OSCAR-MS is a Web-based service sponsored by the Office of the Assistant Deputy Director of National Intelligence for Open Source (ADDNI/OS) to provide the National Open Source Enterprise (NOSE) with an application for managing open-source collection requirements. OSCAR-MS links OSINT providers and consumers within the intelligence community down to the brigade combat team (BCT) level. Personnel at the BCT level access OSCAR-MS via the SECRET Internet Protocol Router Network (SIPRNET) in order to submit requests for information to the Department of the Army Intelligence Information Services (DA IIS) request for information portal. The goal of the OSCAR-MS is to automate and streamline ad hoc open-source collection requirements by—

1. • Providing useful metrics to understand OSINT requirements.
   • Allowing the digital indexing and tagging of submitted and completed open-source products to be searchable in the Library of National Intelligence.
   • Providing for local control of administrative data such as unit account management, local data tables, and local formats.
   • Allowing simple and flexible formats that employ data base auto-population.
   • Using complete English instead of acronyms, computer codes, and other non-intuitive shortcuts.
   • Allowing linkages between requirements, products, and evaluations.
   • Enablingintegrationofopen-sourceusersforcollaborationbetweenagencies.
   • Reducingrequirementduplicationthroughcustomersdirectlycontributingtoexistingrequirements.

PRIORITIZING TASKS AND REQUESTS

2-26. The G-2/S-2 and G-3/S-3 staffs use commander guidance and primary intelligence requirements to complete the information collection plan. The plan is used to assign tasks to subordinate units or submit requests to supporting intelligence organizations to achieve the desired information collection objectives. Embodied in the information collection plan, these tasks describe how the unit––

• Requests collection and production support from joint, interagency, intergovernmental, and multinational organizations.
• Task-organizes and deploys organic, attached, and contracted collection, processing, and production assets.
• Conducts remote, split-based, or distributed collection, processing, and production.
• Requests and manages U.S. and non-U.S. linguists based on priority for support, mission-specific skills, knowledge requirements (such as language, dialect, and skill level), clearance level, and category.

2-27. When developing information collection tasks for subordinate units, the G-2/S-2 and G-3/S-3 staffs use the task and purpose construct for developing task statements to account for—

• Who is to execute the task?
• What is the task?
• When will the task begin?
• Where will the task occur?

DEPLOYING ASSETS

2-29.  Deployment of publicly available assets—

• Supports the scheme of maneuver.
• Supports the commander’s intent.
• Complies with unit SOPs.

2-30.  The deployment of assets generally requires a secure position, with network connectivity to the Internet, in proximity to supporting sustainment, protection, and communications resources.

ASSESSING COMPLETED OPERATIONS

2-31. Typical guidelines used to assess operations are—

• Monitoring operations.
• Correlating and screening reports.
• Disseminating and providing a feedback mechanism.

SECTION III – PLANNING AND PREPARATION CONSIDERATIONS

2-33. Planning and preparation considerations when planning for OSINT exploitation include—

• Open-source reliability.
• Open-source information content credibility.
• Compliance.
• Operations security(OPSEC).
• Classification.
• Coordination.
• Deception and bias.
• Copyright and intellectual property.
• Linguist requirements.
• Machine foreign language translation (MFLT) systems.

OPEN-SOURCE RELIABILITY

2-34.  The types of sources used to evaluate information are—

• Primary sources.
• Secondary sources.

2-35.  A primary source refers to a document or physical object that was written or created during the time under study. These sources are present during an experience or time period and offer an inside view of a particular event. Primary sources—

• Are generally categorized by content.
• Is either public or private.
• Is also referred to as an original source or evidence.
• In fact, are usually fragmentary, ambiguous, and difficult to analyze. The information contained in primary sources is also subject to obsolete meanings of familiar words.

2-36.  Some types of primary sources include—

1. • Original documents (excerpts or translations) such as diaries, constitutions, research journals, speeches, manuscripts, letters, oral interviews, news film footage, autobiographies, and official records.
   • Creative works such as poetry, drama, novels, music, and art.
   • Relics or artifacts such as pottery, furniture, clothing, artifacts, and buildings.
   • Personal narratives and memoirs.
   • Person of direct knowledge.

2-37.  A secondary source interprets, analyzes, cites, and builds upon primary sources. Secondary sources may contain pictures, quotes, or graphics from primary sources. Some types of secondary sources include publications such as—

• Journals that interpret findings.
• Magazine articles.

 

Note. Primary and secondary sources are oftentimes difficult to distinguish as both are subjective in nature. Primary sources are not necessarily more of an authority or better than secondary sources. For any source, primary or secondary, it is important for OSINT personnel to evaluate the report for deception and bias.

2-38. Open-source reliability ratings range from A (reliable) to F (cannot be judged) as shown in table 2-1. A first-time source used in the creation of OSINT is given a source rating of F. An F rating does not mean the source is unreliable, but OSINT personnel have no previous experience with the source upon which to base a determination.

OPEN-SOURCE INFORMATION CONTENT CREDIBILITY

2-39. Similar to open-source reliability, credibility ratings range from one (confirmed) to eight (cannot be judged) as shown in table 2-2. If the information is received from a first-time source, it is given a rating of eight and, like the reliability ratings scale, does not mean the information is not credible but that OSINT personnel have no means to verify the information.

COMPLIANCE

2-40. In accordance with EO 12333, DOD 5240.1-R, and AR 381-10, procedure 2, Army intelligence activities may collect publicly available information on U.S. persons only when it is necessary to fulfill an assigned function.

CLASSIFICATION

2-42. AR 380-5 states that intelligence producers “must be wary of applying so much security that they are unable to provide a useful product to consumers.” This is an appropriate warning for OSINT personnel where concern for OPSEC can undermine the ability to disseminate inherently unclassified information. Examples of unclassified information being over-classified are—

• Reported information found in a foreign newspaper.
• Message from a foreign official attending an international conference.

2-43. AR 380-5 directs that Army personnel will not apply classification or other security markings to an article or portion of an article that has appeared in a newspaper, magazine, or other public medium. Final analysis of OSINT may require additional restrictions and be deemed controlled unclassified information or sensitive but unclassified information.

COORDINATION

2-44. During planning, the G-2/S-2 and G-3/S-3 staff must ensure that OSINT missions and tasks are synchronized with the scheme of maneuver. Acquiring open-source information may compromise the operations of other intelligence disciplines or tactical units. Open-source acquisition that is not synchronized may also result in the tasking of multiple assets and the improper utilization of forces and equipment, adversely affecting the ability of nonintelligence organizations, such as civil affairs, military police, and public affairs, to accomplish assigned missions and tasks. Conversely, overt contact with an open source by nonintelligence organizations can compromise OSINT missions and tasks and lead to the loss of intelligence.

DECEPTION AND BIAS

2-45. Deception and bias is a concern in OSINT exploitation. OSINT exploitation does not normally acquire information by direct observation of activities and conditions within the AO. OSINT exploitation relies mainly on secondary sources to acquire and disseminate information. Secondary sources, such as government press offices, commercial news organizations, and nongovernmental organizations spokespersons, can intentionally or unintentionally add, delete, modify, or otherwise filter the information made to the general public. These sources may also convey one message in English with the intent to sway U.S. or international perspectives and a different non-English message for local populace consumption. It is important to know the background of open sources and the purpose of the public information in order to distinguish objectives, factual information, identify bias, or highlight deception efforts against the reader and the overall operation.

COPYRIGHT AND INTELLECTUAL PROPERTY

2-46. Copyright is a form of protection, for published and unpublished works, provided by Title 17, United States Code (USC), to authors of “original works of authorship,” including literary, dramatic, musical, and artistic works. Intellectual property is considered any creation of the mind and includes, but is not limited to—

• Musical works and compositions.
• Artistic displays.
• Words or phrases.
• Symbols and designs.

LINGUIST REQUIREMENTS

2-49. The ability to gather and analyze foreign materials is critical in OSINT exploitation. The effective use and employment of linguists, both civilian and military, facilitates this activity. The areas of the highest criticality of required foreign language skills and knowledge proficiency are—

• Transcription. Both listening and writing proficiency in the source language are essential for an accurate transcript. A transcript is extremely important when English language skills of the OSINT personnel are inadequate for authoritative or direct translation from audio or video into English text.
• Translation. Bilingual competence is a prerequisite for translations. Linguists must be able to—
  • Read and comprehend the source language.
  • Write comprehensibly in English.
  • Choose the equivalent expression in English that fully conveys and best matches the meaning intended in the source language.
• l  Interpretation. Bilingual competence is a prerequisite for interpretation. Linguists must be able to—
  • Hear and comprehend the source language.
  • Speak comprehensibly in English.
  • Choose the equivalent expression in English that fully conveys and best matches the meaning intended in the source language.

SECTION IV – MANNING THE OSINT SECTION

2-66. OSINT personnel that comprise the OSINT section within the intelligence staff section can consist of both intelligence and nonintelligence individuals with the technical competence, creativity, forethought, cultural knowledge, and social awareness to exploit open sources effectively. The designation of OSINT personnel to satisfy requirements, missions, and tasks is generally identified by commanders and task- organized through organic assets (intelligence personnel, nonintelligence personnel, U.S. and non-U.S. contractor personnel, or linguists) in support of unified land operations.

OSINT SECTION DUTIES

2-67. The duties of the OSINT section are to—

• Monitor operations. This ensures responsiveness to the current situation and to anticipate future acquisition, processing, reporting, and synchronization requirements.
• Correlate reports. Reports (written, verbally, or graphically) should correlate classified reports through OSINT validation.
• Screen reports. Information is screened in accordance with the CCIRs and commander’s guidance to ensure that pertinent and relevant information is not overlooked and the information is reduced to a workable size. Screening should encompass the elements of timeliness, completeness, and relevance to satisfy intelligence requirements.
• Disseminate intelligence and information. Satisfied OSINT requirements are disseminated to customers in the form of useable products and reports.
• Cue. Effective cueing by OSINT to more technical information collection assets, such as human intelligence (HUMINT) and counterintelligence (CI) improves the overall information collection effort by keeping organizations abreast of emerging unclassified information and opportunities as well as enabling the use of a multidiscipline approach to confirm or deny information by another information source, collection organization, or production activity.
• Provide feedback. An established feedback mechanism is required to the supported commander or customer on the status of intelligence and information requirements.

OSINT SECTION AT THE BRIGADE COMBAT TEAM LEVEL

2-68. Each combatant command may have a task-organized OSINT cell or section to some varying degree in scope and personnel. At the tactical level of operations, it is commonplace for commanders to create OSINT cells from organic intelligence personnel to satisfy intelligence requirements.

2-70. As displayed in figure 2-1, personnel comprising the OSINT section at the BCT level include—

• Section leader.
• Requirements manager.
• Situation development analyst.
• Target development analyst.

SECTION LEADER

2-71. The section leader—

• Is the primary liaison and coordinator with the BCTS-2.
• Provides supervisory and managerial capacity oversight.
• Sets the priority of tasks.
• Monitors ongoing intelligence support required by the BCT S-2.
• Ensures that all OSINT products are included in the planning for current and future operations.

 

REQUIREMENTS MANAGER

2-72. The requirements manager—

• Ensures that situation development and target development support the overall efforts of the section.
• Verifies the availability of collection assets.
• Performs quality control for situation development and target development products.
• Supervises the receipt, analysis, and dissemination of OSINT products.

SITUATION DEVELOPMENT ANALYST

2-73. The situation development analyst—

• Monitors publicly available information and open sources in order to ensure the most accurate common operational picture.
• Analyzes information and produces current intelligence about the operational environment, enemy, terrain, and civil considerations before and during operations.
• Refines information received on threat intentions, objectives, combat effectiveness, and potential missions.
• Confirms or denies threat COAs based on publicly available indicators.
  Provides information to better understand the local population in areas that include, but are not limited to—
• Tribal affiliations.
• Political beliefs.
• Religious tenets.
• Key leaders.
• Support groups.
• Income sources.

TARGET DEVELOPMENT ANALYST

2-74. The target development analyst—

• Identifies the components, elements, and characteristics of specific targets, both lethal and nonlethal.
• Identifies civil and other non-target considerations within the AO.
• Provides publicly available information on threat capabilities and limitations.

TASK ORGANIZATION CONSIDERATIONS

2-75. When task-organizing the OSINT section to satisfy intelligence and information requirements, units must consider—

• Mission command.
• Collecting and processing.
• Computer systems.

MISSION COMMAND

2-76. Dedicated mission command personnel are needed in order to provide management and oversight of OSINT exploitation to ensure continued synchronization with maneuver elements, tasks, and requests.

ACQUISITION

2-77. Due to the volumes of publicly available information, acquisition through established information collection activities and systems are necessary in order to ensure that open-source information is not lost or misplaced that could provide essential and necessary mission-related information. Publicly available information acquired from open sources should be reported in accordance with established unit SOPs.

COLLECTING AND PROCESSING

2-78. OSINT properly integrated into overall collection plans during operations are used to satisfy CCIRs. In order to access the full array of domestic and foreign publicly available information, the processing of materials oftentimes requires OSINT support to personnel operating in the areas of document exploitation (DOCEX).

Chapter 3

Collecting OSINT

Due to the unclassified nature of publicly available information, those engaging in OSINT collection activities can begin researching background information on their assigned area of responsibility long before the issuance of an official military deployment order while generating intelligence knowledge. IPB, an integrating process for Army forces, is the mechanism identifying intelligence and information requirements that can be satisfied utilizing publicly available information and open sources.

COLLECTING PUBLICLY AVAILABLE INFORMATION

3-1. Publicly available information and open-source research, applied as an economy of force, is an effective means of assimilating authoritative and detailed information on the mission variables (METT-TC) and operational variables (political, military, economic, social, information, infrastructure, physical environment, time [PMESII-PT]). The compilation of unanswered intelligence and information requirements determined at the conclusion of the MDMP and IPB are exercised through the commander’s input. Commander’s input—

• Is expressed in the terms of describe, visualize, and direct.
• Is the cornerstone of guidance used by OSINT personnel.
• Validates intelligence and information requirements.

3-2. Commander’s input is expressed as CCIRs and categorized as friendly force information requirements (FFIRs) and PIRs. Continuous research and processing methods, coupled with the commander’s input and intelligence and information requirements, OSINT personnel collect publicly available information for exploitation. The collect step of the intelligence process involves collecting, processing, and reporting information in response to information collection tasks. Collected information is the foundation of intelligence databases, intelligence production, and situational awareness.

3-3. OSINT is integrated into planning through the continuous process of IPB. Personnel engaging in OSINT exploitation must initiate collection and requests for information to satisfy CCIRs to the level of detail required. Collecting open-source information comprises four steps, as shown in figure 3-1 on page 3-2:

• Identify information and intelligence requirements.
• Categorize intelligence requirements by type.
• Identify source to collect the information.
• Determine collection technique.

IDENTIFY INFORMATION AND INTELLIGENCE REQUIREMENTS

3-4. Intelligence and information gaps are identified during the IPB process. These gaps should be developed and framed around the mission and operational variables in order to ensure the commander receives the information needed to support all lines of operations or lines of effort. As information and intelligence are received, OSINT personnel update IPB products and inform the commander of any relevant changes. OSINT needs clearly stated information and intelligence requirements to effectively focus acquisition and production and should be incorporated into collection plans in order to satisfy these requirements.

3-5. Intelligence requirements that need to be satisfied can extend beyond the scope of OSINT, resulting in gaps. OSINT is subject to information and intelligence gaps that need to be satisfied using other appropriate methods to close those gaps.

3-6. IPB is used to classify intelligence and information requirements by type based on mission analysis and friendly COAs. OSINT personnel provide input during this step. Two important related terms that work in concert with OSINT are private information and publicly available information:

• Private information comprises data, facts, instructions, or other material intended for or restricted to a particular person, group, or organization. Intelligence requirements that require private information are not assigned to OSINT sections. There are two subcategories of private information:
  • Controlled unclassified information requires the application of controls and protective measures, for a variety of reasons (that is, sensitive but unclassified or for official use only).
  • Classified information requires protection against unauthorized disclosure and is marked to indicate its classified status when produced or disseminated.
• Publicly available information comprises data, facts, instructions, or other material published or broadcast for general public consumption; available on request to a member of the general public; lawfully seen or heard by any casual observer; or made available at a meeting open to the general public.

IDENTIFY SOURCE TO COLLECT INFORMATION

3-7. Identifying the source is part of planning requirements and assessing collection plans. The two types of sources used to collect information are confidential sources and open sources:

• Confidential sources comprise any persons, groups, or systems that provide information with the expectation that the information, relationship, or both are protected against public disclosure. Information and intelligence requirements that require confidential sources are not assigned to OSINT sections.
• Open sources comprise any person or group that provides information without the expectation of copyright or privacy—the information, the relationship, or both is not protected against public disclosure. Open sources include but are not limited to—
• Courseware, dissertations, lectures, presentations, research papers, and studies in both hardcopy and softcopy covering subjects and topics on economics, geography (physical, cultural, and political-military), international relations, regional security, and science and technology.
• Government agencies and nongovernmental organizations. Databases, posted information, and printed reports on a wide variety of economic, environmental, geographic, humanitarian, security, and science and technology issues.
• Commercial and public information services. Broadcasted, posted, and printed news on current international, regional, and local topics.
• Libraries and research centers. Printed documents and digital databases on a range of topics.
• Individuals and groups. Handwritten, painted, posted, printed, and broadcasted information on subjects and topics on art, graffiti, leaflets, posters, tattoos, and Web sites.
• Gray literature. Materials and information that are found using advanced Internet search techniques on the Deep Web consisting of technical reports, scientific research papers, and white papers.

 

 

DETERMINE COLLECTION TECHNIQUE

3-8. Collection implies gathering, by a variety of means, raw data and information from which finalized intelligence is then created or synthesized, and disseminated. Collected information is analyzed and incorporated into all-source and other intelligence discipline products. These products are disseminated per unit SOPs, OPORDs, other established feedback mechanism, or intelligence architecture. These techniques confirm the presence of planned targets and provide a baseline of activity and information on sources within the AO for further development and future validation. When gathering information, the utilized technique includes specific information requests, objectives, priorities, timeframe of expected activity, latest (or earliest) time the information is of value (LTIOV), and reporting instructions.

3-9. Open-source information that satisfies a CCIR is disseminated as quickly as possible to the commander and other staff personnel per unit SOPs or OPORDs. OSINT can use unintrusive collection techniques to cue more technical collection assets. Collection techniques, depending on operation complexities, can enhance the chances of satisfying intelligence and information requirements.

3-10. Open-source acquisition of information and intelligence requirements are assigned to OSINT personnel. Open-source collection includes the acquisition of material in the public domain. The extent to which open-source collection yields valuable information varies greatly with the nature of the target and the subject involved. The information might be collected by individuals who buy books and journals, observe military parades, or record television and radio programs.

RESEARCH

3-11. After determining the collection technique, OSINT personnel conduct research to satisfy intelligence and information requirements.

DETERMINE RESEARCH QUESTION

3-15. Research begins with the determination of a research question expressed in the form of CCIRs regarding a given topic. In OSINT exploitation, the research question can be based on the mission variables (METT-TC) and operational variables (PMESII-PT). The research question is refined through the development of information and intelligence requirements to be satisfied. Those requirements that are not satisfied are included in the planning requirements and assessing collection plan where more technical means of collection can be utilized.

DEVELOP RESEARCH PLAN

3-16. Different facets of a question may be expressed as information and intelligence requirements. These requirements form the basis for the research plan. A research plan can use both field research and practical research. The plan consists of—

• Identification of information sources (both primary and secondary).
• Description of how to access those sources.
• Format for compiling the data.
• Research methodology.
• Dissemination format.

IMPLEMENT RESEARCH PLAN

3-17. Utilizing open-source media—the means of sending, receiving, and recording information— components, and associated elements (see table 3-1), OSINT personnel implement a research plan. The primary media used to implement a research plan include—

• Public speaking forums.
• Public documents.
• Public broadcasts.
• Internet Websites.

Public Speaking Forums

3-18. OSINT personnel conduct research by attending public speaking forums such as conferences, lectures, public meetings, working groups, debates, and demonstrations. Attending these and similar events are opportunities to build relationships with nonmilitary professionals and organizations. Intelligence personnel require a thorough understanding of the local culture and laws to ensure any collection activities are unintrusive and do not violate local customs or laws, such as the Chatham House Rule.

Public Documents

3-20. When acquiring public documents, OSINT personnel must be aware of the local environment and use a technique that is unintrusive and appropriate for the situation. These techniques include but are not limited to—

• Photographing and copying documents available in public forums such as town halls, libraries, and museums.
• Finding discarded documents in a public area such as streets, markets, and restrooms.
• Photographing documents in public areas such as banners, graffiti, and posters.
• Purchasing documents directly from street vendors, newspaper stands, bookstores, and publishers.
• Purchasing documents through a third party such as a wholesale distributor or book club.
• Receiving documents upon request without charge from the author, conferences, trade fairs, direct mail advertising.

Public Broadcasts

3-21. Regional bureaus of the DNI OSC collect on regional and international broadcast networks in accordance with open-source information and intelligence requirements. Coverage of regional and international broadcasts enables OSINT personnel and organizations to use assets from already identified sources. The four techniques used to acquire information of public broadcasts are—

• Spectrum search. Searching the entire spectrum to detect, identify, and locate all emitters to confirm overall activity. This search provides an overview of the amount and types of activities and where they are located in the spectrum.
• Band search. Searching a particular segment of the spectrum to confirm overall activity. By limiting the size of the search band, the asset can improve the odds of acquiring a signal.
• Frequency search. Searching for radio or television frequencies.
• Program search. Searching for radio or television programs. Programs vary by type, content characteristics, and media format. Program surveillance verifies and expands upon initial results.

Internet Web Sites

3-23. The four steps to acquire information on Internet Web sites are—

Plan Internet search.

Conduct Internet search.

Refine Internet search.

Record results.

 

Chapter 4

Producing OSINT

The Army operates in diverse environments around the world. This diversity requires proper use of publicly available information and open sources in the production of OSINT. Given the volume of existing publicly available information and the unpredictability of requests for information and intelligence requirements, OSINT personnel engaging in open-source exploitation must be fluidly aware of and flexible when producing OSINT. Effective production ensures that commanders and subordinates receive timely, relevant, and accurate intelligence. OSINT personnel produce OSINT by evaluating, analyzing, reporting, and disseminating intelligence as assessments, studies, and estimates.

CATEGORIES OF INTELLIGENCE PRODUCTS

4-1. After receiving a mission through the MDMP and commander’s intent—expressed in terms of describe, visualize, and direct—intelligence and information requirements are identified. Personnel engaging in OSINT exploitation typically gather and receive information, perform research, and report and disseminate information in accordance with the categories of intelligence products. (See table 4-1.) OSINT products are categorized by intended use and purpose. Categories can overlap and some publicly available and open-source information can be used in more than one product.

EVALUATE INFORMATION

4-2. Open sources are overt and unclassified. Due to these aspects of publicly available information and open sources, deception, bias, and disinformation are of particular concern when evaluating sources of information during OSINT exploitation. Information is evaluated in terms of—

• Information reliability and credibility.

COMMUNICATIONS

4-3.  A simple communications model is typically two-way and consists of six parts:

• Intended message.
• Speaker(sender).
• Speaker’s encoded message.
• Listener(receiver).
• Listener’s decoded message.
• Perceived message.

4-4.  The speaker and listener each have different perspectives and aspects of communications (as shown in table 4-2 on page 4-4). There are great challenges facing communicators as the message becomes encoded by the speaker and decoded by the listener.

4-5. Communications during public speaking engagements are often difficult to evaluate given the myriad of elements that can prevent a successfully transmitted message. Given the multiple elements taken simultaneously, public speaking events are subjective and can be misunderstood.

4-6. The speaker has an intended message through a verbal, nonverbal, vocal, or visual media channel or combination thereof. Within communications, the areas typically involved in preventing the true intent of the message are the sending method, environment, and receiving method. Having an understanding of these areas generally yields a greater success rate between the speaker and listener.

4-8. Speakers communicate verbally and nonverbally based on their beliefs, emotions, or goals.

It is important to understand the differences in communication styles, how they are interpreted by an audience in order to effectively communicate the message intended and avoid misunderstandings. Evaluating information acquired through public speaking venues can be challenging based on these factors. Using the table to compare these types of communication can assist collection personnel in determining the influences surrounding communicators and predicting how the messages may be perceived.

INFORMATION RELIABILITY AND CREDIBILITY

4-9. OSINT personnel evaluate information with respect to reliability and credibility. It is important to evaluate the reliability of open sources in order to distinguish objective, factual information; bias; or deception. The rating is based on the subjective judgment of the evaluator and the accuracy of previous information produced by the same source.

4-10. OSINT personnel must assess the reliability and the credibility of the information independently of each other to avoid bias. The three types of sources used to evaluate and analyze received information are—

• Primary sources. Have direct access to the information and conveys the information directly and completely.
• Secondary sources. Conveys information through intermediary sources using the vernacular and summarizes or paraphrases information.
• Authoritative sources. Accurately reports information from the leader, government, or ruling party.

 

 

PROCESS INFORMATION

4-14. Process is an information management activity: to raise the meaning of information from data to knowledge (FM 6-0). The function of processing, although not a component of the intelligence process, is a critical element in the analyzing and producing of OSINT. Publicly available information answers intelligence and information requirements. Based on the type of information received, it must be processed before being reported and disseminated as finalized OSINT. Intelligence personnel transform publicly available information and open sources into a form suitable for processing by—

• Transcribing and translating.

DIGITIZING

4-15. OSINT personnel create a digital record of documents by scanning or taking digital photographs. Pertinent information about the document must be annotated to ensure accountability and traceability. Digitization enables the dissemination of the document to external databases and organizations, as well as enables the use of machine translation tools to screen documents for keywords, names, and phrases.

 

 

 

ANALYSIS OF MEDIA SOURCES

4-20. Analysis of the media is the systematic comparison of the content, behavior, patterns, and trends of organic media organizations and sources of a country. Analysis of the media as an activity was developed and based on methods and experience gained during OSINT exploitation against authoritarian political systems during the World War II and Cold War eras where media was government-controlled. Publicly available information and open sources must be analyzed for proper inclusion in OSINT processing. OSINT personnel weigh media analysis against set criterion. These criterions assist OSINT personnel to discern facts, indicators, patterns, and trends in information and relationships. This involves inductive or deductive reasoning to understand the meaning of past events and predict future actions.

4-21. Comparison of trends in the content of individual media with shifts in official policy suggests that some media continues to mirror the dominant policy line. By establishing a track record for media that is vulnerable to external and internal pressure to follow the central policy line, OSINT personnel can identify potential policy shifts. Comparison of what is said and what is not said against the background of what others are saying and what has been said before is the core of media source analysis.

4-22. Media source analysis is also important in semi-controlled and independent media environments. In media environments where both official and nonofficial media are present, official media may be pressured to follow the central policy line. Analyzing media in these environments must encompass both the journalist and commentator level. It is important to establish the track record of such individuals to discover access to insider information from parts of the government or being used by officials to float policies.

4-23. The three aspects of media source analysis are—

• Media control.
• Media structure.
• Media content.

 

 

Media Control

4-24. Analyzing media environments in terms of media control requires awareness by intelligence personnel of how different elements of the media act, influence, and are of intelligence value. Careful examination of the differences in how media is handled in different types of environments can provide insight into domestic and foreign government strategies. Media environments are categorized as—

Government-controlled.

• Control over the media is centralized.
• The dominant element of control is the government and higher tiers of political leadership.
• Governments use censorship mechanisms to exercise control over media content prior to dissemination of information.

Semi-controlled.

• Control over the media is semi-centralized.
• Government’s exercise and promote self-censorship by pressuring media managers and journalists prior to dissemination of information.

Independent.

• Control over the media is decentralized.
• Governments may regulate allocation of broadcast frequencies, morality in content, ownership in media markets, and occasionally apply political pressure against media or journalists.
• Economic factors, norms of the journalist profession, the preferences of people who manage media, and the qualities of individual journalists who report or comment on the news all influence or control media content.

4-25. All media environments are controlled to some degree and therefore easier to perform media source analysis. The challenge for OSINT personnel is to determine the level, factors, and elements (see table 4-3) that elites, institutions, or individuals exercise control, how much power each possesses, and what areas are of interest to satisfy intelligence and information requirements.

 

 

 

Media Structure

4-26. Media structure encompasses attributes of media material. There are structural elements that affect the meaning and significance of the content of the item and are often as important as the content itself. Analysis of these elements uncovers insights into the points of view of personnel in government-controlled, semi-controlled, and independent environments to establish the structure of media elements.

4-27. The media structural elements are—

• Selection, omission, and slant.
• Hierarchy of power.
• Media type.

Selection, Omission, and Slant

4-28. Selection of media items is a fundamental editorial decision at the core of news reporting. Selection includes media manager decisions about which stories are covered, which stories are not covered, and which slant (viewpoint), images, and information should be included, emphasized, deemphasized, or omitted in a news item.

Hierarchy of Power

4-29. All political systems involve a hierarchy of power (see table 4-4) that logically follows official statements issued by elements in corresponding hierarchy of authoritativeness. Authoritativeness is the likelihood that the views expressed in the statement represent the dominant viewpoint within the political system. The hierarchy is obvious at the political level—a statement by the prime minister trumps a statement by a minister. In other cases, the hierarchy may not be so obvious—a speech by the party chairman is more authoritative than the head of state.

Format

4-30. Format consists of how media is produced and disseminated for public consumption. Format can be in the form of a live news report, a live interview, or a prerecorded report or interview that gives individuals more opportunity to influence the context delivered to consumers.

Media Type

4-31. Television is the medium with the largest potential audience in media environments and has a significant impact in shaping the impressions of the general viewing public. Television has replaced radio as the main source of news except in media environments where poverty prevents mass access to television. Fewer people may get information from newspapers and Internet news Web sites, but these people may be richer, better educated, and more influential than the general television audience. Specialized print publications and Internet Web sites reach a still smaller audience, but the audience will likely include officials and experts who that have influence on policy debates and outcomes.

Prominence

4-32. Questions to consider pertaining to prominence of media stories are—

• Does the story appear on the frontpage of newspapers or on the homepage of news Websites?
• How much space is the story given?
• In what order does the story appear in the news broadcast?
• Is it featured in the opening previews of the newscast?
• How frequently is the story rebroadcast on subsequent newscasts or bulletins?
• How much airtime did it get?

Dissemination

4-33. Attention to patterns of dissemination of leader statements is important in government-controlled media environments. Leaders communicate publicly in a variety of ways such as formal policy statements, formal interviews, and impromptu remarks. By comparing the volume of media attention given to a statement, determination is made to whether the statement was intended to be taken as a pronouncement of established policy or merely as an ad hoc, uncoordinated expression prompted by narrow contextual or temporal conditions.

Timing

4-34. OSINT personnel have traditionally paid close attention to the timing of the appearance of information in the media as the information corresponds to the news cycle. A news cycle is the process and timing by which different types of media sources obtain information, incorporate or turn the information into a product, and make the product available to the public.

Media Content

4-35. Understanding the significance of media content can enhance the value of media source analysis. Media content encompasses the elements of—

• Manifest content.
• Latent content.

Manifest Content

4-36. Manifest content is the actual words, images, and sounds conveyed by open sources. One of the most important forms of media source analysis involves the careful comparison of the content of authoritative official statements to identify the policies or intentions represented. Governments, political entities, and actors use statements and information released to the media to strengthen, support, and promote policies.

4-37. Manifest content analysis of authoritative public statements is an effective tool to discern leadership intentions and attitudes. Manifest content, in order to be effective, consists of the following:

• Esoteric communications or “reading between the lines” are public statements whose surface meaning (manifest content) does not reveal the real purpose, meaning, or significance (latent content) of the author. Esoteric communication is particularly evident in political systems with strong taboos against public contention or in cases where sensitive issues are at stake. Esoteric communication is more formalized in some media environments than in others but is common in all political communications.
• Multimedia content analysis considers elements of content beyond the words used such as facial expressions, voice inflections of leaders giving a speeches or while being interviewed, or the reading of a script by a news broadcaster all provide indicators about the views of a subject or topic. These indicators assist to determine whether a statement was seriously considered, intended to be humorous, or simply impromptu.
• Historical or past behavior of open sources must be considered. Influences such as media outlet, journalist, newsmaker, or news broadcaster are factors beyond immediate control. Other issues such as time pressures, deadlines, or technical malfunctions, may also affect the content or context of public information. Analysts’ judgments about source behavior must be made with careful consideration of previous behavior.

Latent Content

4-38. Latent content refers to the hidden meaning of a thought. Latent content can reveal patterns about the views and actions of the media controllers. These patterns and rules come from the unstated content that provides the underlying meaning of media content and behavior. When a pattern of content is changed, inference of a change in the viewpoint of the controller or a change in the balance of power among different controlling elements has occurred.

REPORT AND DISSEMINATE INFORMATION

4-39. Intelligence and information requirements satisfied through publicly available information and open sources should be immediately reported and disseminated in accordance with unit SOPs that are generally centered on intelligence requirements, information criticality, and information sensitivity.

4-40. Finalized OSINT serves no purpose unless it is timely, accurate, and properly disseminated to commanders and customers in a useable form. Reporting and disseminating a finalized OSINT product that satisfies intelligence and information requirements include but are not limited to—

• Single discipline or multidiscipline estimates or assessments.
• Statements of facts.
• Evaluations of threat capabilities and limitations.
• The threat’s likely COAs.

REPORTING GUIDELINES AND METHODS

4-41. Effective dissemination creates a mechanism of feedback in order to assess usefulness and predict or assess future intelligence and information requirements. The objective in reporting and disseminating intelligence and information is to provide relevancy to support conducting (planning, preparing, executing, and assessing) operations.

4-42.  The basic guidelines in preparing products for reporting and disseminating information are—

1. • Timely. Information should be reported to affected units without delay for the sole purpose of ensuring the correct format.
   • Relevant. Information must contribute to the answering of intelligence requirements. Relevant information reduces collection, organization, and transmission times.
   • Complete. Prescribed formats and SOPs ensure completeness of transmitted information.

4-43.  The three reporting methods used to convey intelligence and information are—

1. • Written. Methods include formats (spot reports), tactical reports (TACREPs), or information intelligence reports (IIRs).
   • Graphic. Web-based report dissemination is an effective technique to ensure the widest awareness of written and graphical information across echelons. OSINT personnel can collaborate and provide statuses of intelligence requirements through Web sites. Information can also be uploaded to various databases to support future open-source missions and operations.
   • Verbal and voice. The most common way to disseminate intelligence and information verbally is through a military briefing. Based on the criticality, sensitivity, and timeliness of the information, ad hoc and impromptu verbal communication methods are the most efficient to deliver information to commanders.

 

REPORTING AND DISSEMINATION CONSIDERATIONS

4-49. When reporting and disseminating OSINT products, considerations include but are not limited to—

Classification. When creating products from raw information, write-to-release at the lowest classification level to facilitate the widest distribution of the intelligence. Use tearline report formats to facilitate the separation of classified and unclassified information for users operating on communications networks of differing security levels. Organizations with original classification authority or personnel with derivative classification responsibilities must provide subordinate organizations and personnel with a security classification guide or guidance for information and intelligence derived from publicly available information and open sources in accordance with the policy and procedures in AR 380-5.

Feedback-mechanism development. E-mail, postal addresses, rating systems, and survey forms are mechanisms that OSINT personnel can use in order to understand the information requirements for customers.

Intellectual property identification. Identify intellectual property that an author or an organization has copyrighted, patented, or trademarked taken to preserve rights to the information. OSINT exploitation does not involve the selling, importing, or exporting of intellectual property. OSINT personnel engaging in exploitation should cite all sources used in reported and disseminated products. When uncertain, OSINT personnel should contact the supporting SJA office before reporting and disseminating a finalized OSINT product.

Use of existing dissemination methods, when and if possible. Creating new dissemination methods can at times complicate existing dissemination methods.

Analytical pitfalls. Analysts need to be cognizant that there are pitfalls when reporting and disseminating OSINT. The errors, referred to as fallacies (omission and assumption), are usually committed accidentally although sometimes they are deliberately used to persuade, convince, or deceive. Analysts must also be aware of hasty generalization, false cause, misuse of analogies and languages, biases (cultural, personal, organizational, cognitive), and hindsight. (For more information on analytical pitfalls, see TC 2-33.4.)

 

 

 

Appendix A

Legal Restrictions and Regulatory Limitations

Publicly available information and open sources cover a wide array of areas. Exploring, assessing, and collecting publicly available information and open sources has the potential to adversely affect organizations that execute OSINT missions. In some regards, OSINT missions could involve information either gathered against or delivered by U.S. persons. Given the scope of OSINT and its applicability within the intelligence community, having a firm awareness of intelligence oversight and its regulatory applications is necessary.

 

EXECUTIVE ORDER 12333

A-3. EO 12333 originated from operations that DOD intelligence units conducted against U.S. persons involved in the Civil Rights and anti-Vietnam War movements. DOD intelligence personnel used overt and covert means to collect information on the political positions of U.S. persons, retained the information in a nationwide database, and disseminated the information to law enforcement authorities.

A-4. The purpose of EO 12333 is to enhance human and technical collection techniques, the acquisition of foreign intelligence, and the countering of international terrorist activities conducted by foreign powers especially those undertaken abroad, and the acquisition of significant foreign intelligence, as well as the detection and countering of international terrorist activities and espionage conducted by foreign powers. Accurate and timely information about the capabilities, intentions, and activities of foreign powers, organizations, and subordinate agents is essential to informed national defense decisions. Collection of such information is a priority objective, pursued in a vigorous, innovative, and responsible manner that is consistent with the U.S. Constitution and applicable laws and principles.

INTERPRETATION AND IMPLEMENTATION

A-5. AR 381-10 interprets and implements EO 12333 and DOD 5240.1-R. AR 381-10 enables the intelligence community to perform authorized intelligence functions in a manner that protects the constitutional rights of U.S. persons. The regulation does not authorize intelligence activity. An Army intelligence unit or organization must have the mission to conduct any intelligence activity directed against U.S. persons. In accordance with the Posse Comitatus Act (Section 1385, Title 18, USC), the regulation does not apply to Army intelligence units or organizations when engaged in civil disturbance or law enforcement activities without prior approval by the Secretary of Defense.

 

 

ASSIGNED FUNCTIONS

A-6. Based on EO 12333, the assigned intelligence functions of the Army are to—

• Collect, produce, and disseminate military-related foreign intelligence as required for execution of responsibility of the Secretary of Defense.
• Conduct programs and missions necessary to fulfill departmental foreign intelligence requirements.
• Conduct activities in support of DOD components outside the United States in coordination with the Central Intelligence Agency (CIA) and within the United States in coordination with the Federal Bureau of investigation (FBI) pursuant to procedures agreed upon by the Secretary of Defense and the Attorney General.
• Protect the security of DOD installations to include its activities, property, information, and employed U.S. persons by appropriate means.
• Cooperate with appropriate law enforcement agencies to protect employed U.S. persons, information, property, and facilities of any agency within the intelligence community.
• Participate with law enforcement agencies to investigate or prevent clandestine intelligence activities by foreign powers or international terrorists.
• Provide specialized equipment, technical knowledge, or assistance to U.S. persons for use by any department or agency, or, when lives are endangered, to support local law enforcement agencies.

ARMY REGULATION 381-10

A-7. AR 381-10 enables any Army component to perform intelligence functions in a manner that protects the constitutional rights of U.S. persons. It also provides guidance on collection techniques used to obtain information for foreign intelligence and CI purposes. Intelligence activity is not authorized by this regulation.

A-13. AR 381-10 does not authorize the collection of any information relating to a U.S. person solely because of personal lawful advocacy of measures opposed to government policy as embodied in the First Amendment to the U.S. Constitution. The First Amendment states that Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances.

RETENTION OF U.S. PERSON INFORMATION

A-14. Retention refers only to maintaining information about U.S. persons that the Army intelligence component can retrieve by the person’s name or other personal identifying data. AR 381-10, procedure 3, describes the kinds of U.S. person information that an Army intelligence component may knowingly retain without the individual’s consent.

DISSEMINATION OF U.S. PERSON INFORMATION

A-19. Disseminate, an information management activity, refers to communicating relevant information of any kind from one person or place to another in a usable form by any means to improve understanding or to initiate or govern action (FM 6-0). In other words, dissemination is the delivery of intelligence to users in a suitable form with application of the intelligence to appropriate missions, tasks, and functions.

 

QUESTIONABLE INTELLIGENCE ACTIVITY

A-20. Questionable intelligence activity occurs when intelligence operations potentially violate—

• Laws.
• EOs.
• Presidential directives.
• DOD or Army policies.

A-21. Intelligence personnel should report questionable intelligence activity through the chain of command, the inspector general, or directly to the Assistant to the Secretary of Defense for Intelligence Oversight in accordance with AR 381-10. The following are examples of questionable intelligence activity on improper collecting, retaining, or disseminating of U.S. person information:

• Collecting and gathering information about U.S. domestic groups not connected with a foreign power or international terrorism.
• Producing and disseminating intelligence threat assessments containing U.S. person information without a clear explanation of the intelligence purpose for which the information was collected.
• Collecting and gathering U.S. person information for force protection purposes without determining if the intelligence function is authorized.
• Collecting and gathering U.S. person information from open sources without a logical connection to the mission of the unit.

 

Appendix B

Cyberspace Internet Awareness

Intelligence and nonintelligence personnel conducting open-source research must be aware of the digital operational environment by minimizing and reducing cyber “footprints,” practicing effective cyber OPSEC, utilizing safe online surfing techniques and habits, and understanding that embedded metadata can be contained in documents.

CYBERSPACE SITUATIONAL AWARENESS AND CYBER SECURITY

B-1. More than any other intelligence discipline, research involving publicly available information and open sources could unintentionally reveal CCIRs.

In the areas of computer information assurance and Internet security, internet awareness is needed in order to be effective, aggressive, and to successfully conduct open-source research and exploitation. Unjustified Internet Web- site restrictions have the potential to severely impede acquiring and the subsequent processing, reporting, and disseminating of publicly available information and open sources.

B-2. Awareness is the beginning of effective cyber security. Computers transmit machine specifications such as operating system, type of version of each enabled program, security levels, a history of Web sites visited, cookie information, user preferences, IP addresses, enabled languages, and referring URL when searching the Internet. Visitors are frequently redirected to alternate Web sites based on search criterion, location, language, and time the search is conducted.

B-3. The Internet is described as a “network of networks” due to the hundreds of thousands of interconnected networks consisting of millions of computers. Computers and users connected to the Internet are identified by a system-specific IP address that designates location. The IP address serves as the address where transferred information and datum is delivered. The concern therein rests in the understanding that while visiting nonstandard or questionable Internet Web sites in accordance with official duties, sensitive unit information could inadvertently be revealed.

B-5. Cyber situational awareness is the knowledge of friendly, neutral, and threat relevant information regarding activities in and through cyberspace and the electromagnetic spectrum (FM 1-02). Cyberspace and cyber security involve increasing cyber situational awareness by—

• Identifying threat operations to determine the effect on friendly operations and countermeasures.
• Determining how to use cyberspace to gain support from friendly and neutral entities.
• Determining how to gain, maintain, and exploit technical and operational advantages.

B-7. URL information from the previous Web site visited is frequently an OPSEC issue and it identifies characteristics and interests of the user. While necessary for an effective research, the use of specific and focused search terms have potential OPSEC implications.

B-8. All actions on a Web site are logged and saved. The information is saved and linked to what is referred to as cookie data. User actions include but are not limited to—

• Words typed in search parameter fields.
• Drop-down menu choices.
• Web site movement patterns such as changing domain name or Web site address.

B-9. On many Web sites, information that the user provides or fills in becomes part of the Web site and is searchable. Key information to avoid sharing includes but is not limited to—

• Military plans.
• Operations.
• Exercises.
• Maps and charts.
• Locations.
• Schedules.
• Equipment vulnerabilities, capabilities, and shortfalls.
• Names and related numbers:
  • Telephone numbers.
  • Birth dates.
  • Identification numbers.

B-10. Traditional and irregular threats are disruptive in nature and use the cyberspace domain to conduct operations against the Army. These threats are innovative, networked, and technologically adept. These threats capitalize on emerging technologies to establish and maintain a cultural and social advantage leveraging areas, to include but not limited to mission command, recruiting, logistics, fund raising and laundering, IO, and propaganda.

B-11. When engaged in OSINT exploitation utilizing computer systems and Internet usage, cyberspace awareness assessments should be developed and cover areas including but not limited to network vulnerabilities, network threats (physical and virtual), and future risks.

 

 

Appendix C

Basic and Advanced Internet Search Techniques

The ability to search the Internet is an essential skill for open-source research and acquisition. The Internet, considered a reconnaissance and surveillance research tool, provides access to Web sites and databases that hold a wide range of information on current, planned, and potential areas of operation. The exponential growth in computer technology and the Internet has placed more publicly available information and processing power at the fingertips of Soldiers than ever before. A body of knowledge on culture, economics, geography, military affairs, and politics that was once inaccessible to some degree, now rest in the hands of high school and college students—future leaders of the Army.

 

OPEN-SOURCE DATABASES, SOFTWARE, AND TOOLS

C-26. There are numerous COTS software applications, tools, and databases that are searchable using query words for research. Search engines used for research include but are not limited to—

 

Google Scholar. Google Scholar provides a simple way to broadly search for scholarly literature. From one place, searches expand across many disciplines and sources that include articles, theses, books, and abstracts. Google Scholar helps locate relevant work across the world of scholarly research.

Spokeo. Spokeo specializes in organizing people-related information (names, addresses, phone numbers) from phone books, social networks, marketing lists, business Web sites, and other public sources. Spokeo uses algorithms to piece together data into coherent profiles.

Blog Pulse. BlogPulse is an automated trend discovery system for blogs by applying machine- learning and natural language processing techniques.

Pipl. Pipl query engine helps locate Deep Web pages that cannot be found on regular or standard search engines. Pipl uses advanced language-analysis and ranking algorithms to retrieve the most relevant information about an individual.

Monitter. Monitter is a browser-based Twitter search engine. Monitter displays three constantly updated keyword searches parallel to each other in your browser.

Maltego. Maltego is a forensic application that offers data-mining and gathering of information into packaged representations. Maltego allows the identification of key relationships between information and identify previously unknown relationships.