Ariel

Notes from Knowledge Management in the Intelligence Enterprise

Notes from Knowledge Management in the Intelligence Enterprise

Knowledge Management in the Intelligence Enterprise

This book is about the application of knowledge management (KM) principles to the practice of intelligence to fulfill those consumers’ expectations.

Unfortunately, too many have reduced intelligence to a simple metaphor of “connecting the dots.” This process, it seems, appears all too simple after the fact—once you have seen the picture and you can ignore irrelevant, contradictory, and missing dots. Real-world intelligence is not a puzzle of connecting dots; it is the hard daily work of planning operations, focusing the collection of data, and then processing the collected data for deep analysis to produce a flow of knowledge for dissemination to a wide range of consumers.

this book… is an outgrowth of a 2-day military KM seminar that I teach in the United States to describe the methods to integrate people, processes, and technologies into knowledge- creating enterprises.

The book progresses from an introduction to KM applied to intelligence (Chapters 1 and 2) to the principles and processes of KM (Chapter 3). The characteristics of collaborative knowledge-based intelligence organizations are described (Chapter 4) before detailing its principle craft of analysis and synthesis (Chapter 5 introduces the principles and Chapter 6 illustrates the practice). The wide range of technology tools to support analytic thinking and allow analysts to interact with information is explained (Chapter 7) before describing the automated tools that perform all-source fusion and mining (Chapter 8). The organizational, systems, and technology concepts throughout the book are brought together in a representative intelligence enterprise (Chapter 9) to illustrate the process of architecture design for a small intelligence cell. An overview of core, enabling, and emerging KM technologies in this area is provided in conclusion (Chapter 10).

Knowledge Management and Intelligence

This is a book about the management of knowledge to produce and deliver a special kind of knowledge: intelligence—that knowledge that is deemed most critical for decision making both in the nation-state and in business.

Knowledge management refers to the organizational disciplines, processes, and information technologies used to acquire, create, reveal, and deliver knowledge that allows an enterprise to accomplish its mission (achieve its strategic or business objectives). The components of knowledge management are the people, their operations (practices and processes), and the information technology (IT) that move and transform data, information, and knowledge. All three of these components make up the entity we call the enterprise.
Intelligence refers to a special kind of knowledge necessary to accomplish a mission—the kind of strategic knowledge that reveals critical threats and opportunities that may jeopardize or assure mission accomplishment. Intelligence often reveals hidden secrets or conveys a deep understanding that is covered by complexity, deliberate denial, or out- right deception. The intelligence process has been described as the process of the discovery of secrets by secret means. In business and in national security, secrecy is a process of protection for one party; discovery of the secret is the object of competition or security for the competitor or adversary… While a range of definitions of intelligence exist, perhaps the most succinct is that offered by the U.S. Central Intelligence Agency (CIA): “Reduced to its simplest terms, intelligence is knowledge and foreknowledge of the world around us—the prelude to decision and action by U.S. policymakers”

The intelligence enterprise encompasses the integrated entity of people, processes, and technologies that collects and analyzes intelligence data to synthesize intelligence products for decision-making consumers.

intelligence (whether national or business) has always involved the management (acquisition, analysis, synthesis, and delivery) of knowledge.

At least three driving factors continue to make this increasing need for automation necessary. These factors include:

Breadth of data to be considered.
Depth of knowledge to be understood.
Speed required for decision making.

Throughout this book, we distinguish between three levels of abstraction of knowledge, each of which may be referred to as intelligence in forms that range from unprocessed reporting to finished intelligence products

Individual observations, measurements, and primitive messages form the lowest level. Human communication, text messages, electronic queries, or scientific instruments that sense phenomena are the major sources of data. The terms raw intelligence and evidence (data that is determined to be relevant) are frequently used to refer to elements of data.
Information. Organized sets of data are referred to as information. The organization process may include sorting, classifying, or indexing and linking data to place data elements in relational context for subsequent searching and analysis.
Information once analyzed, understood, and explained is knowledge or foreknowledge (predictions or forecasts). In the context of this book, this level of understanding is referred to as the intelligence product. Understanding of information provides a degree of comprehension of both the static and dynamic relationships of the objects of data and the ability to model structure and past (and future) behavior of those objects. Knowledge includes both static con- tent and dynamic processes.

These abstractions are often organized in a cognitive hierarchy, which includes a level above knowledge: human wisdom.

In this text, we consider wisdom to be a uniquely human cognitive capability—the ability to correctly apply knowledge to achieve an objective. This book describes the use of IT to support the creation of knowledge but considers wisdom to be a human capacity out of the realm of automation and computation.

1.1 Knowledge in a Changing World

This strategic knowledge we call intelligence has long been recognized as a precious and critical commodity for national leaders.

the Hebrew leader Moses commissioned and documented an intelligence operation to explore the foreign land of Canaan. That classic account clearly describes the phases of the intelligence cycle, which proceeds from definition of the requirement for knowledge through planning, tasking, collection, and analysis to the dissemination of that knowledge. He first detailed the intelligence requirements by describing the eight essential elements of information to be collected, and he described the plan to covertly enter and reconnoiter the denied area

requirements articulation, planning, collection, analysis-synthesis, and dissemination

The U.S. defense community has developed a network-centric approach to intelligence and warfare that utilizes the power of networked information to enhance the speed of command and the efficiency of operations. Sensors are linked to shooters, commanders efficiently coordinate agile forces, and engagements are based on prediction and preemption. The keys to achieving information superiority in this network-centric model are network breadth (or connectivity) and bandwidth; the key technology is information networking.

The ability to win will depend upon the ability to select and convert raw data into accurate decision-making knowledge. Intelligence superiority will be defined by the ability to make decisions most quickly and effectively—with the same information available to virtually all parties. The key enabling technology in the next century will become processing and cognitive power to rapidly and accurately convert data into com- prehensive explanations of reality—sufficient to make rapid and complex decisions.

Consider several of the key premises about the significance of knowledge in this information age that are bringing the importance of intelligence to the forefront. First, knowledge has become the central resource for competitive advantage, displacing raw materials, natural resources, capital, and labor. This resource is central to both wealth creation and warfare waging. Second, the management of this abstract resource is quite complex; it is more difficult (than material resources) to value and audit, more difficult to create and exchange, and much more difficult to protect. Third, the processes for producing knowledge from raw data are as diverse as the manufacturing processes for physical materials, yet are implemented in the same virtual manufacturing plant—the computer. Because of these factors, the management of knowledge to produce strategic intelligence has become a necessary and critical function within nations-states and business enterprises—requiring changes in culture, processes, and infrastructure to compete.

with rapidly emerging information technologies, the complexities of globalization and diverse national interests (and threats), businesses and militaries must both adopt radically new and innovative agendas to enable continuous change in their entire operating concept. Innovation and agility are the watchwords for organizations that will remain competitive in Hamel’s age of nonlinear revolution.

Business concept innovation will be the defining competitive advantage in the age of revolution. Business concept innovation is the capacity to reconceive existing business models in ways that create new value for customers, rude surprises for competitors, and new wealth for investors. Business concept innovation is the only way for newcomers to succeed in the face of enormous resource disadvantages, and the only way for incumbents to renew their lease on success

A functional taxonomy based on the type of analysis and the temporal distinction of knowledge and foreknowledge (warning, prediction, and forecast) distinguishes two primary categories of analysis and five subcategories of intelligence products

Descriptive analyses provide little or no evaluation or interpretation of collected data; rather, they enumerate collected data in a fashion that organizes and structures the data so the consumer can perform subsequent interpretation.

Inferential analyses require the analysis of collected relevant data sets (evidence) to infer and synthesize explanations that describe the mean- ing of the underlying data. We can distinguish four different focuses of inferential analysis:

Analyses that explain past events (How did this happen? Who did it?);
Analyses that explain the structure of current structure (What is the organization? What is the order of battle?);
Analyses that explain current behaviors and states (What is the competitor’s research and development process? What is the status of development?);
Foreknowledge analyses that forecast future attributes and states (What is the expected population and gross national product growth over the next 5 years? When will force strength exceed that of a country’s neighbors? When will a competitor release a new product?).

1.3 The Intelligence Disciplines and Applications

While the taxonomy of intelligence products by analytic methods is fundamental, the more common distinctions of intelligence are by discipline or consumer.

The KM processes and information technologies used in all cases are identical (some say, “bits are bits,” implying that all digital data at the bit level is identical), but the content and mission objectives of these four intelligence disciplines are unique and distinct.

Nation-state security interests deal with sovereignty; ideological, political, and economic stability; and threats to those areas of national interest. Intelligence serves national leadership and military needs by providing strategic policymaking knowledge, warnings of foreign threats to national secu- rity interests (economic, military, or political) and tactical knowledge to support day-to-day operations and crisis responses. Nation-state intelligence also serves a public function by collecting and consolidating open sources of foreign information for analysis and publication by the government on topics of foreign relations, trade, treaties, economies, humanitarian efforts, environmental concerns, and other foreign and global interests to the public and businesses at large.

Similar to the threat-warning intelligence function to the nation-state, business intelligence is chartered with the critical task of foreseeing and alerting management of marketplace discontinuities. The consumers of business intelligence range from corporate leadership to employees who access supply-chain data, and even to customers who access information to support purchase decisions.

A European Parliament study has enumerated concern over the potential for national intelligence sources to be used for nation-state economic advantages by providing competitive intelligence directly to national business interests. The United States has acknowledged a policy of applying national intelligence to protect U.S. business interests from fraud and illegal activities, but not for the purposes of providing competitive advantage

1.3.1 National and Military Intelligence

National intelligence refers to the strategic knowledge obtained for the leadership of nation-states to maintain national security. National intelligence is focused on national security—providing strategic warning of imminent threats, knowledge on the broad spectrum of threats to national interests, and fore-knowledge regarding future threats that may emerge as technologies, economies, and the global environment changes.

The term intelligence refers to both a process and its product.

The U.S. Department of Defense (DoD) provides the following product definitions that are rich in description of the processes involved in producing the product:

The product resulting from the collection, processing, integration, analysis, evaluation, and interpretation of available information concerning foreign countries or areas;
Information and knowledge about an adversary obtained through observation, investigation, analysis, or understanding.

Michael Herman accurately emphasizes the essential components of the intelligence process: “The Western intelligence system is two things. It is partly the collection of information by special means; and partly the subsequent study of particular subjects, using all available information from all sources. The two activities form a sequential process.”

Martin Libicki has provided a practical definition of information dominance, and the role of intelligence coupled with command and control and information warfare:

Information dominance may be defined as superiority in the generation, manipulation, and use of information sufficient to afford its possessors military dominance. It has three sources:

Command and control that permits everyone to know where they (and their cohorts) are in the battlespace, and enables them to execute operations when and as quickly as necessary.
Intelligence that ranges from knowing the enemy’s dispositions to knowing the location of enemy assets in real-time with sufficient precision for a one-shot kill.
Information warfare that confounds enemy information systems at various points (sensors, communications, processing, and command), while protecting one’s own.

The superiority is achieved by gaining superior intelligence and protecting information assets while fiercely degrading the enemy’s information assets. The goal of such superiority is not the attrition of physical military assets or troops—it is the attrition of the quality, speed, and utility of the adversary’s decision-making ability.

“A knowledge environment is an organizations (business) environment that enhances its capability to deliver on its mission (competitive advantage) by enabling it to build and leverage it intellectual capital.”

1.3.2 Business and Competitive Intelligence

The focus of business intelligence is on understanding all aspects of a business enterprise: internal operations and the external environment, which includes customers and competitors (the marketplace), partners, and suppliers. The external environmental also includes independent variables that can impact the business, depending on the business (e.g., technology, the weather, government policy actions, financial markets). All of these are the objects of business intelligence in the broadest definition. But the term business intelligence is also used in a narrower sense to focus on only the internals of the business, while the term competitor intelligence refers to those aspects of intelligence that focus on the externals that influence competitiveness: competitors.

Each of the components of business intelligence has distinct areas of focus and uses in maintaining the efficiency, agility, and security of the business; all are required to provide active strategic direction to the business. In large companies with active business intelligence operations, all three components are essential parts of the strategic planning process, and all contribute to strategic decision making.

1.4 The Intelligence Enterprise

The intelligence enterprise includes the collection of people, knowledge (both internal tacit and explicitly codified), infrastructure, and information processes that deliver critical knowledge (intelligence) to the consumers. This enables them to make accurate, timely, and wise decisions to accomplish the mission of the enterprise.

This definition describes the enterprise as a process—devoted to achieving an objective for its stakeholders and users. The enterprise process includes the production, buying, selling, exchange, and promotion of an item, substance, service, or system.

the DoD three-view architecture description, which defines three interrelated perspectives or architectural descriptions that define the operational, system, and technical aspects of an enterprise [29]. The operational architecture is a people- or organization-oriented description of the operational elements, intelligence business processes, assigned tasks, and information and work flows required to accomplish or support the intelligence function. It defines the type of information, the frequency of exchange, and the tasks that are supported by these information exchanges. The systems architecture is a description of the systems and interconnections providing for or supporting intelligence functions. The system architecture defines the physical connection, location, and identification of the key nodes, circuits, networks, and users, and specifies system and component performance parameters. The technical architecture is the minimal set of rules (i.e., standards, protocols, interfaces, and services) governing the arrangement, interaction, and interdependence of the elements of the system.

These three views of the enterprise (Figure 1.4) describe three layers of people-oriented operations, system structure, and procedures (protocols) that must be defined in order to implement an intelligence enterprise.

The operational layer is the highest (most abstract) description of the concept of operations (CONOPS), human collaboration, and disciplines of the knowledge organization. The technical architecture layer describes the most detailed perspective, noting specific technical components and their operations, protocols, and technologies.

The intelligence supply chain that describes the flow of data into knowledge to create consumer value is measured by the value it provides to intelligence consumers. Measures of human intellectual capital and organizational knowledge describe the intrinsic value of the organization.

1.5 The State of the Art and the State of the Intelligence Tradecraft

The subject of intelligence analysis remained largely classified through the 1980s, but the 1990s brought the end of the Cold War and, thus, open publication of the fundamental operations of intelligence and the analytic methods employed by businesses and nation-states. In that same period, the rise of commercial information sources and systems produced the new disciplines of open source intelligence (OSINT) and business/competitor intelligence. In each of these areas, a wealth of resources is available for tracking the rapidly changing technology state of the art as well as the state of the intelligence tradecraft.

1.5.1 National and Military Intelligence

Numerous sources of information provide management, legal, and technical insight for national and military intelligence professionals with interests in analysis and KM

These sources include:

Studies in Intelligence—Published by the U.S. CIA Center for the Study of Intelligence and the Sherman Kent School of Intelligence, unclassified versions are published on the school’s Web site (http://odci. gov.csi), along with periodically issued monographs on technical topics related to intelligence analysis and tradecraft.
International Journal of Intelligence and Counterintelligence—This quarterly journal covers the breadth of intelligence interests within law enforcement, business, nation-state policymaking, and foreign affairs.
Intelligence and National Security—A quarterly international journal published by Frank Cass & Co. Ltd., London, this journal covers broad intelligence topics ranging from policy, operations, users, analysis, and products to historical accounts and analyses.
Defense Intelligence Journal—This is a quarterly journal published by the U.S. Defense Intelligence Agency’s Joint Military Intelligence College.
American Intelligence Journal—Published by the National Military Intelligence Association (NMIA), this journal covers operational, organizational, and technical topics of interest to national and military intelligence officers.
Military Intelligence Professional Bulletin—This is a quarterly bulletin of the U.S. Army Intelligence Center (Ft. Huachuca) that is available on- line and provides information to military intelligence officers on studies of past events, operations, processes, military systems, and emerging research and development.
Jane’s Intelligence Review—This monthly magazine provides open source analyses of international military organizations, NGOs that threaten or wage war, conflicts, and security issues.

1.5.2 Business and Competitive Intelligence

Several sources focus on the specific areas of business and competitive intelligence with attention to the management, ethical, and technical aspects of collection, analysis, and valuation of products.

Competitive Intelligence Magazine—This is a CI source for general applications-related articles on CI, published bimonthly by John Wiley & Sons with the Society for Competitive Intelligence (SCIP).
Competitive Intelligence Review—This quarterly journal, also published by John Wiley with the SCIP, contains best-practice case studies as well as technical and research articles.
Management International Review—This is a quarterly refereed journal that covers the advancement and dissemination of international applied research in the fields of management and business. It is published by Gabler Verlag, Germany, and is available on-line.
Journal of Strategy and Business—This quarterly journal, published by Booz Allen and Hamilton focuses on strategic business issues, including regular emphasis on both CI and KM topics in business articles.

1.5.3 KM

The developments in the field of KM are covered by a wide range of business, information science, organizational theory, and dedicated KM sources that pro- vide information on this diverse and fast growing area.

CIO Magazine—This monthly trade magazine for chief information officers and staff includes articles on KM, best practices, and related leadership topics.

Harvard Business Review, Sloan Management Review—These management journals cover organizational leadership, strategy, learning and change, and the application of supporting ITs.
Journal of Knowledge Management—This is a quarterly academic journal of strategies, tools, techniques, and technologies published by Emerald (UK). In addition, Emerald also publishes quarterly The Learning Organization—An International Journal.
IEEE Transactions of Knowledge and Data Engineering—This is an archival journal published bimonthly to inform researchers, developers, managers, strategic planners, users, and others interested in state-of- the-art and state-of-the-practice activities in the knowledge and data engineering area.
Knowledge and Process Management—A John Wiley (UK) journal for executives responsible for leading performance improvement and con- tributing thought leadership in business. Emphasis areas include KM, organizational learning, core competencies, and process management.
American Productivity and Quality Center (APQC)—THE APQC is a nonprofit organization that provides the tools, information, expertise, and support needed to discover and implement best practices in KM. Its mission is to discover, research, and understand emerging and effective methods of both individual and organizational improvement, to broadly disseminate these findings, and to connect individuals with one another and with the knowledge, resources, and tools they need to successfully manage improvement and change. They maintain an on-line site at www.apqc.org.
Data Mining and Knowledge Discovery—This Kluwer (Netherlands) journal provides technical articles on the theory, techniques, and practice of knowledge extraction from large databases.

1.6 The Organization of This Book

This book is structured to introduce the unique role, requirements, and stake- holders of intelligence (the applications) before introducing the KM processes, technologies, and implementations.

2
The Intelligence Enterprise

Intelligence, the strategic information and knowledge about an adversary and an operational environment obtained through observation, investigation, analysis, or understanding, is the product of an enterprise operation that integrates people and processes in a organizational and networked computing environment.

The intelligence enterprise exists to produce intelligence goods and service—knowledge and foreknowledge to decision- and policy-making customers. This enterprise is a production organization whose prominent infrastructure is an information supply chain. As in any business, it has a “front office” to manage its relations with customers, with the information supply chain in the “back office.”

The intellectual capital of this enterprise includes sources, methods, workforce competencies, and the intelligence goods and services produced. As in virtually no other business, the protection of this capital is paramount, and therefore security is integrated into every aspect of the enterprise.

2.1 The Stakeholders of Nation-State Intelligence

The intelligence enterprise, like any other enterprise providing goods and services, includes a diverse set of stakeholders in the enterprise operation. The business model for any intelligence enterprise, as for any business, must clearly identify the stakeholders who own the business and those who produce and consume its goods and services.

The owners of the process include the U.S. public and its elected officials, who measure intelligence value in terms of the degree to which national security is maintained. These owners seek awareness and warning of threats to prescribed national interests.
Intelligence consumers (customers or users) include national, military, and civilian user agencies that measure value in terms of intelligence contribution to the mission of each organization, measured in terms of its impact on mission effectiveness.
Intelligence producers, the most direct users of raw intelligence, include the collectors (HUMINT and technical), processor agencies, and analysts. The principal value metrics of these users are performance based: information accuracy, coverage breadth and depth, confidence, and timeliness.

The purpose and value chains for intelligence (Figure 2.2) are defined by the stakeholders to provide a foundation for the development of specific value measures that assess the contribution of business components to the overall enterprise. The corresponding chains in the U.S. IC include:

Source—the source or basis for defining the purpose of intelligence is found in the U.S. Constitution, derivative laws (i.e., the National Security Act of 1947, Central Intelligence Agency Act of 1949, National Security Agency Act of 1959, Foreign Intelligence Surveillance Act of 1978, and Intelligence Organization Act of 1992), and orders of the executive branch [2]. Derived from this are organizational mission documents, such as the Director of Central Intelligence (DCI) Strategic Intent [3], which documents communitywide purpose and vision, as well as derivative guidance documents prepared by intelligence providers.
Purpose chain—the causal chain of purposes (objectives) for which the intelligence enterprise exists. The ultimate purpose is national security, enabled by information (intelligence) superiority that, in turn, is enabled by specific purposes of intelligence providers that will result in information superiority.
Value chain—the chain of values (goals) by which achievement of the enterprise purpose is measured.
Measures—Specific metrics by which values are quantified and articulated by stakeholders and by which the value of the intelligence enterprise is evaluated.

In a similar fashion, business and competitive intelligence have stakeholders that include customers, shareholders, corporate officers, and employees… there must exist a purpose and value chain that guides the KM operations. These typically include:

Source—the business charter and mission statement of a business elaborates the market served and the vision for the businesses role in that market.
Purpose chain—the objectives of the business require knowledge about internal operations and the market (BI objectives) as well as competitors (CI).
Value chain—the chain of values (goals) by which achievement of the enterprise purpose is measured.
Measures—Specific metrics by which values are quantified. A balanced set of measures includes vision and strategy, customer, internal, financial, and learning-growth metrics.

2.2 Intelligence Processes and Products

The process that delivers strategic and operational intelligence products is gener- ally depicted in cyclic form (Figure 2.3), with five distinct phases.

In every case, the need is the basis for a logical process to deliver the knowledge to the requestor.

Planning and direction. The process begins as policy and decision makers define, at a high level of abstraction, the knowledge that is required to make policy, strategic, or operational decisions. The requests are parsed into information required, then to data that must be collected to estimate or infer the required answers. Data requirements are used to establish a plan of collection, which details the elements of data needed and the targets (people, places, and things) from which the data may be obtained.
Collection. Following the plan, human and technical sources of data are tasked to collect the required raw data. The next section introduces the major collection sources, which include both openly available and closed sources that are accessed by both human and technical methods.

These sources and methods are among the most fragile [5]—and most highly protected—elements of the process. Sensitive and specially compartmented collection capabilities that are particularly fragile exist across all of the collection disciplines.

Processing. The collected data is processed (e.g., machine translation, foreign language translation, or decryption), indexed, and organized in an information base. Progress on meeting the requirements of the col- lection plan is monitored and the tasking may be refined on the basis of received data.
All-source analysis-synthesis and production. The organized information base is processed using estimation and inferential (reasoning) techniques that combine all-source data in an attempt to answer the requestor’s questions. The data is analyzed (broken into components and studied) and solutions are synthesized (constructed from the accumulating evidence). The topics or subjects (intelligence targets) of study are modeled, and requests for additional collection and processing may be made to acquire sufficient data and achieve a sufficient level of understanding (or confidence to make a judgment) to answer the consumer’s questions.
Dissemination. Finished intelligence is disseminated to consumers in a variety of formats, ranging from dynamic operating pictures of war- fighters’ weapon systems to formal reports to policymakers. Three categories of formal strategic and tactical intelligence reports are distinguished by their past, present, and future focus: current intelligence reports are news-like reports that describe recent events or indications and warnings, basic intelligence reports provide complete descriptions of a specific situation (e.g., order of battle or political situation), and intelligence estimates attempt to predict feasible future outcomes as a result of current situation, constraints, and possible influences [6].

Though introduced here in the classic form of a cycle, in reality the process operates as a continuum of actions with many more feedback (and feedforward) paths that require collaboration between consumers, collectors, and analysts.

2.3 Intelligence Collection Sources and Methods

A taxonomy of intelligence data sources includes sources that are openly accessible or closed (e.g., denied areas, secured communications, or clandestine activities). Due to the increasing access to electronic media (i.e., telecommunications, video, and computer networks) and the global expansion of democratic societies, OSINT is becoming an increasingly important source of global data. While OSINT must be screened and cross validated to filter errors, duplications, and deliberate misinformation (as do all sources), it provides an economical source of public information and is a contributor to other sources for cueing, indications, and confirmation

Measurements and signatures intelligence (MASINT) is technically derived knowledge from a wide variety of sensors, individual or fused, either to perform special measurements of objects or events of interest or to obtain signatures for use by the other intelligence sources. MASINT is used to characterize the observable phenomena (observables) of the environment and objects of surveillance.

U.S. intelligence studies have pointed out specific changes in the use of these sources as the world increases globalization of commerce and access to social, political, economic, and technical information [10–12]:

The increase in unstructured and transnational threats requires the robust use of clandestine HUMINT sources to complement extensive technical verification means.
Technical means of collection are required for both broad area coverage and detailed assessment of the remaining denied areas of the world.

2.3.1 HUMINT Collection

HUMINT refers to all information obtained directly from human sources

HUMINT sources may be overt or covert (clandestine); the most common categories include:

Clandestine intelligence case officers. These officers are own-country individuals who operate under a clandestine “cover” to collect intelligence and “control” foreign agents to coordinate collections.
Agents. These are foreign individuals with access to targets of intelligence who conduct clandestine collection operations as representatives of their controlling intelligence officers. These agents may be recruited or “walk-in” volunteers who act for a variety of ideological, financial, or personal motives.

Émigrés, refugees, escapees, and defectors. The open, overt (yet discrete) programs to interview these recently arrived foreign individuals provide background information on foreign activities as well as occasional information on high-value targets.
Third party observers. Cooperating third parties (e.g., third-party countries and travelers) can also provide a source of access to information.

The HUMINT discipline follows a rigorous process for acquiring, employing, and terminating the use of human assets that follows a seven-step sequence. The sequence followed by case officers includes:

Spotting—locating, identifying, and securing low-level contact with agent candidates;
Evaluation—assessment of the potential (i.e., value or risk) of the spotted individual, based on a background investigation;
Recruitment—securing the commitment from the individual;
Testing—evaluation of the loyalty of the agent;
Training—supporting the agent with technical experience and tools;
Handling—supporting and reinforcing the agent’s commitment;
Termination—completion of the agent assignment by ending the relationship.

HUMINT is dependent upon the reliability of the individual source, and lacks the collection control of technical sensors. Furthermore, the level of security to protect human sources often limits the fusion of HUMINT reports with other sources and the dissemination of wider customer bases. Directed high-risk HUMINT collections are generally viewed as a precious resource to be used for high-value targets to obtain information unobtainable by technical means or to validate hypotheses created by technical collection analysis.

2.3.2 Technical Intelligence Collection

Technical collection is performed by a variety of electronic (e.g., electromechanical, electro-optical, or bioelectronic) sensors placed on platforms in space, the atmosphere, on the ground, and at sea to measure physical phenomena (observables) related to the subjects of interest (intelligence targets).

The operational utility of these collectors for each intelligence application depends upon several critical factors:

Timeliness—the time from collection of event data to delivery of a tactical targeting cue, operational warnings and alerts, or formal strategic report;
Revisit—the frequency with which a target of interest can be revisited to understand or model (track) dynamic behavior;
Accuracy—the spatial, identity, or kinematic accuracy of estimates and predictions;
Stealth—the degree of secrecy with which the information is gathered and the measure of intrusion required.

2.4 Collection and Process Planning

The technical collection process requires the development of a detailed collection plan, which begins with the decomposition of the subject target into activities, observables, and then collection requirements.

From this plan, technical collectors are tasked and data is collected and fused (a composition, or reconstruction that is the dual of the decomposition process) to derive the desired intelligence about the target.

2.5 KM in the Intelligence Process

The intelligence process must deal with large volumes of source data, converting a wide range of text, imagery, video, and other media types into organized information, then performing the analysis-synthesis process to deliver knowledge in the form of intelligence products.

IT is providing increased automation of the information indexing, discovery, and retrieval (IIDR) functions for intelligence, especially the exponentially increasing volumes of global open-source data.

The functional information flow in an automated or semiautomated facility (depicted in Figure 2.5) requires digital archiving and analysis to ingest continu- ous streams of data and manage large volumes of analyzed data. The flow can be broken into three phases:

Capture and compile;
2. Preanalysis;
3. Exploitation (analysis-synthesis).

The preanalysis phase indexes each data item (e.g., article, message, news segment, image, book or chapter) by assigning a reference for storage; generating an abstract that summarizes the content of the item and metadata with a description of the source, time, reliability-confidence, and relationship to other items (abstracting); and extracting critical descriptors of content that characterize the contents (e.g., keywords) or meaning (deep indexing) of the item for subsequent analysis. Spatial data (e.g., maps, static imagery, or video imagery) must be indexed by spatial context (spatial location) and content (imagery content).

The indexing process applies standard subjects and relationships, maintained in a lexicon and thesaurus that is extracted from the analysis information base. Fol- lowing indexing, data items are clustered and linked before entry into the analy- sis base. As new items are entered, statistical analyses are performed to monitor trends or events against predefined templates that may alert analysts or cue their focus of attention in the next phase of processing.

The categories of automated tools that are applied to the analysis information base include the following tools:

Interactive search and retrieval tools permit analysts to search by content, topic, or related topics using the lexicon and thesaurus subjects.
Structured judgment analysis tools provide visual methods to link data, synthesize deductive logic structures, and visualize complex relation- ships between data sets. These tools enable the analyst to hypothesize, explore, and discover subtle patterns and relationships in large data volumes—knowledge that can be discerned only when all sources are viewed in a common context.
Modeling and simulation tools model hypothetical activities, allowing modeled (expected) behavior to be compared to evidence for validation or projection of operations under scrutiny.
Collaborative analysis tools permit multiple analysts in related subject areas, for example, to collaborate on the analysis of a common subject.
Data visualization tools present synthetic views of data and information to the analyst to permit patterns to be examined and discovered.

2.6 Intelligence Process Assessments and Reengineering

The U.S. IC has been assessed throughout and since the close of the Cold War to study the changes necessary to adapt to advanced collection capabilities, changing security threats, and the impact of global information connectivity and information availability. Published results of these studies provide insight into the areas of intelligence effectiveness that may be enhanced by organizing the community into a KM enterprise. We focus here on the technical aspects of the changes rather than the organizational aspects recommended in numerous studies.

2.6.1 Balancing Collection and Analysis

Intelligence assessments have evaluated the utility of intelligence products and the balance of investment between collection and analysis.

2.6.2 Focusing Analysis-Synthesis

An independent study [21] of U.S. intelligence recommended a need for intelligence to sharpen the focus of analysis-synthesis resources to deal with the increased demands by policymakers for knowledge on a wider ranges of topics, the growing breadth of secret and open sources, and the availability of commercial open-source analysis.

2.6.3

Balancing Analysis-Synthesis Processes

One assessment conducted by the U.S. Congress reviewed the role of analysis- synthesis and the changes necessary for the community to reengineer its processes from a Cold War to a global awareness focus. Emphasizing the crucial role of analysis, the commission noted:

The raison d’etre of the Intelligence Community is to provide accurate and meaningful information and insights to consumers in a form they can use at the time they need them. If intelligence fails to do that, it fails altogether. The expense and effort invested in collecting and processing the information have gone for naught.

The commission identified the KM challenges faced by large-scale intelligence analysis that encompasses global issues and serves a broad customer base.

The commission’s major observations provide insight into the emphasis on people- related (rather than technology-related) issues that must be addressed for intelligence to be valued by the policy and decision makers that consume intelligence:

Build relationships. A concerted effort is required to build relationships between intelligence producers and the policymakers they serve. Producer-consumer relationships range from assignment of intelligence liaison officers with consumers (the closest relationship and greatest consumer satisfaction) to holding regular briefings, or simple producer-subscriber relationships for general broadcast intelligence. Across this range of relationships, four functions must be accomplished for intelligence to be useful:

Analysts must understand the consumer’s level of knowledge and the issues they face.
Intelligence producers must focus on issues of significance and make information available when needed, in a format appropriate to the unique consumer.
Consumers must develop an understanding of what intelligence can and—equally important—cannot do.
Both consumer and producer must be actively engaged in a dialogue with analysts to refine intelligence support to decision making.

Increase and expand the scope of analytic expertise. The expertise of the individual analysts and the community of analysts must be maintained at the highest level possible. This expertise is in two areas: domain, or region of focus (e.g., nation, group, weapon systems, or economics), and analytic-synthetic tradecraft. Expertise development should include the use of outside experts, travel to countries of study, sponsor- ship of topical conferences, and other means (e.g., simulations and peer reviews).
Enhance use of open sources. Open-source data (i.e., publicly available data in electronic and broadcast media, journals, periodicals, and commercial databases) should be used to complement (cue, provide con- text, and in some cases, validate) special, or closed, sources. The analyst must have command of all available information and the means to access and analyze both categories of data in complementary fashion.
Make analysis available to users. Intelligence producers must increasingly apply dynamic, electronic distribution means to reach consumers for collaboration and distribution. The DoD Joint Deployable Intelligence Support System (JDISS) and IC Intelink were cited as early examples of networked intelligence collaboration and distribution systems.
Enhance strategic estimates. The United States produces national intelligence estimates (NIEs) that provide authoritative statements and fore- cast judgments about the likely course of events in foreign countries and their implications for the United States. These estimates must be enhanced to provide timely, objective, and relevant data on a wider range of issues that threaten security.
Broaden the analytic focus. As the national security threat envelope has broadened (beyond the narrower focus of the Cold War), a more open, collaborative environment is required to enable intelligence analysts to interact with policy departments, think tanks, and academia to analyze, debate, and assess these new world issues.

In the half decade since the commission recommendations were published, the United States has implemented many of the recommendations. Several examples of intelligence reengineering include:

Producer-consumer relationships. The introduction of collaborative networks, tools, and soft-copy products has permitted less formal interaction and more frequent exchange between consumers and producers. This allows intelligence producers to better understand consumer needs and decision criteria. This has enabled the production of more focused, timely intelligence.
Analytic expertise. Enhancements in analytic training and the increased use of computer-based analytic tools and even simulation are providing greater experience—and therefore expertise—to human analysts.
Open source. Increased use of open-source information via commercial providers (e.g., Lexis NexisTM subscription clipping services to tailored topics) and the Internet has provided an effective source for obtaining background information. This enables special sources and methods to focus on validation of critical implications.
Analysis availability. The use of networks continues to expand for both collaboration (between analysts and consumers as well as between analysts) and distribution. This collaboration was enabled by the intro- duction and expansion of the classified Internet (Intelink) that interconnects the IC [24].
Broadened focus. The community has coordinated open panels to dis- cuss, debate, and collaboratively analyze and openly publish strategic perspectives of future security issues. One example is the “Global Trends 2015” report that resulted from a long-term collaboration with academia, the private sector, and topic area experts [25].

2.7 The Future of Intelligence

The two primary dimensions of future threats to national (and global) security include the source (from nation-state actors to no-state actors) and the threat-generating mechanism (continuous results of rational nation-state behaviors to discontinuities in complex world affairs). These threat changes and the contrast in intelligence are summarized in Table 2.4. Notice that these changes coincide with the transition from sensor-centric to network- and knowledge-centric approaches to intelligence introduced in Chapter 1.

intelligence must focus on knowledge creation in an enterprise environment that is prepared to rapidly reinvent itself to adapt to emergent threats.

3
Knowledge Management Processes

KM is the term adopted by the business community in the mid 1990s to describe a wide range of strategies, processes, and disciplines that formalize and integrate an enterprise’s approach to organizing and applying its knowledge assets. Some have wondered what is truly new about the concept of managing knowledge. Indeed, many pure knowledge-based organizations (insurance companies, consultancies, financial management firms, futures brokers, and of course, intelligence organizations) have long “managed” knowledge—and such management processes have been the core competency of the business.

The scope of knowledge required by intelligence organizations has increased in depth and breadth as commerce has networked global markets and world threats have diversified from a monolithic Cold War posture. The global reach of networked information, both open and closed sources, has produced a deluge of data—requiring computing support to help human analysts sort, locate, and combine specific data elements to provide rapid, accurate responses to complex problems. Finally, the formality of the KM field has grown significantly in the past decade—developing theories for valuing, auditing, and managing knowledge as an intellectual asset; strategies for creating, reusing, and leveraging the knowledge asset; processes for con- ducting collaborative transactions of knowledge among humans and machines; and network information technologies for enabling and accelerating these processes.

3.1 Knowledge and Its Management

In the first chapter, we introduced the growing importance of knowledge as the central resource for competition in both the nation-state and in business. Because of this, the importance of intelligence organizations providing strategic knowledge to public- and private-sector decision makers is paramount. We can summarize this importance of intelligence to the public or private enterprise in three assertions about knowledge.

First, knowledge has become the central asset or resource for competitive advantage. In the Tofflers’ third wave, knowledge displaces capital, labor, and natural resources as the principal reserve of the enterprise. This is true in wealth creation by businesses and in national security and the conduct of warfare for nation-states.

Second, it is asserted that the management of the knowledge resource is more complex than other resources. The valuation and auditing of knowledge is unlike physical labor or natural resources; knowledge is not measured by “head counts” or capital valuation of physical inventories, facilities, or raw materials (like stockpiles of iron ore, fields of cotton, or petroleum reserves). New methods of quantifying the abstract entity of knowledge—both in people and in explicit representations—are required. In order to accomplish this complex challenge, knowledge managers must develop means to capture, store, create, and exchange knowledge, while dealing with the sensitive security issues of knowing when to protect and when to share (the trade-off between the restrictive “need to know” and the collaborative “need to share”).

The third assertion about knowledge is that its management therefore requires a delicate coordination of people, processes, and supporting technologies to achieve the enterprise objectives of security, stability, and growth in a dynamic world:

People. KM must deal with cultures and organizational structures that enable and reward the growth of knowledge through collaborative learning, reasoning, and problem solving.
Processes. KM must also provide an environment for exchange, discovery, retention, use, and reuse of knowledge across the organization.
Technologies. Finally, IT must be applied to enable the people and processes to leverage the intellectual asset of actionable knowledge.

Definitions of KM as a formal activity are as diverse as its practitioners (Table 3.1), but all have in common the following general characteristics:

KM is based on a strategy that accepts knowledge as the central resource to achieve business goals and that knowledge—in the minds of its people, embedded in processes, and in explicit representations in knowledge bases—must be regarded as an intellectual form of capital to be leveraged. Organizational values must be coupled with the growth of this capital.

KM involves a process that, like a supply chain, moves from raw materials (data) toward knowledge products. The process is involved in acquiring (data), sorting, filtering, indexing and organizing (information), reasoning (analyzing and synthesizing) to create knowledge, and finally disseminating that knowledge to users. But this supply chain is not a “stovepiped” process (a narrow, vertically integrated and compartmented chain); it horizontally integrates the organization, allowing collaboration across all areas of the enterprise where knowledge sharing provides benefits.

KM embraces a discipline and cultural values that accept the necessity for sharing purpose, values, and knowledge across the enterprise to leverage group diversity and perspectives to promote learning and intellectual problem solving. Collaboration, fully engaged communication and cognition, is required to network the full intellectual power of the enterprise.

The U.S. National Security Agency (NSA) has adopted the following “people-oriented” definition of KM to guide its own intelligence efforts:

Strategies and processes to create, identify, capture, organize and leverage vital skills, information and knowledge to enable people to best accomplish the organizational mission.7ryfcv

The DoD has further recognized that KM is the critical enabler for information superiority:

The ability to achieve and sustain information superiority depends, in large measure, upon the creation and maintenance of reusable knowledge bases; the ability to attract, train, and retain a highly skilled work force proficient in utilizing these knowledge bases; and the development of core business processes designed to capitalize upon these assets.

The processes by which abstract knowledge results in tangible effects can be examined as a net of influences that effect knowledge creation and decision making.

The flow of influences in the figure illustrates the essential contributions of shared knowledge.

Dynamic knowledge. At the central core is a comprehensive and dynamic understanding of the complex (business or national security) situation that confronts the enterprise. This understanding accumulates over time to provide a breadth and depth of shared experience, or organizational memory.
Critical and systems thinking. Situational understanding and accumulated experience enables dynamic modeling to provide forecasts from current situations—supporting the selection of adapting organizational goals. Comprehensive understanding (perception) and thorough evaluation of optional courses of actions (judgment) enhance decision making. As experience accumulates and situational knowledge is refined, critical explicit thinking and tacit sensemaking about current situations and the consequences of future actions is enhanced.
Shared operating picture. Shared pictures of the current situation (common operating picture), past situations and outcomes (experience), and forecasts of future outcomes enable the analytic workforce to collaborate and self-synchronize in problem solving.
Focused knowledge creation. Underlying these functions is a focused data and experience acquisition process that tracks and adapts as the business or security situation changes.

While Figure 3.1 maps the general influences of knowledge on goal setting, judgment, and decision making in an enterprise, an understanding of how knowledge influences a particular enterprise in a particular environment is necessary to develop a KM strategy. Such a strategy seeks to enhance organizational knowledge of these four basic areas as well as information security to protect the intellectual assets,

3.2 Tacit and Explicit Knowledge

In the first chapter, we offered a brief introduction to hierarchical taxonomy of data, information, and knowledge, but here we must refine our understanding of knowledge and its construct before we delve into the details of management processes.

In this chapter, we distinguish between the knowledge-creation processes within the knowledge-creating hierarchy (Figure 3.2). The hierarchy illustrates the distinctions we make, in common terminology, between explicit (represented and defined) processes and those that are implicit (or tacit; knowledge processes that are unconscious and not readily articulated).

3.2.1 Knowledge As Object

The most common understanding of knowledge is as an object—the accumulation of things perceived, discovered, or learned. From this perspective, data (raw measurements or observations), information (data organized, related, and placed in context), and knowledge (information explained and the underlying processes understood) are also objects. The KM field has adopted two basic distinctions in the categories of knowledge as object:

Explicit knowledge. This is the better known form of knowledge that has been captured and codified in abstract human symbols (e.g., mathematics, logical propositions, and structured and natural language). It is tangible, external (to the human), and logical. This documented knowledge can be stored, repeated, and taught by books because it is impersonal and universal. It is the basis for logical reasoning and, most important of all, it enables knowledge to be communicated electronically and reasoning processes to be automated.
Tacit knowledge. This is the intangible, internal, experiential, and intuitive knowledge that is undocumented and maintained in the human mind. It is a personal knowledge contained in human experience. Philosopher Michael Polanyi pioneered the description of such knowledge in the 1950s, considering the results of Gestalt psychology and the philosophic conflict between moral conscience and scientific skepticism. In The Tacit Dimension, he describes a kind of knowledge that we cannot tell. This tacit knowledge is characterized by intangible fac- tors such as perception, belief, values, skill, “gut” feel, intuition, “know-how,” or instinct; this knowledge is unconsciously internalized and cannot be explicitly described (or captured) without effort.

An understanding of the relationship between knowledge and mind is of particular interest to the intelligence discipline, because these analytic techniques will serve two purposes:

Mind as knowledge manager. Understanding of the processes of exchanging tacit and explicit knowledge will, of course, aid the KM process itself. This understanding will enhance the efficient exchange of knowledge between mind and computer—between internal and external representations.
Mind as intelligence target. Understanding of the complete human processes of reasoning (explicit logical thought) and sensemaking (tacit, emotional insight) will enable more representative modeling of adversarial thought processes. This is required to understand the human mind as an intelligence target—representing perceptions, beliefs, motives, and intentions

Previously, we have used the terms resource and asset to describe knowledge, but it is not only an object or a commodity to be managed. Knowledge can also be viewed as a dynamic, embedded in processes that lead to action. In the next section, we explore this complementary perspective of knowledge.

3.2.2 Knowledge As Process

Knowledge can also be viewed as the action, or dynamic process of creation, that proceeds from unstructured content to structured understanding. This perspective considers knowledge as action—as knowing. Because knowledge explains the basis for information, it relates static information to a dynamic reality. Knowing is uniquely tied to the creation of meaning.

Karl Weick introduced the term sensemaking to describe the tacit knowing process of retrospective rationality—the method by which individuals and organizations seek to rationally account for things by going back in time to structure events and explanations holistically. We do this, to “make sense” of reality, as we perceive it, and create a base of experience, shared meaning, and understanding.

To model and manage the knowing process of an organization requires attention to both of these aspects of knowledge—one perspective emphasizing cognition, the other emphasizing culture and context. The general knowing process includes four basic phases that can be described in process terms that apply to tacit and explicit knowledge, in human and computer terms, respectively.

This process acquires knowledge by accumulating data through human observation and experience or technical sensing and measurement. The capture of e-mail discussion threads, point-of-sales transactions, or other business data, as well as digital imaging or signals analysis are but examples of the wide diversity of acquisition methods.

Maintenance. Acquired explicit data is represented in a standard form, organized, and stored for subsequent analysis and application in digital databases. Tacit knowledge is stored by humans as experience, skill, or expertise, though it can be elicited and converted to explicit form in terms of accounts, stories (rich explanations), procedures, or explanations.
Transformation. The conversion of data to knowledge and knowledge from one form to another is the creative stage of KM. This knowledge-creation stage involves more complex processes like internalization, intuition, and conceptualization (for internal tacit knowledge) and correlation and analytic-synthetic reasoning (for explicit knowledge). In the next subsection, this process is described in greater detail.
Transfer. The distribution of acquired and created knowledge across the enterprise is the fourth phase. Tacit distribution includes the sharing of experiences, collaboration, stories, demonstrations, and hands-on training. Explicit knowledge is distributed by mathematical, graphical, and textual representations, from magazines and textbooks to electronic media.

the three phases of organizational knowing (focusing on culture) described by Davenport and Prusak in their text Working Knowledge [17]:

Generation. Organizational networks generate knowledge by social processes of sharing, exploring, and creating tacit knowledge (stories, experiences, and concepts) and explicit knowledge (raw data, organized databases, and reports). But these networks must be properly organized for diversity of both experience and perspective and placed under appropriate stress (challenge) to perform. Dedicated cross- functional teams, appropriately supplemented by outside experts and provided a suitable challenge, are the incubators for organizational knowledge generation.
Codification and coordination. Codification explicitly represents generated knowledge and the structure of that knowledge by a mapping process. The map (or ontology) of the organization’s knowledge allows individuals within the organization to locate experts (tacit knowledge holders), databases (of explicit knowledge), and tacit-explicit net- works. The coordination process models the dynamic flow of knowledge within the organization and allows the creation of narratives (stories) to exchange tacit knowledge across the organization.
Transfer. Knowledge is transferred within the organization as people interact; this occurs as they are mentored, temporarily exchanged, transferred, or placed in cross-functional teams to experience new perspectives, challenges, or problem-solving approaches.

3.2.3 Knowledge Creation Model

Nonaka and Takeuchi describe four modes of conversion, derived from the possible exchanges between two knowledge types (Figure 3.5):

Tacit to tacit—socialization. Through social interactions, individuals within the organization exchange experiences and mental models, transferring the know-how of skills and expertise. The primary form of transfer is narrative—storytelling—in which rich context is conveyed and subjective understanding is compared, “reexperienced,” and internalized. Classroom training, simulation, observation, mentoring, and on-the-job training (practice) build experience; moreover, these activities also build teams that develop shared experience, vision, and values. The socialization process also allows consumers and producers to share tacit knowledge about needs and capabilities, respectively.
Tacit to explicit—externalization. The articulation and explicit codification of tacit knowledge moves it from the internal to external. This can be done by capturing narration in writing, and then moving to the construction of metaphors, analogies, and ultimately models. Externalization is the creative mode where experience and concept are expressed in explicit concepts—and the effort to express is in itself a creative act. (This mode is found in the creative phase of writing, invention, scientific discovery, and, for the intelligence analyst, hypothesis creation.)

Explicit to explicit—combination. Once explicitly represented, different objects of knowledge can be characterized, indexed, correlated, and combined. This process can be performed by humans or computers and can take on many forms. Intelligence analysts compare multiple accounts, cable reports, and intelligence reports regarding a common subject to derive a combined analysis. Military surveillance systems combine (or fuse) observations from multiple sensors and HUMINT reports to derive aggregate force estimates. Market analysts search (mine) sales databases for patterns of behavior that indicate emerging purchasing trends. Business developers combine market analyses, research and development results, and cost analyses to create strategic plans. These examples illustrate the diversity of the combination processes that combine explicit knowledge.
Explicit to tacit—internalization. Individuals and organizations internalize knowledge by hands-on experience in applying the results of combination. Combined knowledge is tested, evaluated, and results in new tacit experience. New skills and expertise are developed and integrated into the tacit knowledge of individuals and teams.

Nonaka and Takeuchi further showed how these four modes of conversion operate in an unending spiral sequence to create and transfer knowledge throughout the organization

Organizations that have redundancy of information (in people, processes, and databases) and diversity in their makeup (also in people, processes, and databases) will enhance the ability to move along the spiral. The modes of activity benefit from a diversity of people: socialization requires some who are stronger in dialogue to elicit tacit knowledge from the team; externalization requires others who are skilled in representing knowledge in explicit forms; and internalization benefits from those who experiment, test ideas, and learn from experience, with the new concepts or hypotheses arising from combination.

Organizations can also benefit from creative chaos—changes that punctuate states of organizational equilibrium. These states include static presumptions, entrenched mindsets, and established processes that may have lost validity in a changing environment. Rather than destabilizing the organization, the injection of appropriate chaos can bring new-perspective reflection, reassess- ment, and renewal of purpose. Such change can restart tacit-explicit knowledge exchange, where the equilibrium has brought it to a halt.

3.3 An Intelligence Use Case Spiral

We follow a distributed crisis intelligence cell, using networked collaboration tools, through one complete spiral cycle to illustrate the spiral. This case is deliberately chosen because it stresses the spiral (no face-to-face interaction by the necessarily distributed team, very short time to interact, the temporary nature of the team, and no common “organizational” membership), yet illustrates clearly the phases of tacit-explicit exchange and the practical insight into actual intelligence- analysis activities provided by the model.

3.3.1 The Situation

The crisis in small but strategic Kryptania emerged rapidly. Vital national inter- ests—security of U.S. citizens, U.S. companies and facilities, and the stability of the fledgling democratic state—were at stake. Subtle but cascading effects in the environment, economy, and political domains triggered the small political lib- eration front (PLF) to initiate overt acts of terrorism against U.S. citizens, facili- ties, and embassies in the region while seeking to overthrow the fledgling democratic government.

3.3.2 Socialization

Within 10 hours of the team formation, all members participate in an on-line SBU kickoff meeting (same-time, different-place teleconference collaboration) that introduces all members, describes the group’s intelligence charter and procedures, explains security policy, and details the use of the portal/collaboration workspace created for the team. The team leader briefs the current situation and the issues: areas of uncertainly, gaps in knowledge or collection, needs for information, and possible courses of events that must be better understood. The group is allowed time to exchange views and form their own subgroups on areas of contribution that each individual can bring to the problem. Individuals express concepts for new sources for collection and methods of analysis. In this phase, the dialogue of the team, even though not face to face, is invaluable in rapidly establishing trust and a shared vision for the critical task over the ensuing weeks of the crisis.

3.3.3 Externalization

The initial discussions lead to the creation of initial explicit models of the threat that are developed by various team members and posted on the portal for all to see

The team collaboratively reviews and refines these models by updating new versions (annotated by contributors) and suggesting new submodels (or linking these models into supermodels). This externalization process codifies the team’s knowledge (beliefs) and speculations (to be evaluated) about the threat. Once externalized, the team can apply the analytic tools on the portal to search for data, link evidence, and construct hypothesis structures. The process also allows the team to draw on support from resources outside the team to conduct supporting collections and searches of databases for evidence to affirm, refine, or refute the models.

3.3.4 Combination

The codified models become archetypes that represent current thinking—cur- rent prototype hypotheses formed by the group about the threat (who—their makeup; why—their perceptions, beliefs, intents, and timescales; what—their resources, constraints and limitations, capacity, feasible plans, alternative courses of action, vulnerabilities). This prototype-building process requires the group to structure its arguments about the hypotheses and combine evidence to support its claims. The explicit evidence models are combined into higher level explicit explanations of threat composition, capacity, and behavioral patterns.

Initial (tentative) intelligence products are forming in this phase, and the team begins to articulate these prototype products—resulting in alternative hypotheses and even recommended courses of action

3.3.5 Internalization

As the evidentiary and explanatory models are developed on the portal, the team members discuss (and argue) over the details, internally struggling with acceptance or rejection of the validity of the various hypotheses. Individual team members search for confirming or refuting evidence in their own areas of expertise and discuss the hypotheses with others on the team or colleagues in their domain of expertise (often expressing them in the form of stories or metaphors) to experience support or refutation. This process allows the members to further refine and develop internal belief and confidence in the predictive aspects of the models. As accumulating evidence over the ensuing days strengthens (or refutes) the hypotheses, the process continues to internalize those explanations that the team has developed that are most accurate; they also internalize confidence in the sources and collaborative processes that were most productive for this ramp-up phase of the crisis situation.

3.3.6 Socialization

As the group periodically reconvenes, the subject focuses away from “what we must do” to the evidentiary and explanatory models that have been produced. The dialogue turns from issues of startup processes to model-refinement processes. The group now socializes around a new level of the problem: Gaps in the models, new problems revealed by the models, and changes in the evolving crisis move the spiral toward new challenges to create knowledge about vulnerabilities in the PLF and supporting networks, specific locations of black propaganda creation and distribution, finances of certain funding organizations, and identification of specific operation cells within the Kryptanian government.

3.3.7 Summary

This example illustrates the emergent processes of knowledge creation over the several day ramp-up period of a distributed crisis intelligence team.

The full spiral moved from team members socializing to exchange the tacit knowledge of the situation toward the development of explicit representations of their tacit knowledge. These explicit models allowed other supporting resources to be applied (analysts external to the group and online analytic tools) to link further evidence to the models and structure arguments for (or against) the models. As the models developed, team members discussed, challenged, and internalized their understanding of the abstractions, developing confidence and hands-on experience as they tested them against emerging reports and discussed them with team members and colleagues. The confidence and internalized understanding then led to a drive for further dialogue—initializing a second cycle of the spiral.

3.4 Taxonomy of KM

Using the fundamental tacit-explicit distinctions, and the conversion processes of socialization, externalization, internalization, and combination, we can establish a helpful taxonomy of the processes, disciplines, and technologies of the broad KM field applied to the intelligence enterprise. A basic taxonomy that categorizes the breadth of the KM field can be developed by distinguishing three areas of distinct (though very related) activities:

People. The foremost area of KM emphasis is on the development of intellectual capital by people and the application of that knowledge by those people. The principal knowledge-conversion process in this area is socialization, and the focus of improvement is on human operations, training, and human collaborative processes. The basis of collaboration is human networks, known as communities of practice—sharing purpose, values, and knowledge toward a common mission. The barriers that challenge this area of KM are cultural in nature.
Processes. The second KM area focuses on human-computer interaction (HCI) and the processes of externalization and internalization. Tacit-explicit knowledge conversions have required the development of tacit-explicit representation aids in the form of information visuali- zation and analysis tools, thinking aids, and decision support systems. This area of KM focuses on the efficient networking of people and machine processes (such autonomous support processes are referred to as agents) to enable the shared reasoning between groups of people and their agents through computer networks. The barrier to achieving robustness in such KM processes is the difficulty of creating a shared context of knowledge among humans and machines.
Processors. The third KM area is the technological development and implementation of computing networks and processes to enable explicit-explicit combination. Network infrastructures, components, and protocols for representing explicit knowledge are the subject of this fast-moving field. The focus of this technology area is networked computation, and the challenges to collaboration lie in the ability to sustain growth and interoperability of systems and protocols.

Because the KM field can also be described by the many domains of expertise (or disciplines of study and practice), we can also distinguish five distinct areas of focus that help describe the field. The first two disciplines view KM as a competence of people and emphasize making people knowledgeable:

Knowledge strategists. Enterprise leaders, such as the chief knowledge officer (CKO), focus on the enterprise mission and values, defining value propositions that assign contributions of knowledge to value (i.e., financial or operational). These leaders develop business models to grow and sustain intellectual capital and to translate that capital into organizational values (e.g., financial growth or organizational performance). KM strategists develop, measure, and reengineer business processes to adapt to the external (business or world) environment.
Knowledge culture developers. Knowledge culture development and sustainment is promoted by those who map organizational knowledge and then create training, learning, and sharing programs to enhance the socialization performance of the organization. This includes the cadre of people who make up the core competencies of the organization (e.g., intelligence analysis, intelligence operations, and collection management). In some organizations a chief learning officer (CLO) is designated this role to oversee enterprise human capital, just as the chief financial officer (CFO) manages (tangible) financial capital.

The next three disciplines view KM as an enterprise capability and emphasize building the infrastructure to make knowledge manageable:

KM applications. Those who apply KM principles and processes to specific business applications create both processes and products (e.g., software application packages) to provide component or end-end serv- ices in a wide variety of areas listed in Table 3.10. Some commercial KM applications have been sufficiently modularized to allow them to be outsourced to application service providers (ASPs) [20] that “package” and provide KM services on a per-operation (transaction) basis. This allows some enterprises to focus internal KM resources on organizational tacit knowledge while outsourcing architecture, infra- structure, tools, and technology.
Enterprise architecture. Architects of the enterprise integrate people, processes, and IT to implement the KM business model. The architecting process defines business use cases and process models to develop requirements for data warehouses, KM services, network infrastructures, and computation.
KM technology and tools. Technologists and commercial vendors develop the hardware and software components that physically implement the enterprise. Table 3.10 provides only a brief summary of the key categories of technologies that make up this broad area that encompasses virtually all ITs.

3.5 Intelligence As Capital

We have described knowledge as a resource (or commodity) and as a process in previous sections. Another important perspective of both the resource and the process is that of the valuation of knowledge. The value (utility or usefulness) of knowledge is first and foremost quantified by its impact on the user in the real world.

the value of intelligence goes far beyond financial considerations in national and MI application. In these cases, the value of knowledge must be measured in its impact on national interests: the warning time to avert a crisis, the accuracy necessary to deliver a weapon, the completeness to back up a policy decision, or the evidential depth to support an organized criminal conviction. Knowledge, as an abstraction, has no intrinsic value—its value is measured by its impact in the real world.

In financial terms, the valuation of the intangible aspects of knowledge is referred to as capital—intellectual capital. These intangible resources include the personal knowledge, skills, processes, intellectual property, and relationships that can be leveraged to produce assets of equal or greater importance than other organizational resources (land, labor, and capital).

What is this capital value in our representative business? It is comprised of four intangible components:

Customer capital. This is the value of established relationships with customers, such as trust and reputation for quality.

Intelligence tradecraft recognizes this form of capital in the form of credibility with consumers—“the ability to speak to an issue with sufficient authority to be believed and relied upon by the intended audience”

Innovation capital. Innovation in the form of unique strategies, new concepts, processes, and products based on unique experience form this second category of capital. In intelligence, new and novel sources and methods for unique problems form this component of intellectual capital.
Process capital. Methodologies and systems or infrastructure (also called structural capital) that are applied by the organization make up its process capital. The processes of collection sources and both collection and analytic methods form a large portion of the intelligence organization’s process (and innovation) capital; they are often fragile (once discovered, they may be forever lost) and are therefore carefully protected.
Human capital. The people, individually and in virtual organizations, comprise the human capital of the organization. Their collective tacit knowledge—expressed as dedication, experience, skill, expertise, and insight—form this critical intangible resource.

O’Dell and Grayson have defined three fundamental categories of value propositions in If Only We Knew What We Know [23]:

Operational excellence. These value propositions seek to boost revenue by reducing the cost of operations through increased operating efficiencies and productivity. These propositions are associated with business process reengineering (BPR), and even business transformation using electronic commerce methods to revolutionize the operational process. These efforts contribute operational value by raising performance in the operational value chain.
Product-to-market excellence. The propositions value the reduction in the time to market from product inception to product launch. Efforts that achieve these values ensure that new ideas move to development and then to product by accelerating the product development process. This value emphasizes the transformation of the business, itself (as explained in Section 1.1).
Customer intimacy. These values seek to increase customer loyalty, customer retention, and customer base expansion by increasing intimacy (understanding, access, trust, and service anticipation) with customers. Actions that accumulate and analyze customer data to reduce selling cost while increasing customer satisfaction contribute to this proposition.

For each value proposition, specific impact measures must be defined to quantify the degree to which the value is achieved. These measures quantify the benefits, and utility delivered to stakeholders. Using these measures, the value added by KM processes can be observed along the sequential processes in the business operation. This sequence of processes forms a value chain that adds value from raw materials to delivered product.

Different kinds of measures are recommended for organizations in transition from legacy business models. During periods of change, three phases are recognized [24]. In the first phase, users (i.e., consumers, collection managers, and analysts) must be convinced of the benefits of the new approach, and the measures include metrics as simple as the number of consumers taking training and beginning to use serv- ices. In the crossover phase, when users begin to transition to the systems, measurers change to usage metrics. Once the system approaches steady-state use, financial-benefit measures are applied. Numerous methods have been defined and applied to describe and quantify economic value, including:

Economic value added (EVA) subtracts cost of capital invested from net operating profit;
Portfolio management approaches treats IT projects as individual investments, computing risks, yields, and benefits for each component of the enterprise portfolio;
Knowledge capital is an aggregate measure of management value added (by knowledge) divided by the price of capital [25];
Intangible asset monitor (IAM) [26] computes value in four categories—tangible capital, intangible human competencies, intangible internal structure, and intangible external structure [27].

The four views of the BSC provide a means of “balancing” the measurement of the major causes and effects of organizational performance but also provide a framework for modeling the organization.

3.6 Intelligence Business Strategy and Models

The commercial community has explored a wide range of business models that apply KM (in the widest sense) to achieve key business objectives. These objectives include enhancing customer service to provide long-term customer satisfaction and retention, expanding access to customers (introducing new products and services, expanding to new markets), increasing efficiency in operations (reduced cost of operations), and introducing new network-based goods and services (eCommerce or eBusiness). All of these objectives can be described by value propositions that couple with business financial performance.

The strategies that leverage KM to achieve these objectives fall into two basic categories. The first emphasizes the use of analysis to understand the value chain from first customer contact to delivery. Understanding the value added to the customer by the transactions (as well as delivered goods and services) allows the producer to increase value to the customer. Values that may be added to intelligence consumers by KM include:

Service values. Greater value in services are provided to policymakers by anticipating their intelligence needs, earning greater user trust in accuracy and focus of estimates and warnings, and providing more timely delivery of intelligence. Service value is also increased as producers personalize (tailor) and adapt services to the consumer’s interests (needs) as they change.

Intelligence product values. The value of intelligence products is increased when greater value is “added” by improving accuracy, providing deeper and more robust rationale, focusing conclusions, and building increased consumer confidence (over time).

The second category of strategies (prompted by the eBusiness revolution) seeks to transform the value chain by the introduction of electronic transactions between the customer and retailer. These strategies use network-based advertising, ordering, and even delivery (for information services like banking, investment, and news) to reduce the “friction” of physical-world retailer-customer

These strategies introduce several benefits—all applicable to intelligence:

Disintermediation. This is the elimination of intermediate processes and entities between the customer and producer to reduce transaction fric- tion. This friction adds cost and increases the difficulty for buyers to locate sellers (cost of advertising), for buyers to evaluate products (cost of travel and shopping), for buyers to purchase products (cost of sales) and for sellers to maintain local inventories (cost of delivery). The elimination of “middlemen” (e.g., wholesalers, distributors, and local retailers) in eRetailers such as Amazon.com has reduced transaction and intermediate costs and allowed direct transaction and delivery from producer to customer with only the eRetailer in between. The effect of disintermediation in intelligence is to give users greater and more immediate access to intelligence products (via networks such as the U.S. Intelink) and to analysis services via intelligence portals that span all sources of intelligence.
Infomediation. The effect of disintermediation has introduced the role of the information broker (infomediary) between customer and seller, providing navigation services (e.g., shopping agents or auctioning and negotiating agents) that act on the behalf of customers [31]. Intelligence communities are moving toward greater cross-functional collection management and analysis, reducing the stovepiped organization of intelligence by collection disciplines (i.e., imagery, signals, and human sources). As this happens, the traditional analysis role requires a higher level of infomediation and greater automation because the analyst is expected (by consumers) to become a broker across a wider range of intelligence sources (including closed and open sources).
Customer aggregation. The networking of customers to producers allows rapid analysis of customer actions (e.g., queries for information, browsing through catalogs of products, and purchasing decisions based on information). This analysis enables the producers to better understand customers, aggregate their behavior patterns, and react to (and perhaps anticipate) customer needs. Commercial businesses use these capabilities to measure individual customer patterns and mass market trends to more effectively personalize and target sales and new product developments. Intelligence producers likewise are enabled to analyze warfighter and policymaker needs and uses of intelligence to adapt and tailor products and services to changing security threats.

These value chain transformation strategies have produced a simple taxonomy to distinguish eBusiness models into four categories by the level of transaction between businesses and customers

Business to business (B2B). The large volume of trade between businesses (e.g., suppliers and manufacturers) has been enhanced by network-based transactions (releases of specifications, requests for quotations, and bid responses) reducing the friction between suppliers and producers. High-volume manufacturing industries such as the auto- makers are implementing B2B models to increase competition among suppliers and reduce bid-quote-purchase transaction friction.
2. Business to customer (B2C). Direct networked outreach from producer to consumer has enabled the personal computer (e.g., Dell Computer) and book distribution (e.g., Amazon.com) industries to disintermediate local retailers and reach out on a global scale directly to customers. Similarly, intelligence products are now being delivered (pushed) to consumers on secure electronic networks, via subscription and express order services, analogous to the B2B model.
Customer to business (C2B). Networks also allow customers to reach out to a wider range of businesses to gain greater competitive advantage in seeking products and services.

the introduction of secure intelligence networks and on-line intelligence product libraries (e.g., common operating picture and map and imagery libraries) allows consumers to pull intelligence from a broader range of sources. (This model enables even greater competition between source providers and provides a means of measuring some aspects of intelligence utility based on actual use of product types.)

Customer to customer (C2C). The C2C model automates the mediation process between consumers, enabling consumers to locate those with similar purchasing-selling interests.

3.7 Intelligence Enterprise Architecture and Applications

Just like commercial businesses, intelligence enterprises:

Measure and report to stakeholders the returns on investment. These returns are measured in terms of intelligence performance (i.e., knowledge provided, accuracy and timeliness of delivery, and completeness and sufficiency for decision making) and outcomes (i.e., effects of warnings provided, results of decisions based on knowledge delivered, and utility to set long-term policies).
Service customers, the intelligence consumers. This is done by providing goods (intelligence products such as reports, warnings, analyses, and target folders) and services (directed collections and analyses or tailored portals on intelligence subjects pertinent to the consumers).
Require intimate understanding of business operations and must adapt those operations to the changing threat environment, just as businesses must adapt to changing markets.
Manage a supply chain that involves the anticipation of future needs of customers, the adjustment of the delivery of raw materials (intelligence collections), the production of custom products to a diverse customer base, and the delivery of products to customers just in time [33].

3.7.1 Customer Relationship Management

CRM processes that build and maintain customer loyalty focus on managing the relationship between provider and consumer. The short-term goal is customer satisfaction; the long-term goal is loyalty. Intelligence CRM seeks to provide intelligence content to consumers that anticipates their needs, focuses on the specific information that supports their decision making, and provides drill down to supporting rationale and data behind all conclusions. In order to accomplish this, the consumer-producer relationship must be fully described in models that include:

Consumer needs and uses of intelligence—applications of intelligence for decision making, key areas of customer uncertainty and lack of knowledge, and specific impact of intelligence on the consumer’s decision making;
Consumer transactions—the specific actions that occur between the enterprise and intelligence consumers, including urgent requests, subscriptions (standing orders) for information, incremental and final report deliveries, requests for clarifications, and issuances of alerts.

CRM offers the potential to personalize intelligence delivery to individual decision makers while tracking their changing interests as they browse subject offerings and issue requests through their own custom portals.

3.7.2 Supply Chain Management

The SCM function monitors and controls the flow of the supply chain, providing internal control of planning, scheduling, inventory control, processing, and delivery.

SCM is the core of B2B business models, seeking to integrate front-end suppliers into an extended supply chain that optimizes the entire production process to slash inventory levels, improve on-time delivery, and reduce the order-to-delivery (and payment) cycle time. In addition to throughput efficiency, the B2B models seek to aggregate orders to leverage the supply chain to gain greater purchasing power, translating larger orders to reduced prices. The key impact measures sought by SCM implementations include:

Cash-to-cash cycle time (time from order placement to delivery/ payment);
Delivery performance (percentage of orders fulfilled on or before request date);
Initial fill rate (percentage of orders shipped in supplier’s first ship- ment);
Initial order lead time (supplier response time to fulfill order);
On-time receipt performance (percentage of supplier orders received on time).

Like the commercial manufacturer, the intelligence enterprise operates a supply chain that “manufactures” all-source intelligence products from raw sources of intelligence data and relies on single-source suppliers (i.e., imagery, signals, or human reports).

3.7.3 Business Intelligence

The BI function provides all levels of the organization with relevant information on internal operations and the external business environment (via marketing) to be exploited (analyzed and applied) to gain a competitive advantage. The BI function serves to provide strategic insight into overall enterprise operations based on ready access to operating data.

The emphasis of BI is on explicit data capture, storage, and analysis; through the 1990s, BI was the predominant driver for the implementation of corporate data warehouses, and the development of online analytic processing (OLAP) tools. (BI preceded KM concepts, and the subsequent introduction of broader KM concepts added the complementary need for capture and analysis of tacit and explicit knowledge throughout the enterprise.)

The intelligence BI function should collect and analyze real- time workflow data to provide answers to questions such as:

What are the relative volumes of requests (for intelligence) by type?
What is the “cost” of each category of intelligence product?
What are the relative transaction costs of each stage in the supply chain?
What are the trends in usage (by consumers) of all forms of intelligence over the past 12 months? Over the past 6 months? Over the past week?
Which single sources of incoming intelligence (e.g., SIGINT, IMINT, and MASINT) have greatest utility in all-source products, by product category?

Like their commercial counterparts, the intelligence BI function should not only track the operational flows, they should also track the history of operational decisions—and their effects.

Both operational and decision-making data should be able to be conveniently navigated and analyzed to provide timely operational insight to senior leadership who often ask the question, “What is the cost of a pound of intelligence?”

3.8 Summary

KM provides a strategy and organizational discipline for integrating people, processes, and IT into an effective enterprise.

as noted by Tom Davenport, a leading observer of the discipline:

The first generation of knowledge management within enterprises emphasized the “supply side” of knowledge: acquisition, storage, and dissemination of business operations and customer data. In this phase knowledge was treated much like physical resources and implementation approaches focused on building “warehouses” and “channels” for supply processing and distribution. This phase paid great attention to systems, technology and infrastructure; the focus was on acquiring, accumulating and distributing explicit knowledge in the enterprise [35].

Second generation KM emphasis has turned attention to the demand side of the knowledge economy—seeking to identify value in the collected data to allow the enterprise to add value from the knowledge base, enhance the knowledge spiral, and accelerate innovation. This generation has brought more focus to people (the organization) and the value of tacit knowledge; the issues of sustainable knowledge creation and dissipation throughout the organization are emphasized in this phase. The attention in this generation has moved from understanding knowledge systems to understanding knowledge workers. The third generation to come may be that of KM innovation, in which the knowledge process is viewed as a complete life cycle within the organization, and the emphasis will turn to revolutionizing the organization and reducing the knowledge cycle time to adapt to an ever-changing world environment

The Knowledge-Based Intelligence Organization

National intelligence organizations following World War II were characterized by compartmentalization (insulated specialization for security purposes) that required individual learning, critical analytic thinking, and problem solving by small, specialized teams working in parallel (stovepipes or silos). These stovepipes were organized under hierarchical organizations that exercised central control. The approach was appropriate for the centralized organizations and bipolar security problems of the relatively static Cold War, but the global breadth and rapid dynamics of twenty-first century intelligence problems require more agile networked organizations that apply organization-wide collaboration to replace the compartmentalization of the past. Founded on the virtues of integrity and trust, the disciplines of organizational collaboration, learning, and problem solving must be developed to support distributed intelligence collection, analysis, and production.

This chapter focuses on the most critical factor in organizational knowl- edge creation—the people, their values, and organizational disciplines. The chapter is structured to proceed from foundational virtues, structures, and com- munities of practice (Section 4.1) to the four organizational disciplines that sup- port the knowledge creation process: learning, collaboration, problem solving, and best practices—called intelligence tradecraft.

the people perspective of KM presented in this chapter can be contrasted with the process and technology perspectives (Table 4.1) five ways:

Enterprise focus. The focus is on the values, virtues, and mission shared by the people in the organization.
Knowledge transaction. Socialization, the sharing of tacit knowledge by methods such as story and dialogue, is the essential mode of transac- tion between people for collective learning, or collaboration to solve problems.
The basis for human collaboration lies in shared pur- pose, values, and a common trust.
A culture of trust develops communities that share their best practices and experiences; collaborative problem solving enables the growth of the trusting culture.
The greatest barrier to collaboration is the inability of an organization’s culture to transform and embrace the sharing of values, virtues, and disciplines.

The numerous implementation failures of early-generation KM enterprises have most often occurred because organizations have not embraced the new business models introduced, nor have they used the new systems to collaborate. As a result, these KM implementations have failed to deliver the intellectual capital promised. These cases were generally not failures of process, technology, or infrastructure; rather, they were failures of organizational culture change to embrace the new organizational model. In particular, they failed to address the cultural barriers to organizational knowledge sharing, learning, and problem solving.

Numerous texts have examined these implementation challenges, and all have emphasized that organizational transformation must precede KM system implementations.

4.1 Virtues and Disciplines of the Knowledge-Based Organization

At the core of an agile knowledge-based intelligence organization is the ability to sustain the creation of organizational knowledge through learning and collaboration. Underlying effective collaboration are values and virtues that are shared by all. The U.S. IC, recognizing the need for such agility as its threat environment changes, has adopted knowledge-based organizational goals as the first two of five objectives in its Strategic Intent:

Unify the community through collaborative processes. This includes the implementation of training and business processes to develop an inter-agency collaborative culture and the deployment of supporting technologies.
Invest in people and knowledge. This area includes the assessment of customer needs and the conduct of events (training, exercises, experiments, and conferences/seminars) to develop communities of practice and build expertise in the staff to meet those needs. Supporting infrastructure developments include the integration of collaborative networks and shared knowledge bases.

Clearly identified organizational propositions of values and virtues (e.g., integrity and trust) shared by all enable knowledge sharing—and form the basis for organizational learning, collaboration, problem solving, and best-practices (intelligence tradecraft) development introduced in this chapter. This is a necessary precedent before KM infrastructure and technology is introduced to the organization. The intensely human values, virtues, and disciplines introduced in the following sections are essential and foundational to building an intelligence organization whose business processes are based on the value of shared knowledge.

4.1.1 Establishing Organizational Values and Virtues

The foundation of all organizational discipline (ordered, self-controlled, and structured behavior) is a common purpose and set of values shared by all. For an organization to pursue a common purpose, the individual members must conform to a common standard and a common set of ideals for group conduct.

The knowledge-based intelligence organization is a society that requires virtuous behavior of its members to enable collaboration. Dorothy Leonard-Barton, in Wellsprings of Knowledge, distinguishes two categories of values: those that relate to basic human nature and those that relate to performance of the task. In the first category are big V values (also called moral virtues) that include basic human traits such as personal integrity (consistency, honesty, and reliability), truthfulness, and trustworthiness. For the knowledge worker’s task, the second category (of little v values) includes those values long sought by philosophers to arrive at knowledge or justify true belief. Some epistemologies define intellectual virtue as the foundation of knowledge: Knowledge is a state of belief arising out of intellectual virtue. Intellectual virtues include organizational conformity to a standard of right conduct in the exchange of ideas, in reasoning and in judgment.

Organizational integrity is dependent upon the individual integrity of all contributor—as participants cooperate and collaborate around a central purpose, the virtue of trust (built upon shared trust- worthiness of individuals) opens the doors of sharing and exchange. Essential to this process is the development of networks of conversations that are built on communication transactions (e.g., assertions, declarations, queries, or offers) that are ultimately based in personal commitments. Ultimately, the virtue of organizational wisdom—seeking the highest goal by the best means—must be embraced by the entire organization recognizing a common purpose.

Trust and cooperative knowledge sharing must also be complemented by an objective openness. Groups that place consensus over objectivity become subject to certain dangerous decision-making errors.

4.1.2 Mapping the Structures of Organizational Knowledge

Every organization has a structure and flow of knowledge—a knowledge environment or ecology (emphasizing the self-organizing and balancing characteristics of organizational knowledge networks). The overall process of studying and characterizing this environment is referred to as mapping—explicitly rep- resenting the network of nodes (competencies) and links (relationships, knowledge flow paths) within the organization. The fundamental role of KM organizational analysis is the mapping of knowledge within an existing organization.

the knowledge mapping identifies the intangible tacit assets of the organization. The mapping process is conducted by a variety of means: passive observation (where the analyst works within the community), active interviewing, formal questionnaires, and analysis. As an ethnographic research activity, the mapping analyst seeks to understand the unspoken, informal flows and sources of knowledge in the day-to-day operations of the organization. The five stages of mapping (Figure 4.1) must be conducted in partnership with the owners, users, and KM implementers.

The first phase is the definition of the formal organization chart—the for- mal flows of authority, command, reports, intranet collaboration, and information systems reporting. In this phase, the boundaries, or focus of mapping interest is established. The second phase audits (identifies, enumerates, and quantifies as appropriate) the following characteristics of the organization:

Knowledge sources—the people and systems that produce and articulate knowledge in the form of conversation, developed skills, reports, implemented (but perhaps not documented) processes, and databases.
Knowledge flowpaths—the flows of knowledge, tacit and explicit, for- mal and informal. These paths can be identified by analyzing the transactions between people and systems; the participants in the trans- actions provide insight into the organizational network structure by which knowledge is created, stored, and applied. The analysis must distinguish between seekers and providers of knowledge and their relationships (e.g., trust, shared understanding, or cultural compatibility) and mutual benefits in the transaction.
Boundaries and constraints—the boundaries and barriers that control, guide, or constrict the creation and flow of knowledge. These may include cultural, political (policy), personal, or electronic system characteristics or incompatibilities.
Knowledge repositories—the means of maintaining organizational knowledge, including tacit repositories (e.g., communities of experts that share experience about a common practice) and explicit storage (e.g., legacy hardcopy reports in library holdings, databases, or data warehouses).

Once audited, the audit data is organized in the third phase by clustering the categories of knowledge, nodes (sources and sinks), and links unique to the organization. The structure of this organization, usually a table or a spreadsheet, provides insight into the categories of knowledge, transactions, and flow paths; it provides a format to review with organization members to convey initial results, make corrections, and refine the audit. This phase also provides the foundation for quantifying the intellectual capital of the organization, and the audit categories should follow the categories of the intellectual capital accounting method adopted.

The fourth phase, mapping, transforms the organized data into a structure (often, but not necessarily, graphical) that explicitly identifies the current knowledge network. Explicit and tacit knowledge flows and repositories are distinguished, as well as the social networks that support them. This process of visualizing the structure may also identify clusters of expertise, gaps in the flows, chokepoints, as well as areas of best (and worst) practices within the network.

Once the organization’s current structure is understood, the structure can be compared to similar structures in other organizations by benchmarking in the final phase. Benchmarking is the process of identifying, learning, and adapting outstanding practices and processes from any organization, anywhere in the world, to help an organization improve its performance. Benchmarking gathers the tacit knowledge—the know-how, judgments, and enablers—that explicit knowledge often misses. This process allows the exchange of quantitative performance data and qualitative best-practice knowledge to be shared and com- pared with similar organizations to explore areas for potential improvement and potential risks.

Because the repository provides a pointer to the originating authors, it also provides critical pointers to people, or a directory that identifies people within the agency with experience and expertise by subject

4.1.3 Identifying Communities of Organizational Practice

A critical result of any mapping analysis is the identification of the clusters of individuals who constitute formal and informal groups that create, share, and maintain tacit knowledge on subjects of common interest.

The functional workgroup benefits from stability, established responsibilities, processes and storage, and high potential for sharing. Functional workgroups provide the high-volume knowledge production of the organization but lack the agility to respond to projects and crises.

Cross-functional project teams are shorter term project groups that can be formed rapidly (and dismissed just as rapidly) to solve special intelligence problems, maintain special surveillance watches, prepare for threats, or respond to crises. These groups include individuals from all appropriate functional disciplines—with the diversity often characteristic of the makeup of the larger organization, but on a small scale—with reach back to expertise in functional departments.

M researchers have recognized that such organized commu- nities provide a significant contribution to organizational learning by providing a forum for:

Sharing current problems and issues;
Capturing tacit experience and building repositories of best practices;
Linking individuals with similar problems, knowledge, and experience;
Mentoring new entrants to the community and other interested parties.

Because participation in communities of practice is based on individual interest, not organizational assignment, these communities may extend beyond the duration of temporary assignments and cut across organizational boundaries.

The activities of working, learning, and innovating have traditionally been treated as independent (and conflicting) activities performed in the office, in the classroom, and in the lab. However, studies by John Seely Brown, chief scientist of Xerox PARC, have indicated that once these activities are unified in communities of practice, they have the potential to significantly enhance knowledge transfer and creation.

4.1.4 Initiating KM Projects

The knowledge mapping and benchmarking process must precede implementation of KM initiatives, forming the understanding of current competencies and processes and the baseline for measuring any benefits of change. KM implementation plans within intelligence organizations generally consider four components, framed by the kind of knowledge being addressed and the areas of investment in KM initiatives:

Organizational competencies. The first area includes assessment of workforce competencies and forms the basis of an intellectual capital audit of human capital. This area also includes the capture of best practices (the intelligence business processes, or tradecraft) and the development of core competencies through training and education. This assessment forms the basis of intellectual capital audit.
Social collaboration. Initiatives in this area enforce established face-to-face communities of practice and develop new communities. These activities enhance the socialization process through meetings and media (e.g., newsletters, reports, and directories).
KM networks. Infrastructure initiatives implement networks (e.g., corporate intranets) and processes (e.g., databases, groupware, applications, and analytic tools) to provide for the capture and exchange of explicit knowledge.
Virtual collaboration. The emphasis in this area is applying technology to create connectivity among and between communities of practice. Intranets and collaboration groupware (discussed in Section 4.3.2) enable collaboration at different times and places for virtual teams—and provide the ability to identify and introduce communities with similar interests that may be unaware of each other.

4.1.5 Communicating Tacit Knowledge by Storytelling

The KM community has recognized the strength of narrative communication—dialogue and storytelling—to communicate the values, emotion (feelings, passion), and sense of immersed experience that makeup personalized, tacit knowledge.

The introduction of KM initiatives can bring significant organizational change because it may require cultural transitions in several areas:

Changes in purpose, values, and collaborative virtues;
Construction of new social networks of trust and communication;
Organizational structure changes (networks replace hierarchies);
Business process agility, resulting a new culture of continual change (training to adopt new procedures and to create new products).

All of these changes require participation by the workforce and the communication of tacit knowledge across the organization.

Storytelling provides a complement to abstract, analytical thinking and communication, allowing humans to share experience, insight, and issues (e.g., unarticulated concerns about evidence expressed as “negative feelings,” or general “impressions” about repeated events not yet explicitly defined as threat patterns).

The organic school of KM that applies storytelling to cultural transformation emphasizes a human behavioral approach to organizational socialization, accepting the organization as a complex ecology that may be changed in a large way by small effects.

These effects include the use of a powerful, effective story that communicates in a way that spreads credible tacit knowledge across the entire organization.

This school classifies tacit knowledge into artifacts, skills, heuristics, experience, and natural talents (the so-called ASHEN classification of tacit knowledge) and categorizes an organizations’ tacit knowledge in these classes to understand the flow within informal communities.

Nurturing informal sharing within secure communities of practice and distinguishing such sharing from formal sharing (e.g., shared data, best practices, or eLearning) enables the rich exchange of tacit knowledge when creative ideas are fragile and emergent.

4.2 Organizational Learning

Senge asserted that the fundamental distinction between traditional controlling organizations and adaptive self-learning organizations are five key disciplines including both virtues (commitment to personal and team learning, vision shar- ing, and organizational trust) and skills (developing holistic thinking, team learning, and tacit mental model sharing). Senge’s core disciplines, moving from the individual to organizational disciplines, included:

Personal mastery. Individuals must be committed to lifelong learning toward the end of personal and organization growth. The desire to learn must be to seek a clarification of one’s personal vision and role within the organization.

Systems thinking. Senge emphasized holistic thinking, the approach for high-level study of life situations as complex systems. An element of learning is the ability to study interrelationships within complex dynamic systems and explore and learn to recognize high-level patterns of emergent behavior.

Mental models. Senge recognized the importance of tacit knowledge (mental, rather than explicit, models) and its communication through the process of socialization. The learning organization builds shared mental models by sharing tacit knowledge in the storytelling process and the planning process. Senge emphasized planning as a tacit- knowledge sharing process that causes individuals to envision, articulate, and share solutions—creating a common understanding of goals, issues, alternatives, and solutions.

Shared vision. The organization that shares a collective aspiration must learn to link together personal visions without conflicts or competition, creating a shared commitment to a common organizational goal set.

Team learning. Finally, a learning organization acknowledges and understands the diversity of its makeup—and adapts its behaviors, pat- terns of interaction, and dialogue to enable growth in personal and organizational knowledge.

It is important, here, to distinguish the kind of transformational learning that Senge was referring to (which brings cultural change across an entire organization), from the smaller scale group learning that takes place when an intelligence team or cell conducts a long-term study or must rapidly “get up to speed” on a new subject or crisis.

4.2.1 Defining and Measuring Learning

The process of group learning and personal mastery requires the development of both reasoning and emotional skills. The level of learning achievement can be assessed by the degree to which those skills have been acquired.

The taxonomy of cognitive and affective skills can be related to explicit and tacit knowledge categories, respectively, to provide a helpful scale for measuring the level of knowledge achieved by an individual or group on a particular subject.

4.2.2 Organizational Knowledge Maturity Measurement

The goal of organizational learning is the development of maturity at the organizational level—a measure of the state of an organization’s knowledge about its domain of operations and its ability to continuously apply that knowledge to increase corporate value to achieve business goals.

Carnegie-Mellon University Software Engineering Institute has defined a five-level People Capability Maturity Model® (P-CMM ®) that distinguishes five levels of organizational maturity, which can be measured to assess and quantify the maturity of the workforce and its organizational KM performance. The P-CMM® framework can be applied, for example, to an intelligence organization’s analytic unit to measure current maturity and develop strategy to increase to higher levels of performance. The levels are successive plateaus of practice, each building on the preceding foundation.

4.2.3 Learning Modes

4.2.3.1 Informal Learning

We gain experience by informal modes of learning on the job alone, with men- tors, team members, or while mentoring others. The methods of informal learning are as broad as the methods of exchanging knowledge introduced in the last chapter. But the essence of the learning organization is the ability to translate what has been learned into changed organizational behavior. David Garvin has identified five fundamental organizational methodologies that are essential to implementing the feedback from learning to change; all have direct application in an intelligence organization.

Systematic problem solving. Organizations require a clearly defined methodology for describing and solving problems, and then for implementing the solutions across the organization. Methods for acquiring and analyzing data, synthesizing hypothesis, and testing new ideas must be understood by all to permit collaborative problem solving. The process must also allow for the communication of lessons learned and best practices developed (the intelligence tradecraft) across the organization.
Experimentation. As the external environment changes, the organization must be enabled to explore changes in the intelligence process. This is done by conducting experiments that take excursions from the normal processes to attack new problems and evaluate alternative tools and methods, data sources, or technologies. A formal policy to encourage experimentation, with the acknowledgment that some experiments will fail, allows new ideas to be tested, adapted, and adopted in the normal course of business, not as special exceptions. Experimentation can be performed within ongoing programs (e.g., use of new analytic tools by an intelligence cell) or in demonstration programs dedicated to exploring entirely new ways of conducting analysis (e.g., the creation of a dedicated Web-based pilot project independent of normal operations and dedicated to a particular intelligence subject domain).
Internal experience. As collaborating teams solve a diversity of intelligence problems, experimenting with new sources and methods, the lessons that are learned must be exchanged and applied across the organization. This process of explicitly codifying lessons learned and making them widely available for others to adopt seems trivial, but in practice requires significant organizational discipline. One of the great values of communities of common practice is their informal exchange of lessons learned; organizations need such communities and must support formal methods that reach beyond these communities. Learning organizations take the time to elicit the lessons from project teams and explicitly record (index and store) them for access and application across the organization. Such databases allow users to locate teams with similar problems and lessons learned from experimentation, such as approaches that succeeded and failed, expected performance levels, and best data sources and methods.
External sources of comparison. While the lessons learned just described applied to self learning, intelligence organizations must look to external sources (in the commercial world, academia, and other cooperating intelligence organizations) to gain different perspectives and experiences not possible within their own organizations. A wide variety of methods can be employed to secure the knowledge from external perspectives, such as making acquisitions (in the business world), establishing strategic relationships, the use of consultants, establishing consortia. The process of sharing, then critically comparing qualitative and quantitative data about processes and performance across organizations (or units within a large organization), enables leaders and process owners to objectively review the relative effectiveness of alter- native approaches. Benchmarking is the process of improving performance by continuously identifying, understanding, and adapting outstanding practices and processes found inside and outside the organization [23]. The benchmarking process is an analytic process that requires compared processes to be modeled, quantitatively measured, deeply understood, and objectively evaluated. The insight gained is an understanding of how best performance is achieved; the knowledge is then leveraged to predict the impact of improvements on over- all organizational performance.
Transferring knowledge. Finally, an intelligence organization must develop the means to transfer people (tacit transfer of skills, experience, and passion by rotation, mentoring, and integrating process teams) and processes (explicit transfer of data, information, business processes on networks) within the organization. In Working Knowledge [24], Davenport and Prusak point out that spontaneous, unstructured knowledge exchange (e.g., discussions at the water cooler, exchanges among informal communities of interest, and discussions at periodic knowledge fairs) is vital to an organization’s success, and the organization must adopt strategies to encourage such sharing.

4.2.3.2 Formal Learning

In addition to informal learning, formal modes provide the classical introduc- tion to subject-matter knowledge.

Information technologies have enabled four distinct learning modes that are defined by distinguishing both the time and space of interaction between the learner and the instructor

Residential learning (RL). Traditional residential learning places the students and instructor in the physical classroom at the same time and place. This proximity allows direct interaction between the student and instructor and allows the instructor to tailor the material to the students.
Distance learning remote (DL-remote). Remote distance learning pro- vides live transmission of the instruction to multiple, distributed locations. The mode effectively extends the classroom across space to reach a wider student audience. Two-way audio and video can permit limited interaction between extended classrooms and the instructor.
Distance learning canned (DL-canned). This mode simply packages (or cans) the instruction in some media for later presentation at the student’s convenience (e.g., traditional hardcopy texts, recorded audio or video, or softcopy materials on compact discs) DL-canned materials include computer-based training courseware that has built-in features to interact with the student to test comprehension, adaptively present material to meet a student’s learning style, and link to supplementary materials to the Internet.
Distance learning collaborative (DL-collaborative). The collaborative mode of learning (often described as e-learning) integrates canned material while allowing on-line asynchronous interaction between the student and the instructor (e.g., via e-mail, chat, or videoconference). Collaboration may also occur between the student and software agents (personal coaches) that monitor progress, offer feedback, and recommend effective paths to on-line knowledge.

4.3 Organizational Collaboration

The knowledge-creation process of socialization occurs as communities (or teams) of people collaborate (commit to communicate, share, and diffuse knowledge) to achieve a common purpose.

Collaboration is a stronger term than cooperation because participants are formed around and committed to a com- mon purpose, and all participate in shared activity to achieve the end. If a problem is parsed into independent pieces (e.g., financial analysis, technology analysis, and political analysis), cooperation may be necessary—but not collabo- ration. At the heart of collaboration is intimate participation by all in the creation of the whole—not in cooperating to merely contribute individual parts to the whole.

Collaboration is widely believed to have the potential to perform a wide range of functions together:

Coordinate tasking and workflow to meet shared goals;
Share information, beliefs, and concepts;
Perform cooperative problem-solving analysis and synthesis;
Perform cooperative decision making;
Author team reports of decisions and rationale.

This process of collaboration requires a team (two or more) of individuals that shares a common purpose, enjoys mutual respect and trust, and has an established process to allow the collaboration process to take place. Four levels (or degrees) of intelligence collaboration can be distinguished, moving toward increasing degrees of interaction and dependence among team members

Sociologists have studied the sequence of collaborative groups as they move from inception to decision commitment. Decision emergence theory (DET) defines four stages of collaborative decision making within an individual group: orientation of all members to a common perspective; conflict, during which alternatives are compared and competed; emergence of collaborative alternatives; and finally reinforcement, when members develop consensus and commitment to the group decisions.

4.3.1 Collaborative Culture

First among the means to achieve collaboration is the creation of a collaborating culture—a culture that shares the belief that collaboration (as opposed to competition or other models) is the best approach to achieve a shared goal and that shares a commitment to collaborate to achieve organizational goals.

The collaborative culture must also recognize that teams are heterogeneous in nature. Team members have different tacit (experience, personality style) and cognitive (reasoning style) preferences that influence their unique approach to participating in the collaborative process.

The mix of personalities within a team must be acknowledged and rules of collaborative engagement (and even groupware) must be adapted to allow each member to contribute within the constraints and strengths of their individual styles.

Collaboration facilitators may use Myers-Brigg or other categorization schemes to analyze a particular team’s structure to assess the team’s strengths, weaknesses and overall balance

4.3.2 Collaborative Environments

Collaborative environments describe the physical, temporal, and functional setting within which organizations interact.

4.3.3 Collaborative Intelligence Workflow

The representative team includes:

Intelligence consumer. The State Department personnel requesting the analysis define high-level requirements and are the ultimate customers for the intelligence product. They specify what information is needed: the scope or breadth of coverage, the level of depth, the accuracy required, and the timeframe necessary for policy making.

All-source analytic cell. The all-source analysis cell, which may be a dis- tributed virtual team across several different organizations, has the responsibility to produce the intelligence product and certify its accuracy.

Single-source analysts. Open-source and technical-source analysts (e.g., imagery, signals, or MASINT) are specialists that analyze the raw data collected as a result of special tasking; they deliver reports to the all- source team and certify the conclusions of special analysis.

Collection managers. The collection managers translate all-source requests for essential information (e.g., surveillance of shipping lines, identification of organizations, or financial data) into specific collection tasks (e.g., schedules, collection parameters, and coordination between different sources). They provide the all-source team with a status of their ability to satisfy the team’s requests.

4.3.3.3 The Collaboration Paths

Problem statement.

Interacting with the all-source analytic leader (LDR)—and all-source analysts on the analytic team—the problem is articulated in terms of scope (e.g., area of world, focus nations, and expected depth and accuracy of estimates), needs (e.g., specific questions that must be answered and pol- icy issues) urgency (e.g., time to first results and final products), and expected format of results (e.g., product as emergent results portal or softcopy document).

Problem refinement. The analytic leader (LDR) frames the problem with an explicit description of the consumer requirements and intelligence reporting needs. This description, once approved by the consumer, forms the terms of reference for the activity. The problem statement-refinement loop may be iterated as the situation changes or as intelligence reveals new issues to be studied.
Information requests to collection tasking. Based on the requirements, the analytic team decomposes the problem to deduce specific elements of information needed to model and understand the level of trafficking. (The decomposition process was described earlier in Section 2.4.) The LDR provides these intelligence data requirements to the collec- tion manger (CM) to prepare a collection plan. This planning requires the translation of information needs to a coordinated set of data- collection tasks for humans and technical collection systems. The CM prepares a collection plan that traces planned collection data and means to the analytic team’s information requirements.
Collection refinement. The collection plan is fed back to the LDR to allow the analytic team to verify the completeness and sufficiency of the plan—and to allow a review of any constraints (e.g., limits to coverage, depth, or specificity) or the availability of previously collected relevant data. The information request–collection planning and refinement loop iterates as the situation changes and as the intelligence analysis proceeds. The value of different sources, the benefits of coordinated collection, and other factors are learned by the analytic team as the analysis proceeds, causing adjustments to the collection plan to satisfy information needs.
Cross cueing. The single-source analysts acquire data by searching exist- ing archived data and open sources and by receiving data produced by special collections tasked by the CM. Single-source analysts perform source-unique analysis (e.g., imagery analysis; open-source foreign news report, broadcast translation, and analysis; and human report analysis) As the single-source analysts gain an understanding of the timing of event data, and the relationships between data observed across the two domains, the single-source analysts share these temporal and functional relationships. The cross-cueing collaboration includes one analyst cueing the other to search for corroborating evidence in another domain; one analyst cueing the other to a possible correlated event; or both analysts recommending tasking for the CM to coordinate a special collection to obtain time or functionally correlated data on a specific target. It is important to note that this cross-cueing collaboration, shown here at the single-source analysis level function is also performed within the all-source analysis unit (8), where more subtle cross-source relations may be identified.
Single-source analysis reporting. Single-source analysts report the interim results of analysis to the all-source team, describing the emerging picture of the trafficking networks as well as gaps in information. This path provides the all-source team with an awareness of the progress and contribution of collections, and the added value of the analysis that is delivering an emerging trafficking picture.
Single-source analysis refinement. The all-source team can provide direction for the single-source analysts to focus (“Look into that organization in greater depth”), broaden (“Check out the neighboring countries for similar patterns”), or change (“Drop the study of those shipping lines and focus on rail transport”) the emphasis of analysis and collection as the team gains a greater understanding of the subject. This reporting-refinement collaboration (paths 6 and 7, respectively) precedes publication of analyzed data (e.g., annotated images, annotated foreign reports on trafficking, maps of known and suspect trafficking routes, and lists of known and suspect trafficking organizations) into the analysis base.
All-source analysis collaboration. The all-source team may allocate components of the trafficking-analysis task to individuals with areas of subject matter specialties (e.g., topical components might include organized crime, trafficking routes, finances, and methods), but all contribute to the construction of a single picture of illegal trafficking. The team shares raw and analyzed data in the analysis base, as well as the intelligence products in progress in a collaborative workspace. The LDR approves all product components for release onto the digital production system, which places them onto the intelligence portal for the consumer.

In the initial days, the portal is populated with an initial library of related subject matter data (e.g., open source and intelligence reports and data on illegal trafficking in general). As the analysis proceeds, analytic results are posted to the portal,

4.4 Organizational Problem Solving

Intelligence organizations face a wide range of problems that require planning, searching, and explanation to provide solutions. These problems require reactive solution strategies to respond to emergent situations as well as opportunistic (proactive) strategies to identify potential future problems to be solved (e.g., threat assessments, indications, and warnings).

The process of solving these problems collaboratively requires a defined strategy for groups to articulate a problem and then proceed to collectively develop a solution. In the context of intelligence analysis, organizational problem solving focuses on the following kinds of specific problems:

Planning. Decomposing intelligence needs for data requirements, developing analysis-synthesis procedures to apply to the collected data to draw conclusions, and scheduling the coordinated collection of data to meet those requirements
Discovery. Searching and identifying previously unknown patterns (of objects, events, behaviors, or relationships) that reveal new understanding about intelligence targets. (The discovery reasoning approach is inductive in nature, creating new, previously unrevealed hypotheses.)
Detection. Searching and matching evidence against previously known target hypotheses (templates). (The detection reasoning approach is deductive in nature, testing evidence against known hypotheses.)
Explanation. Estimating (providing mathematical proof in uncertainty) and arguing (providing logical proof in uncertainty) are required to provide an explanation of evidence. Inferential strategies require the description of multiple hypotheses (explanations), the confidence in each one, and the rationale for justifying a decision. Problem-solving descriptions may include the explanation of explicit knowledge via technical portrayals (e.g., graphical representations) and tacit knowledge via narrative (e.g., dialogue and story).

To perform organizational (or collaborative) problem solving in each of these areas, the individuals in the organization must share an awareness of the reasoning and solution strategies embraced by the organization. In each of these areas, organizational training, formal methodologies, and procedural templates provide a framework to guide the thinking process across a group. These methodologies also form the basis for structuring collaboration tools to guide the way teams organize shared knowledge, structure problems, and proceed from problem to solution.

Collaborative intelligence analysis is a difficult form of collaborative problem solving, where the solution often requires the analyst to overcome the efforts of a subject of study (the intelligence target) to both deny the analyst information and provide deliberately deceptive information.

4.4.1 Critical, Structured Thinking

Critical, or structured, thinking is rooted in the development of methods of careful, structured thinking, following the legacy of the philosophers and theologians that diligently articulated their basis for reasoning from premises to conclusions.

Critical thinking is based on the application of a systematic method to guide the collection of evidence, reason from evidence to argument, and apply objective decision-making judgment (Table 4.10). The systematic methodology assures completeness (breadth of consideration), objectivity (freedom from bias in sources, evidence, reasoning, or judgment), consistency (repeatability over a wide range of problems), and rationality (consistency with logic). In addition, critical thinking methodology requires the explicit articulation of the reasoning process to allow review and critique by others. These common methodologies form the basis for academic research, peer review, and reporting—as well as for intelligence analysis and synthesis.

structured methods that move from problem to solution provide a helpful common framework for groups to communicate knowledge and coordi- nate a process from problem to solution. The TQM initiatives of the 1980s expanded the practice of teaching entire organizations common strategies for articulating problems and moving toward solutions. A number of general problem-solving strategies have been developed and applied to intelligence applications, for example (moving from general to specific):

Kepner-TregoeTM. This general problem-solving methodology, introduced in the classic text The Rational Manager [38] and taught to generations of managers in seminars, has been applied to management, engineering, and intelligence-problem domains. This method carefully distinguishes problem analysis (specifying deviations from expectations, hypothesizing causes, and testing for probable causes) and decision analysis (establishing and classifying decision objectives, generating alternative decisions, and comparing consequences).
Multiattribute utility analysis (MAUA). This structured approach to decision analysis quantifies a utility function, or value of all decision factors, as a weighted sum of contributing factors for each alternative decision. Relative weights of each factor sum to unity so the overall utility scale (for each decision option) ranges from 0 to 1.
Alternative competing hypotheses (ACH). This methodology develops and organizes alternative hypotheses to explain evidence, evaluates the evidence across multiple criteria, and provides rationale for reasoning to the best explanation.
Lockwood analytic method for prediction (LAMP). This methodology exhaustively structures and scores alternative futures hypotheses for complicated intelligence problems with many factors. The process enumerates, then compares the relative likelihood of COAs for all actors (e.g., military or national leaders) and their possible outcomes. The method provides a structure to consider all COAs while attempting to minimize the exponential growth of hypotheses.

A basic problem-solving process flow (Figure 4.7), which encompasses the essence of each of these three approaches, includes five fundamental component stages:

Problem assessment. The problem must be clearly defined, and criteria for decision making must be established at the beginning. The problem, as well as boundary conditions, constraints, and the format of the desired solution, is articulated.
Problem decomposition. The problem is broken into components by modeling the “situation” or context of the problem. If the problem is a corporate need to understand and respond to the research and develop- ment initiatives of a particular foreign company, for example, a model of that organization’s financial operations, facilities, organizational structure (and research and development staffing), and products is con- structed. The decomposition (or analysis) of the problem into the need for different kinds of information necessarily requires the composition (or synthesis) of the model. This models the situation of the problem and provides the basis for gathering more data to refine the problem (refine the need for data) and better understand the context.
Alternative analysis. In concert with problem decomposition, alterna- tive solutions (hypotheses) are conceived and synthesized. Conjecture and creativity are necessary in this stage; the set of solutions are catego- rized to describe the range of the solution space. In the example of the problem of understanding a foreign company’s research and develop- ment, these solutions must include alternative explanations of what the competitor might be doing and what business responses should be taken to respond if there is a competitive threat. The competitor ana- lyst must explore the wide range of feasible solutions and associated constraints and variables; alternatives may range from no research and
Problem decomposition. The problem is broken into components by modeling the “situation” or context of the problem. If the problem is a corporate need to understand and respond to the research and develop- ment initiatives of a particular foreign company, for example, a model of that organization’s financial operations, facilities, organizational structure (and research and development staffing), and products is con- structed. The decomposition (or analysis) of the problem into the need for different kinds of information necessarily requires the composition (or synthesis) of the model. This models the situation of the problem and provides the basis for gathering more data to refine the problem (refine the need for data) and better understand the context.
Alternative analysis. In concert with problem decomposition, alternative solutions (hypotheses) are conceived and synthesized. Conjecture and creativity are necessary in this stage; the set of solutions are categorized to describe the range of the solution space. In the example of the problem of understanding a foreign company’s research and development, these solutions must include alternative explanations of what the competitor might be doing and what business responses should be taken to respond if there is a competitive threat. The competitor analyst must explore the wide range of feasible solutions and associated constraints and variables; alternatives may range from no research and development investment to significant but hidden investment in a new, breakthrough product development. Each solution (or explanation, in this case) must be compared to the model, and this process may cause the scope of the model to be expanded in scope, refined, and further decomposed to smaller components.
Decision analysis. In this stage the alternative solutions are applied to the model of the situation to determine the consequences of each solution. In the foreign firm example, consequences are related to both the likelihood of the hypothesis being true and the consequences of actions taken. The decision factors, defined in the first stage, are applied to evaluate the performance, effectiveness, cost, and risk associated with each solution. This stage also reveals the sensitivity of the decision factors to the situation model (and its uncertainties) and may send the analyst back to gather more information about the situation to refine the model [42].
Solution evaluation. The final stage, judgment, compares the outcome of decision analysis with the decision criteria established at the onset. Here, the uncertainties (about the problem, the model of the situation, and the effects of the alternative solutions) are considered and other subjective (tacit) factors are weighed to arrive at a solution decision.

This approach underlies the basis for traditional analytic intelligence methods, because it provides structure, rationale, and formality. But most recognize that the solid tacit knowledge of an experienced analyst provides a complementary basis—or an unspoken confidence that underlies final decisions—that is recognized but not articulated as explicitly as the quantified decision data.

4.4.2 Systems Thinking

In contrast with the reductionism of a purely analytic approach, a more holistic approach to understanding complex processes acknowledges the inability to fully decompose many complex problems into a finite and complete set of linear processes and relationships. This approach, referred to as holism, seeks to understand high-level patterns of behavior in dynamic or complex adaptive systems that transcend complete decomposition (e.g., weather, social organizations, or large-scale economies and ecologies). Rather than being analytic, systems approaches tend to syn- thetic—that is, these approaches construct explanations at the aggregate or large scale and compare them to real-world systems under study.

Complexity refers the property of real-world systems that prohibits any formalism to represent or completely describe its behavior. In contrast with simple systems that may be fully described by some formalism (i.e., mathematical equations that fully describe a real-world process to some level of satisfaction for the problem at hand), complex systems lack a fully descriptive formalism that captures all of their properties, especially global behavior.

systems of subatomic scale, human organizational systems, and large-scale economies, where very large numbers of independent causes interact in large numbers of interactive ways, are characterized by inability to model global behavior—and a frustrating inability to predict future behavior.

The expert’s judgment is based not on an external and explicit decomposition of the problem, but on an internal matching of high-level patterns of prior experience with the current situation. The experienced detective as well as the experienced analyst applies such high-level comparisons of current behaviors with previous tacit (unarticulated, even unconscious) patterns gained through experience.

It is important to recognize that analytic and systems-thinking approaches, though in contrast, are usually applied in a complementary fashion by individuals and team alike. The analytic approach provides the structure, record keeping, and method for articulating decision rationale, while the systems approach guides the framing of the problem, provides the synoptic perspective for exploring alternatives, and provides confidence in judgments.

4.4.3 Naturalistic Decision Making

in times of crisis, when time does not permit the careful methodologies, humans apply more naturalistic methods that, like the systems-thinking mode, rely entirely on the only basis available—prior experience.

Uncontrolled, [information] will control you and your staffs … and lengthen your decision-cycle times.” (Insightfully, the Admiral also noted, “You can only manage from your Desktop Computer … you cannot lead from it”

While long-term intelligence analysis applies the systematic, critical analytic approaches described earlier, crisis intelligence analy- sis may be forced to the more naturalistic methods, where tacit experience (via informal on-the-job learning, simulation, or formal learning) and confidence are critical.

4.5 Tradecraft: The Best Practices of Intelligence

The capture and sharing of best practices was developed and matured through- out the 1980s when the total quality movement institutionalized the processes of benchmarking and recording lessons learned. Two forms of best practices and lessons capture and recording are often cited:

Explicit process descriptions. The most direct approach is to model and describe the best collection, analytic, and distribution processes, their performance properties, and applications. These may be indexed, linked, and organized for subsequent reuse by a team posed with simi- lar problems and instructors preparing formal curricula.
Tacit learning histories. The methods of storytelling, described earlier in this chapter, are also applied to develop a “jointly told” story by the team developing the best practice. Once formulated, such learning histories provide powerful tools for oral, interactive exchanges within the organization; the written form of the exchanges may be linked to the best-practice description to provide context.

While explicit best-practices databases explain the how, learning histories provide the context to explain the why of particular processes.

The CIA maintains a product evaluation staff to evaluate intelligence products, learn from the large range of products produced (estimates, forecasts, technical assessments, threat assessments, and warnings) and maintains the database of best practices for training and distribution to the analytic staff.

4.6 Summary

In this chapter, we have introduced the fundamental cultural qualities, in terms of virtues and disciplines that characterize the knowledge-based intelligence organization. The emphasis has necessarily been on organizational disciplines—learning, collaborating, problem solving—that provide the agility to deliver accurate and timely intelligence products in a changing environment. The virtues and disciplines require support—technology to support collaboration over time and space, to support the capture and retrieval of explicit knowledge, to enable the exchange of tacit knowledge, and to support the cognitive processes in analytic and holistic problem solving.

Principles of Intelligence Analysis and Synthesis

At the core of all knowledge creation are the seemingly mysterious reasoning processes that proceed from the known to the assertion of entirely new knowledge about the previously unknown. For the intelligence analyst, this is the process by which evidence [1], that data deter- mined to be relevant to a problem, is used to infer knowledge about a subject of investigation—the intelligence target. The process must deal with evidence that is often inadequate, undersampled in time, ambiguous, and carries questionable pedigree.

We refer to this knowledge-creating discipline as intelligence analysis and the practitioner as analyst. But analysis properly includes both the processes of analysis (breaking things down) and synthesis (building things up).

5.1 The Basis of Analysis and Synthesis

The process known as intelligence analysis employs both the functions of analysis and synthesis to produce intelligence products.

In a criminal investigation, this leads from a body of evidence, through feasible explanations, to an assembled case. In intelligence, the process leads from intelligence data, through alternative hypotheses, to an intelligence product. Along this trajectory, the problem solver moves forward and backward iteratively seeking a path that connects the known to the solution (that which was previously unknown).

Intelligence analysis-synthesis is very interested in financial, political, economic, military, and many other evidential relationships that may not be causal, but provide understanding of the structure and behavior of human, organizational, physical, and financial entities.

Descriptions of the analysis-synthesis processes can be traced from its roots in philosophy and problem solving to applications in intelligence assessments.

Philosophers distinguish between propositions as analytic or synthetic based on the direction in which they are developed. Propositions in which the predicate (conclusion) is contained within the subject are called analytic because the predicate can be derived directly by logical reasoning forward from the subject; the subject is said to contain the solution. Synthetic propositions on the other hand have predicates and subjects that are independent. The synthetic proposition affirms a connection between otherwise independent concepts.

The empirical scientific method applies analysis and synthesis to develop and then to test hypotheses:

Observation. A phenomenon is observed and recorded as data.
Hypothesis creation. Based upon a thorough study of the data, a working hypothesis is created (by the inductive analysis process or by pure inspi- ration) to explain the observed phenomena.
Experiment development. Based on the assumed hypothesis, the expected results (the consequences) of a test of the hypothesis are synthesized (by deduction).
Hypothesis testing. The experiment is performed to test the hypothesis against the data.

When the consequences of the test are confirmed, the hypothesis is verified (as a theory or law depending upon the degree of certainty).

The analyst iteratively applies analysis and synthesis to move forward from evidence and backward from hypothesis to explain the available data (evidence). In the process, the analyst identifies more data to be collected, critical missing data, and new hypotheses to be explored. This iterative analysis-synthesis process provides the necessary traceability from evidence to conclusion that will allow the results (and the rationale) to be explained with clarity and depth when completed.

5.2 The Reasoning Processes

Reasoning processes that analyze evidence and synthesize explanations perform inference (i.e., they create, manipulate, evaluate, modify, and assert belief). We can characterize the most fundamental inference processes by their process and products:

Process. The direction of the inference process refers to the way in which beliefs are asserted. The process may move from specific (or particular) beliefs toward more general beliefs, or from general beliefs to assert more specific beliefs.
Products. The certainty associated with an inference distinguishes two categories of results of inference. The asserted beliefs that result from inference may be infallible (e.g., an analytic conclusion is derived from infallible beliefs and infallible logic is certain) or fallible judgments (e.g., a synthesized judgment is asserted with a measure of uncertainty; “probably true,” “true with 0.95 probability,” or “more likely true than false”).

5.2.1 Deductive Reasoning

Deduction is the method of inference by which a conclusion is inferred by applying the rules of a logical system to manipulate statements of belief to form new logically consistent statements of belief. This form of inference is infallible, in that the conclusion (belief) must be as certain as the premise (belief). It is belief preserving in that conclusions reveal no more than that expressed in the original premises. Deduction can be expressed in a variety of syllogisms, including the more common forms of propositional logic.

5.2.2 Inductive Reasoning

Induction is the method of inference by which a more general or more abstract belief is developed by observing a limited set of observations or instances.

Induction moves from specific beliefs about instances to general beliefs about larger and future populations of instances. It is a fallible means of inference.

The form of induction most commonly applied to extend belief from a sample of instances to a larger population, is inductive generalization:

By this method, analysts extend the observations about a limited number of targets (e.g., observations of the money laundering tactics of several narcotics rings within a drug cartel) to a larger target population (e.g., the entire drug cartel).

Inductive prediction extends belief from a population to a specific future sample.

By this method, an analyst may use several observations of behavior (e.g., the repeated surveillance behavior of a foreign intelligence unit) to create a general detection template to be used to detect future surveillance activities by that or other such units. The induction presumes future behavior will follow past patterns.

In addition to these forms, induction can provide a means of analogical reasoning (induction on the basis of analogy or similarity) and inference to relate cause and effect. The basic scientific method applies the principles of induction to develop hypotheses and theories that can subsequently be tested by experimentation over a larger population or over future periods of time. The subject of induction is central to the challenge of developing automated systems that generalize and learn by inducing patterns and processes (rules).

Koestler uses the term bisociation to describe the process of viewing multiple explanations (or multiple associations) of the same data simultaneously. In the example in the figure, the data can be projected onto a common plane of discernment in which the data represents a simple curved line; projected onto an orthogonal plane, the data can explain a sinusoid. Though undersampled, as much intelligence data is, the sinusoid represents a new and novel explanation that may remain hidden if the analyst does not explore more than the common, immediate, or simple interpretation.

In a similar sense, the inductive discovery by an intelligence analyst (aha!) may take on many different forms, following the simple geometric metaphor. For example:

A subtle and unique correlation between the timing of communications (by traffic analysis) and money transfers of a trading firm may lead to the discovery of an organized crime operation.
A single anomalous measurement may reveal a pattern of denial and deception to cover the true activities at a manufacturing facility in which many points of evidence, are, in fact deceptive data “fed” by the deceiver. Only a single piece of anomalous evidence (D5 in the figure) is the clue that reveals the existence of the true operations (a new plane in the figure). The discovery of this new plane will cause the analyst to search for additional supporting evidence to support the deception hypothesis.

Each frame of discernment (or plane in Koestler’s metaphor) is a framework for creating a single or a family of multiple hypotheses to explain the evidence. The creative analyst is able to entertain multiple frames of discernment, alternatively analyzing possible “fits” and constructing new explanations, exploring the many alternative explanations. This is Koestler’s constructive-destructive process of discovery.

Collaborative intelligence analysis (like collaborative scientific discovery) may produce a healthy environment for creative induction or an unhealthy competitive environment that stifles induction and objectivity. The goal of collaborative analysis is to allow alternative hypotheses to be conceived and objectively evaluated against the available evidence and to guide the tasking for evidence to confirm or disconfirm the alternatives.

5.2.3 Abductive Reasoning

Abduction is the informal or pragmatic mode of reasoning to describe how we “reason to the best explanation” in everyday life. Abduction is the practical description of the interactive use of analysis and synthesis to arrive at a solution or explanation creating and evaluating multiple hypotheses.

Unlike infallible deduction, abduction is fallible because it is subject to errors (there may be other hypotheses not considered or another hypothesis, however unlikely, may be correct). But unlike deduction, it has the ability to extend belief beyond the original premises. Peirce contended that this is the logic of discovery and is a formal model of the process that scientists apply all the time.

Consider a simple intelligence example that implements the basic abduc- tive syllogism. Data has been collected on a foreign trading company, TraderCo, which indicates its reported financial performance is not consistent with (less than) its level of operations. In addition, a number of its executives have subtle ties with organized crime figures.

The operations of the company can be explained by at least three hypotheses:

Hypothesis (H1)—TraderCo is a legitimate but poorly run business; its board is unaware of a few executives with unhealthy business contacts.

Hypothesis (H2)—TraderCo is a legitimate business with a naïve board that is unaware that several executives who gamble are using the business to pay off gambling debts to organized crime.

Hypothesis (H3)—TraderCo is an organized crime front operation that is trading in stolen goods and laundering money through the business, which reports a loss.

Hypothesis H3 best explains the evidence.

∴ Therefore, Accept Hypothesis H3 as the best explanation.

Of course, the critical stage of abduction unexplained in this set of hypotheses is the judgment that H3 is the best explanation. The process requires a criteria for ranking hypotheses, a method for judging which is best, and a method to assure that the set of candidate hypotheses cover all possible (or feasible) explanations.

5.2.3.1 Creating and Testing Hypotheses

Abduction introduces the competition among multiple hypotheses, each being an attempt to explain the evidence available. These alternative hypotheses can be compared, or competed on the basis of how well they explain (or fit) the evidence. Furthermore, the created alternative hypotheses provide a means of identifying three categories of evidence important to explanation:

Positive evidence. This is evidence revealing the presence of an object or occurrence of an event in a hypothesis.
Missing evidence. Some hypotheses may fit the available evidence, but the hypothesis “predicts” that additional evidence that should exist if the hypothesis were true is “missing.” Subsequent searches and testing for this evidence may confirm or disconfirm the hypothesis.
Negative evidence. Hypotheses that contain evidence of a nonoccurrence of an event (or nonexistence of an object) may confirm a hypothesis.

5.2.3.2 Hypothesis Selection

Abduction also poses the issue of defining which hypothesis provides the best explanation of the evidence. The criteria for comparing hypotheses, at the most fundamental level, can be based on two principle approaches established by philosophers for evaluating truth propositions about objective reality [18]. The correspondence theory of the truth of a proposition p is true is to maintain that “p corresponds to the facts.”

For the intelligence analyst this would equate to “hypothesis h corresponds to the evidence”—it explains all of the pieces of evidence, with no expected evidence missing, all without having to leave out any contradictory evidence. The coherence theory of truth says that a proposition’s truth consists of its fitting into a coherent system of propositions that create the hypothesis. Both concepts contribute to practical criteria for evaluating competing hypotheses

5.3 The Integrated Reasoning Process

The analysis-synthesis process combines each of the fundamental modes of reasoning to accumulate, explore, decompose to fundamental elements, and then fit together evidence. The process also creates hypothesized explanations of the evidence and uses these hypotheses to search for more confirming or refuting elements of evidence to affirm or prune the hypotheses, respectively.

This process of proceeding from an evidentiary pool to detections, explanations, or discovery has been called evidence marshaling because the process seeks to marshal (assemble and organize) into a representation (a model) that:

Detects the presence of evidence that match previously known premises (or patterns of data);
Explains underlying processes that gave rise to the evidence;
Discovers new patterns in the evidence—patterns of circumstances or behaviors not known before (learning).

The figure illustrates four basic paths that can proceed from the pool of evidence, our three fundamental inference modes and a fourth feedback path:

Deduction. The path of deduction tests the evidence in the pool against previously known patterns (or templates) that represent hypotheses of activities that we seek to detect. When the evidence fits the hypothesis template, we declare a match. When the evidence fits multiple hypotheses simultaneously, the likelihood of each hypothesis (determined by the strength of evidence for each) is assessed and reported. (This likelihood may be computed probabilistically using Bayesian methods, where evidence uncertainty is quantified as a probability and prior probabilities of the hypotheses are known.)
Retroduction. This feedback path, recognized and named by C.S. Peirce as yet another process of reasoning, occurs when the analyst conjectures (synthesizes) a new conceptual hypothesis (beyond the cur- rent frame of discernment) that causes a return to the evidence to seek evidence to match (or test) this new hypothesis. The insight Peirce provided is that in the testing of hypotheses, we are often inspired to realize new, different hypotheses that might also be tested. In the early implementation of reasoning systems, the forward path of deduction was often referred to as forward chaining by attempting to automatically fit data to previously stored hypothesis templates; the path of retroduction was referred to as backward chaining, where the system searched for data to match hypotheses queried by an inspired human operator.
Abduction. The abduction process, like induction, creates explanatory hypotheses inspired by the pool evidence and then, like deduction, attempts to fit items of evidence to each hypothesis to seek the best explanation. In this process, the candidate hypotheses are refined and new hypotheses are conjectured. The process leads to comparison and ranking of the hypotheses, and ultimately the best is chosen as the explanation. As a part of the abductive process, the analyst returns to the pool of evidence to seek support for these candidate explanations; this return path is called retroduction.
Induction. The path of induction considers the entire pool of evidence to seek general statements (hypotheses) about the evidence. Not seeking point matches to the small sets of evidence, the inductive path conjectures new and generalized explanation of clusters of similar evidence; these generalizations may be tested across the evidence to determine the breadth of applicability before being declared as a new discovery.

5.4 Analysis and Synthesis As a Modeling Process

The fundamental reasoning processes are applied to a variety of practical ana- lytic activities performed by the analyst.

Explanation and description. Find and link related data to explain entities and events in the real world.
Detection. Detect and identify the presence of entities and events based on known signatures. Detect potentially important deviations, including anomaly detection of changes relative to “normal” or “expected” state or change detection of changes or trends over time.
Discovery. Detect the presence of previously unknown patterns in data (signatures) that relate to entities and events.
Estimation. Estimate the current qualitative or quantitative state of an entity or event.
Prediction. Anticipate future events based on detection of known indicators; extrapolate current state forward, project the effects of linear fac- tors forward, or simulate the effects of complex factors to synthesize possible future scenarios to reveal anticipated and unanticipated (emergent) futures.

In each of these cases, we can view the analysis-synthesis process as an evidence-decomposing and model-building process.

The objective of this process is to sort through and organize data (analyze) and then to assemble (synthesize), or marshal related evidence to create a hypothesis—an instantiated model that represents one feasible representation of the intelligence subject (target). The model is used to marshal evidence, evaluate logical argumentation, and provide a tool for explanation of how the available evidence best fits the analyst’s conclusion. The model also serves to help the analyst understand what evidence is missing, what strong evidence supports the model, and where negative evidence might be expected. The terminology we use here can be clarified by the following distinctions:

A real intelligence target is abstracted and represented by models.
A model has descriptive and stated attributes or properties.
A particular instance of a model, populated with evidence-derived and conjectured properties, is a hypothesis.

A target may be described by multiple models, each with multiple instances (hypotheses). For example, if our target is the financial condition of a designated company, we might represent the financial condition with a single financial model in the form of a spreadsheet that enumerates many financial attributes. As data is collected, the model is populated with data elements, some reported publicly and others estimated. We might maintain three instances of the model (legitimate company, faltering legitimate company, and illicit front organization), each being a competing explanation (or hypothesis) of the incomplete evidence. These hypotheses help guide the analyst to identify the data required to refine, affirm, or discard existing hypotheses or to create new hypotheses.

Explicit model representations provide a tool for collaborative construction, marshaling of evidence, decomposition, and critical examination. Mental and explicit modeling are complementary tools of the analyst; judgment must be applied to balance the use of both.

Former U.S. National Intelligence Officer for Warning (1994–1996) Mary McCarthy has emphasized the importance of the explicit modeling to analysis:

Rigorous analysis helps overcome mindset, keeps analysts who are immersed in a mountain of new information from raising the bar on what they would consider an alarming threat situation, and allows their minds to expand other possibilities. Keeping chronologies, maintaining databases and arraying data are not fun or glamorous. These techniques are the heavy lifting of analysis, but this is what analysts are supposed to do [19].

The model is an abstract representation that serves two functions:

Model as hypothesis. Based on partial data or conjecture alone, a model may be instantiated as a feasible proposition to be assessed, a hypothesis. In a homicide investigation, each conjecture for “who did it” is a hypothesis, and the associated model instance is a feasible explanation for “how they did it.” The model provides a framework around which data is assembled, a mechanism for examining feasibility, and a basis for exploring data to confirm or refute the hypothesis.
Model as explanation. As evidence (relevant data that fits into the model) is assembled on the general model framework to form a hypothesis, different views of the model provide more robust explanations of that hypothesis. Narrative (story), timeline, organization relationships, resources, and other views may be derived from a common model.

The process of implementing data decomposition (analysis) and model construction-examination (synthesis) can be depicted in three process phases or spaces of operation (Figure 5.6):

Data space. In this space, data (relevant and irrelevant, certain and ambiguous) are indexed and accumulated. Indexing by time (of collection and arrival), source, content topic, and other factors is performed to allow subsequent search and access across many dimensions.
Argumentation space. The data is reviewed; selected elements of potentially relevant data (evidence) are correlated, grouped, and assembled into feasible categories of explanations, forming a set (structure) of high-level hypotheses to explain the observed data. This process applies exhaustive searches of the data space, accepting some as relevant and discarding others. In this phase, patterns in the data are dis- covered, although all the data in the patterns may not be present; these patterns lead to the creation of hypotheses even though all the data may not exist. Examination of the data may lead to creation of hypotheses by conjecture, even though no data supports the hypothesis at this point. The hypotheses are examined to determine what data would be required to reinforce or reject each; hypotheses are ranked in terms of likelihood and needed data (to reinforce or refute). The models are tested and various excursions are examined. This space is the court in which the case is made for each hypothesis, and they are judged for completeness, sufficiency, and feasibility. This examination can lead to requests for additional data, refinements of the current hypotheses, and creation of new hypotheses.
Explanation space. Different “views” of the hypothesis model provide explanations that articulate the hypothesis and relate the supporting evidence. The intelligence report can include a single model and explanation that best fits the data (when data is adequate to assert the single answer) or alternative competing models, as well as the sup- porting evidence for each and an assessment of the implications of each. Figure 5.6 illustrates several of the views often used: timelines of events, organization-relationship diagrams, annotated maps and imagery, and narrative story lines.

For a single target under investigation, we may create and consider (or entertain) several candidate hypotheses, each with a complete set of model views. If, for example, we are trying to determine the true operations of the foreign company introduced earlier, TradeCo, we may hold several hypotheses:

H1—The company is a legal clothing distributor, as advertised.
H2 —The company is a legal clothing distributor, but company executives are diverting business funds for personal interests.
H3—The company is a front operation to cover organized crime, where hypothesis 3 has two sub-hypotheses:

H31—The company is a front for drug trafficking.
• H32—The company is a front for terrorism money laundering.

In this case, H1, H2, H31, and H32 are the four root hypotheses, and the analyst identifies the need to create an organizational model, an operations flow-process model, and a financial model for each of the four hypotheses—creating 4 × 3 = 12 models.

5.5 Intelligence Targets in Three Domains

We have noted that intelligence targets may be objects, events, or dynamic processes—or combinations of these. The development of information operations has brought a greater emphasis on intelligence targets that exist not only in the physical domain, but in the realms of information (e.g., networked computers and information processes) and human decision making.

Information operations (IO) are those actions taken to affect an adversary’s information and information systems, while defending one’s own information and information systems. The U.S. Joint Vision 2020 describes the Joint Chiefs of Staff view of the ultimate purpose of IO as “to facilitate and protect U.S. decision-making processes, and in a conflict, degrade those of an adversary”.

The JV2020 builds on the earlier JV2010 [26] and retains the fundamental operational concepts, two with significant refinements that emphasize IO. The first is the expansion of the vision to encompass the full range of operations (nontraditional, asymmetric, unconventional ops), while retaining warfighting as the primary focus. The second refinement moves information superiority concepts beyond technology solutions that deliver information to the concept of superiority in decision making. This means that IO will deliver increased information at all levels and increased choices for commanders. Conversely, it will also reduce information to adversary commanders and diminish their decision options. Core to these concepts and challenges is the notion that IO uniquely requires the coordination of intelligence, targeting, and security in three fundamental realms, or domains of human activities.

These are likewise the three fundamental domains of intelligence targets, and each must be modeled:

The physical domain encompasses the material world of mass and energy. Military facilities, vehicles, aircraft, and personnel make up the principal target objects of this domain. The orders of battle that measure military strength, for example, are determined by enumerating objects of the physical world.
The abstract symbolic domain is the realm of information. Words, numbers, and graphics all encode and represent the physical world, storing and transmitting it in electronic formats, such as radio and TV signals, the Internet, and newsprint. This is the domain that is expanding at unprecedented rates, as global ideas, communications, and descriptions of the world are being represented in this domain. The domain includes the cyberspace that has become the principal means by which humans shape their perception of the world. It interfaces the physical to the cognitive domains.
The cognitive domain is the realm of human thought. This is the ultimate locus of all information flows. The individual and collective thoughts of government leaders and populations at large form this realm. Perceptions, conceptions, mental models, and decisions are formed in this cognitive realm. This is the ultimate target of our adversaries: the realm where uncertainties, fears, panic, and terror can coerce and influence our behavior.

Current IO concepts have appropriately emphasized the targeting of the second domain—especially electronic information systems and their information content. The expansion of networked information systems and the reliance on those systems has focused attention on network-centric forms of warfare. Ultimately, though, IO must move toward a focus on the full integration of the cognitive realm with the physical and symbolic realms to target the human mind

Intelligence must understand and model the complete system or complex of the targets of IO: the interrelated systems of physical behavior, information perceived and exchanged, and the perception and mental states of decision makers.

Of importance to the intelligence analyst is the clear recognition that most intelligence targets exist in all three domains, and models must consider all three aspects.

The intelligence model of such an organization must include linked models of all three domains—to provide an understanding of how the organization perceives, decides, and communicates through a networked organization, as well as where the people and other physical objects are moving in the physical world. The concepts of detection, identification, and dynamic tracking of intelligence targets apply to objects, events, and processes in all three domains.

5.6 Summary

the analysis-synthesis process proceeds from intelligence analysis to operations analysis and then to policy analysis.

The knowledge-based intelligence enterprise requires the capture and explicit representation of such models to permit collaboration among these three disciplines to achieve the greatest effectiveness and sharing of intellectual capital.

The Practice of Intelligence Analysis and Synthesis

The chapter moves from high-level functional flow models toward the processes implemented by analysts.

A practical description of the process by one author summarizes the perspective of the intelligence user:

A typical intelligence production consists of all or part of three main elements: descriptions of the situation or event with an eye to identifying its essential characteristics; explanation of the causes of a development as well as its significance and implications; and the prediction of future developments. Each element contains one or both of these components: data, pro- vided by knowledge and incoming information and assessment, or judgment, which attempts to fill the gaps in the data

Consumers expect description, explanation, and prediction; as we saw in the last chapter, the process that delivers such intelligence is based on evidence (data), assessment (analysis-synthesis), and judgment (decision).

6.1 Intelligence Consumer Expectations

The U.S. Government Accounting Office (GAO) noted the need for greater clarity in the intelligence delivered in U.S. national intelligence estimates (NIEs) in a 1996 report, enumerating five specific standards for analysis, from the perspective of policymakers.

Based on a synthesis of the published views of current and former senior intelligence officials, the reports of three independent commissions, and a CIA publication that addressed the issue of national intelligence estimating, an objective NIE should meet the following standards [2]:

[G1]: quantify the certainty level of its key judgments by using percentages or bettors’ odds, where feasible, and avoid overstating the certainty of judgments (note: bettors’ odds state the chance as, for example, “one out of three”);
[G2]: identify explicitly its assumptions and judgments;
[G3]: develop and explore alternative futures: less likely (but not impossible) scenarios that would dramatically change the estimate if they occurred;
[G4]: allow dissenting views on predictions or interpretations;
[G5]: note explicitly what the IC does not know when the information gaps could have significant consequences for the issues under consideration.

The Commission would urge that the [IC] adopt as a standard of its meth- odology that in addition to considering what they know, analysts consider as well what they know they don’t know about a program and set about fill- ing gaps in their knowledge by:

[R1] taking into account not only the output measures of a program, but the input measures of technology, expertise and personnel from both internal sources and as a result of foreign assistance. The type and rate of foreign assis- tance can be a key indicator of both the pace and objective of a program into which the IC otherwise has little insight.
[R2] comparing what takes place in one country with what is taking place in others, particularly among the emerging ballistic missile powers. While each may be pursuing a somewhat different development program, all of them are pursuing programs fundamentally different from those pursued by the US, Russia and even China. A more systematic use of comparative methodologies might help to fill the information gaps.
[R3] employing the technique of alternative hypotheses. This technique can help make sense of known events and serve as a way to identify and organize indicators relative to a program’s motivation, purpose, pace and direction. By hypothesizing alternative scenarios a more adequate set of indicators and col- lection priorities can be established. As the indicators begin to align with the known facts, the importance of the information gaps is reduced and the likely outcomes projected with greater confidence. The result is the possibility for earlier warning than if analysts wait for proof of a capability in the form of hard evidence of a test or a deployment. Hypothesis testing can provide a guide to what characteristics to pursue, and a cue to collection sensors as well.
[R4] explicitly tasking collection assets to gather information that would dis- prove a hypothesis or fill a particular gap in a list of indicators. This can prove a wasteful use of scarce assets if not done in a rigorous fashion. But moving from the highly ambiguous absence of evidence to the collection of specific evidence of absence can be as important as finding the actual evidence [3].

intelligence consumers want more than estimates or judgments; they expect concise explanations of the evidence and reasoning processes behind judgments with substantiation that multiple perspectives, hypotheses, and consequences have been objectively considered.

They expect a depth of analysis-synthesis that explicitly distinguishes assumptions, evidence, alternatives, and consequences—with a means of quantifying each contribution to the outcomes (judgments).

6.2 Analysis-Synthesis in the Intelligence Workflow

Analysis-synthesis is one process within the intelligence cycle… It represents a process that is practically implemented as a continuum rather than a cycle, with all phases being implemented concurrently and addressing a multitude of different intelligence problems or targets.

The stimulus-hypothesis-option-response (SHOR) model, described by Joseph Wohl in 1986, emphasizes the consideration of multiple perception hypotheses to explain sensed data and assess options for response.

The observe-orient-decide-act (OODA) loop, developed by Col. John Warden, is a high-level abstraction of the military command and control loop that considers the human decision-making role and its dependence on observation and orientation—the process of placing the observations in perceptual framework for decision making.

The tasking, processing, exploitation, dissemination (TPED) model used by U.S. technical collectors and processors [e.g., the U.S. National Reconnaissance Office (NRO), the National Imagery and Mapping Agency (NIMA), and the National Security Agency (NSA)] distinguishes between the processing elements of the national technical-means intelligence channels (SIGINT, IMINT, and MASINT) and the all-source analytic exploitation roles of the CIA and DIA.

The DoD Joint Directors of Laboratories (JDL) data fusion model is a more detailed technical model that considers the use of multiple sources to produce a common operating picture of individual objects, situations (the aggregate of objects and their behaviors), and the consequences or impact of those situations. The model includes a hierarchy of data correlation and combination processes at three levels (level 0: signal refinement; level 1: object refinement; level 2: situation refinement; level 3: impact refinement) and a corresponding feedback control process (level 4: process refinement) [10]. The JDL model is a functional representation that accommodates automated processes and human processes and provides detail within both the processing and analysis steps. The model is well suited to organize the structure of automated processing stages for technical sensors (e.g., imagery, signals, and radar).

Level 0: signal refinement automated processing correlates and combines raw signals (e.g., imagery pixels or radar signals intercepted from multiple locations) to detect objects and derive their location, dynamics, or identity.
Level 1: object refinement processing detects individual objects and correlates and combines these objects across multiple sources to further refine location, dynamics, or identity information.
Level 2: situation refinement analysis correlates and combines the detected objects across all sources within the background context to produce estimates of the situation—explaining the aggregate of static objects and their behaviors in context to derive an explanation of activities with estimated status, plans, and intents.
Level 3: impact refinement analysis estimates the consequences of alternative courses of action.
The level 4 process refinement flows are not shown in the figure, though all forward processing levels can provide inputs to refine the process to: focus collection or processing on high-value targets, refine processing parameters to filter unwanted content, adjust database indexing of intermediate data, or improve overall efficiency of the production process. The level 4 process effectively performs the KM business intelligence functions introduced in Section 3.7.

The analysis stage employs semiautomated detection and discovery tools to access the data in large databases produced by the processing stage. In general, the processing stage can be viewed as a factory of processors, while the analysis stage is a lower volume shop staffed by craftsmen—the analytic team.

6.3 Applying Automation

Automated processing has been widely applied to level 1 object detection (e.g., statistical pattern recognition) and to a lesser degree to level 2 situation recognition problems (e.g., symbolic artificial intelligence systems) for intelligence applications.

Viewing these dimensions as the number of nodes (causes) and number of interactions (influencing the scale of effects) in a dynamic system, the problem space depicts the complexity of the situation being analyzed:

Causal diversity. The first dimension relates to the number of causal fac- tors, or actors, that influence the situation behavior.
Scale of effects. The second dimension relates to the degree of interaction between actors, or the degree to which causal factors influence the behavior of the situation.

As both dimensions increase, the potential for nonlinear behavior increases, making it more difficult to model the situation being analyzed.

These problems include the detection of straightforward objects in images, content patterns in text, and emitted signal matching. More difficult problems still in this category include dynamic situations with moderately higher numbers of actors and scales of effects that require qualitative (propositional logic) or quantitative (statistical modeling) reasoning processes.

The most difficult category 3 problems, intractable to fully automated analysis, are those complex situations characterized by high numbers of actors with large-scale interactions that give rise to emergent behaviors.

6.4 The Role of the Human Analyst

The analyst applies tacit knowledge to search through explicit information to create tacit knowledge in the form of mental models and explicit intelligence reports for consumers.

The analysis process requires the analyst to integrate the cognitive reasoning and more emotional sensemaking processes with large bodies of explicit information to produce explicit intelligence products for consumers. To effectively train and equip analysts to perform this process, we must recognize and account for these cognitive and emotion components of comprehension. The complete process includes the automated workflow, which processes explicit information, and the analyst’s internal mental workflow, which integrates the cognitive and emotional modes

Complementary logical and emotional frameworks are based on the current mental model of beliefs and feelings and the new information is compared to these frameworks; differences have the potential for affirming the model (agreement), learning and refining the model (acceptance and model adjustment), or rejecting the new information. Judgment integrates feelings about consequences and values (based on experience) with reasoned alternative consequences and courses of action that construct the meaning of the incoming stimulus. Decision making makes an intellectual-emotional commitment to the impact of the new information on the mental model (acceptance, affirmation, refinement, or rejection).

6.5 Addressing Cognitive Shortcomings

The intelligence analyst is not only confronted with ambiguous information about complex subjects, but is often placed under time pressures and expectations to deliver accurate, complete, and predictive intelligence. Consumer expectations often approach infallibility and omniscience.

In this situation, the analyst must be keenly aware of the vulnerabilities of human cognitive short- comings and take measures to mitigate the consequences of these deficiencies. The natural limitations in cognition (perception, attention span, short- and long-term memory recall, and reasoning capacity) constrain the objectivity of our reasoning processes, producing errors in our analysis.

In “Combatting Mind-Set,” respected analyst Jack Davis has noted that analysts must recognize the subtle influence of mindset, the cumulative mental model that distills analysts’ beliefs about a complex subject and “find[s] strategies that simultaneously harness its impressive energy and limit[s] the potential damage”.

Davis recommends two complementary strategies:

Enhancing mindset. Creating explicit representation of the mind- set—externalizing the mental model—allows broader collaboration, evaluation from multiple perspectives, and discovery of subtle biases.
Ensuring mind-set. Maintaining multiple explicit explanations and projections and opportunity analyses provides insurance against single-point judgments and prepares the analyst to switch to alternatives when discontinuities occur.

Davis has also cautioned analysts to beware the paradox of expertise phenomenon that can distract attention from the purpose of an analysis. This error occurs when discordant evidence is present and subject experts tend to be distracted and focus on situation analysis (solving the discordance to understand the subject situation) rather than addressing the impact on the analysis of the consequences of the discrepancy. In such cases, the analyst must focus on providing value added by addressing what action alternatives exist for alternatives and their consequences in cost-benefit terms

Heuer emphasized the importance of supporting tools and techniques to overcome natural analytic limitations [20]: “Weaknesses and biases inherent in human thinking processes can be demonstrated through carefully designed experiments. They can be alleviated by conscious application of tools and techniques that should be in the analytical tradecraft toolkit of all intelligence analysts.”

6.6 Marshaling Evidence and Structuring Argumentation

Instinctive analysis focuses on a single or limited range of alternatives, moves on a path to satisfy minimum needs (satisficing, or finding an acceptable explanation), and is performed implicitly using tacit mental models. Structured analysis follows the principles of critical thinking introduced in Chapter 4, organizing the problem to consider all reasonable alternatives, systematically and explicitly representing the alternative solutions to comprehensively analyze all factors.

6.6.1 Structuring Hypotheses

6.6.2 Marshaling Evidence and Structuring Arguments

There exist a number of classical approaches to representing hypotheses, marshaling evidence to them, and arguing for their validity. Argumentation structures propositions to move from premises to conclusions. Three perspectives or disciplines of thought have developed the most fundamental approaches to this process.

Each discipline has contributed methods to represent knowledge and to provide a structure for reasoning to infer from data to relevant evidence, through intermediate hypotheses to conclusion. The term knowledge representation refers to the structure used to represent data and show its relevance as evidence, the representation of rules of inference, and the asserted conclusions.

6.6.3 Structured Inferential Argumentation

Philosophers, rhetoricians, and lawyers have long sought accurate means of structuring and then communicating, in natural language, the lines of reasoning, that lead from complicated sets of evidence to conclusions. Lawyers and intelligence analysts alike seek to provide a clear and compelling case for their conclusions, reasoned from a mass of evidence about a complex subject.

We first consider the classical forms of argumentation described as infor- mal logic, whereby the argument connects premises to conclusions. The com- mon forms include:

Multiple premises, when taken together, lead to but one con- clusion. For example: The radar at location A emits at a high pulse repetition frequency (PRF); when it emits at high PRF, it emits on fre- quency (F) → the radar at A is a fire control radar.
Multiple premises independently lead to the same conclu- sion. For example: The radar at A is a fire control radar. Also Location A stores canisters for missiles. → A surface to air missile (SAM) battery must be at location A.
A single premise leads to but one conclusion, for example: A SAM battery is located at A the battery at A → must be linked to a command and control (C2) center.
A single premise can support more than one conclusion. For example: The SAM battery could be controlled by the C2 center at golf, or The SAM battery could be controlled by the C2 center at hotel.

These four basic forms may be combined to create complex sets of argu- mentation, as in the simple sequential combination and simplification of these examples:

The radar at A emits at a high PRF; when it emits at high PRF, it emits on frequency F, so it must be a fire control radar. Also, location A stores canisters for missiles, so there must be a SAM battery there. The battery at A must be linked to a C2 center. It could be controlled by the C2 centers at golf or at hotel.

The structure of this argument can be depicted as a chain of reasoning or argumentation (Figure 6.7) using the four premise structures in sequence.

Toulmin distinguished six elements of all arguments [24]:

Data (D), at the beginning point of the argument, are the explicit elements of data (relevant data, or evidence) that are observed in the external world.

Claim (C), is the assertion of the argument.
Qualifier (Q), imposes any qualifications on the claim.
Rebuttals (R) are any conditions that may refute the claim.
Warrants (W) are the implicit propositions (rules, principles) that permit inference from data to claim.
Backing (B) are assurances that provide authority and currency to the warrants.

Applying Toulmin’s argumentation scheme requires the analyst to distinguish each of the six elements of argument and to fit them into a standard structure of reasoning—see Figure 6.8(a)—which leads from datum (D) to claim (C). The scheme separates the domain-independent structure from the warrants and backing, which are dependent upon the field in which we are working (e.g., legal cases, logical arguments, or morals).

The general structure, described in natural language then proceeds from datum (D) to claim (I) as follows:

The datum (D), supported by the warrant (W), which is founded upon the backing (B), leads directly to the claim (C), qualified to the degree (Q), with the caveat that rebuttal (R) is present.

Such a structure requires the analyst to identify all of the key components of the argument—and explicitly report if any components are missing (e.g., if rebuttals or contradicting evidence is not existent).

The benefits of this scheme are the potential for the use of automation to aid analysts in the acquisition, examination, and evaluation of natural-language arguments. As an organizing tool, the Toulmin scheme distinguishes data (evidence) from the warrants (the universal premises of logic) and their backing (the basis for those premises).

It must be noted that formal logicians have criticized Toulmin’s scheme due to its lack of logical rigor and ability to address probabilistic arguments. Yet, it has contributed greater insight and formality to developing structured natural-language argumentation.

6.6.4 Inferential Networks

Moving beyond Toulmin’s structure, we must consider the approaches to create network structures to represent complex chains of inferential reasoning.

The use of graph theory to describe complex arguments allows the analyst to represent two crucial aspects of an argument:

Argument structure. The directed graph represents evidence (E), events, or intermediate hypotheses inferred by the evidence (i), and the ultimate, or final, hypotheses (H) as graph nodes. The graph is directed because the lines connecting nodes include a single arrow indicating the single direction of inference. The lines move from a source element of evidence (E) through a series of inferences (i1, i2, i3, … in) toward a terminal hypothesis (H). The graph is acyclic because the directions of all arrows move from evidence, through intermediate inferences to hypothesis, but not back again: there are no closed-loop cycles.
Force of evidence and propagation. In common terms we refer the force, strength, or weight of evidence to describe the relative degree of contribution of evidence to support an intermediate inference (in), or the ultimate hypothesis (H). The graph structure provides a means of describing supporting and refuting evidence, and, if evidence is quantified (e.g., probabilities, fuzzy variables, or other belief functions), a means of propagating the accumulated weight of evidence in an argument.

Like a vector, evidence includes a direction (toward certain hypotheses) and a magnitude (the inferential force). The basic categories of argument can be structured to describe four basic categories of evidence combination (illustrated in Figure 6.9):

Direct. The most basic serial chain of inference moves from evidence (E) that the event E occurred, to the inference (i1) that E did in fact occur. This inference expresses belief in the evidence (i.e., belief in the veracity and objectivity of human testimony). The chain may go on serially to further inferences because of the belief in E.

Consonance. Multiple items of evidence may be synergistic resulting in one item enhancing the force of another; their joint contribution pro- vides more inferential force than their individual contributions. Two items of evidence may provide collaborative consonance; the figure illustrates the case where ancillary evidence (E2) is favorable to the credibility of the source of evidence (E1), thereby increasing the force of E1. Evidence may also be convergent when E1 and E2 provide evidence of the occurrence of different events, but those events, together, favor a common subsequent inference. The enhancing contribution

(i1) to (i2) is indicated by the dashed arrow.

Redundant. Multiple items of evidence (E1, E2) that redundantly lead to a common inference (i1) can also diminish the force of each other in two basic ways. Corroborative redundancy occurs when two or more sources supply identical evidence of a common event inference (i1). If one source is perfectly credible, the redundant source does not contribute inferential force; if both have imperfect credibility, one may diminish the force of the other to avoid double counting the force of the redundant evidence. Cumulative redundancy occurs when multiple items of evidence (E1, E2), though inferring different intermediate hypotheses (i1,i2), respectively, lead to a common hypothesis (i3) farther up the reasoning chain. This redundant contribution to (i3), indicated by the dashed arrow, necessarily reduces the contribution of inferential force from E2.

Dissonance. Dissonant evidence may be contradictory when items of evidence E1 and E2 report, mutually exclusively, that the event E did occur and did not occur, respectively. Conflicting evidence, on the other hand, occurs when E1and E2 report two separate events i1 and i2 (both of which may have occurred, but not jointly), but these events favor mutually exclusive hypotheses at i3.

The graph moves from bottom to top in the following sequence:

Direct evidence at the bottom;
Evidence credibility inferences are the first row above evidence, infer- ring the veracity, objectivity, and sensitivity of the source of evidence;
Relevance inferences move from credibility-conditioned evidence through a chain of inferences toward final hypothesis;
The final hypothesis is at the top.

Some may wonder why such rigor is employed for such a simple argument. This relatively simple example illustrates the level of inferential detail required to formally model even the simplest of arguments. It also illustrates the real problem faced by the analyst in dealing with the nuances of redundant and conflicting evidence. Most significantly, the example illustrates the degree of care required to accurately represent arguments to permit machine-automated reasoning about all-source analytic problems.

We can see how this simple model demands the explicit representation of often-hidden assumptions, every item of evidence, the entire sequence of inferences, and the structure of relationships that leads to our conclusion that H1 is true.

Inferential networks provide a logical structure upon which quantified calculations may be performed to compute values of inferential force of evidence and the combined contribution of all evidence toward the final hypothesis.

6.7 Evaluating Competing Hypotheses

Heuer’s research indicated that the single most important technique to over- come cognitive shortcomings is to apply a systematic analytic process that allows objective comparison of alternative hypotheses

“The simultaneous evaluation of multiple, competing hypotheses entails far greater cognitive strain than examining a single, most-likely hypothesis”

Inferential networks are useful at the detail level, where evidence is rich and the ACH approach is useful at the higher levels of abstraction and where evidence is sparse. Networks are valuable for automated computation; ACH is valuable for collaborative analytic reasoning, presentation, and explanation. The ACH approach provides a methodology for the concurrent competition of multiple explanations, rather than the focus on the currently most plausible.

The ACH structure approach described by Heuer uses a matrix to organize and describe the relationship between evidence and alternative hypotheses. The sequence of the analysis-synthesis process (Figure 6.11) includes:

Hypothesis synthesis. A multidisciplinary team of analysts creates a set of feasible hypotheses, derived from imaginative consideration of all possibilities before constructing a complete set that merits detailed consideration.
Evidence analysis. Available data is reviewed to locate relevant evidence and inferences that can be assigned to support or refute the hypotheses. Explicitly identify the assumptions regarding evidence and the arguments of inference. Following the processes described in the last chapter, list the evidence-argument pairs (or chains of inference) and identify, for each, the intrinsic value of its contribution and the potential for being subject to denial or deception (D&D).
Matrix synthesis. Construct an ACH matrix that relates evidence- inference to the hypotheses defined in step 1.
Matrix analysis. Assess the diagnosticity (the significance or diagnostic value of the contribution of each component of evidence and related inferences) of each evidence-inference component to each hypothesis. This process proceeds for each item of evidence-inference across the rows, considering how each item may contribute to each hypothesis. An entry may be supporting (consistent with), refuting (inconsistent with), or irrelevant (not applicable) to a hypothesis; a contribution notation (e.g., +, –, or N/A, respectively) is marked within the cell. Where possible, annotate the likelihood (or probability) that this evi- dence would be observed if the hypothesis is true. Note that the diagnostic significance of an item of evidence is reduced as it is consistent with multiple hypotheses; it has no diagnostic contribution when it supports, to any degree, all hypotheses.
Matrix synthesis (refinement). Evidence assignments are refined, eliminating evidence and inferences that have no diagnostic value.
Hypotheses analysis. The analyst now proceeds to evaluate the likelihood of each hypothesis, by evaluating entries down the columns. The likelihood of each hypothesis is estimated by the characteristics of supporting and refuting evidence (as described in the last chapter). Inconsistencies and gaps in expected evidence provide a basis for retasking; a small but high-confidence item that refutes the preponderance of expected evidence may be a significant indicator of deception. The analyst also assesses the sensitivity of the likely hypothesis to contributing assumptions, evidence, and the inferences; this sensitivity must be reported with conclusions and the consequences if any of these items are in error. This process may lead to retasking of collectors to acquire more data to sup- port or refute hypotheses and to reduce the sensitivity of a conclusion.
Decision synthesis (judgment). Reporting the analytic judgment requires the description of all of the alternatives (not just the most likely), the assumptions, evidence, and inferential chains. The report must also describe the gaps, inconsistencies, and their consequences on judgments. The analyst must also specify what should be done to provide an update on the situation and what indictors might point to significant changes in current judgments.

Notice that the ACH approach deliberately focuses the analyst’s attention on the contribution, significance, and relationships of evidence to hypotheses, rather than on building a case for any one hypothesis. The analytic emphasis is, first, on evidence and inference across the rows, before evaluating hypotheses, down the columns.

The stages of the structured analysis-synthesis methodology (Figure 6.12) are summarized in the following list:

Organize. A data mining tool (described in Chapter 8, Section 8.2.2) automatically clusters related data sets by identifying linkages (relation- ships) across the different data types. These linked clusters are visualized using link-clustering tools used to visualize clusters and linkages to allow the analyst to consider the meaningfulness of data links and dis- cover potentially relevant relationships in the real world.
Conceptualize. The linked data is translated from the abstract relation- ship space to diagrams in the temporal and spatial domains to assess real-world implications of the relationships. These temporal and spatial models allow the analyst to conceptualize alternative explanations that will become working hypotheses. Analysis in the time domain considers the implications of sequence, frequency, and causality, while the spatial domain considers the relative location of entities and events.
Hypothesize. The analyst synthesizes hypotheses, structuring evidence and inferences into alternative arguments that can be evaluated using the method of alternative competing hypotheses. In the course of this process, the analyst may return to explore the database and linkage diagrams further to support or refute the working hypotheses.

6.8 Countering Denial and Deception

Because the targets of intelligence are usually high-value subjects (e.g., intentions, plans, personnel, weapons or products, facilities, or processes), they are generally protected by some level of secrecy to prevent observation. The means of providing this secrecy generally includes two components:

Denial. Information about the existence, characteristics, or state of a target is denied to the observer by methods of concealment. Camouflage of military vehicles, emission control (EMCON), operational security (OPSEC), and encryption of e-mail messages are common examples of denial, also referred to as dissimulation (hiding the real).
Deception. Deception is the insertion of false information, or simulation (showing the false), with the intent to distort the perception of the observer. The deception can include misdirection (m-type) deception to reduce ambiguity and direct the observer to a simulation—away from the truth—or ambiguity (a-type) deception, which simulates effects to increase the observer’s ambiguity or understanding about the truth

D&D methods are used independently or in concert to distract or disrupt the intelligence analyst, introducing distortions in the collection channels, ambiguity in the analytic process, errors in the resulting intelligence product, and misjudgment in decisions based on the product. Ultimately, this will lead to distrust of the intelligence product by the decision maker or consumer. Strategic D&D poses an increasing threat to the analyst, as an increasing number of channels for D&D are available to deceivers. Six distinct categories of strategic D&D operations have different target audiences, means of implementation, and objectives.

Propaganda or psychological operations (PSYOP) target a general population using several approaches. White propaganda openly acknowledges the source of the information, gray propaganda uses undeclared sources. Black propaganda purports to originate from a source other its actual sponsor, protecting the true source (e.g., clandestine radio and Internet broadcast, independent organizations, or agents of influence. Coordinated white, gray, and black propaganda efforts were strategically conducted by the Soviet Union throughout the Cold War as active measures of disinformation

Leadership deception targets leadership or intelligence consumers, attempting to bypass the intelligence process by appealing directly to the intelligence consumer via other channels. Commercial news channels, untrustworthy diplomatic channels, suborned media, and personal relationships can be exploited to deliver deception messages to leadership (before intelligence can offer D&D cautions) in an effort to establish mindsets in decision makers.

Intelligence deception specifically targets intelligence collectors (technical sensors, communications interceptors, and humans) and subsequently analysts by combining denial of the target data and by introducing false data to disrupt, distract, or deceive the collection or analysis processes (or both processes). The objective is to direct the attention of the sensor or the analyst away from a correct knowledge of a specific target.

Denial operations by means of OPSEC seek to deny access to true intentions and capabilities by minimizing the signatures of entities and activities.

Two primary categories of countermeasures for intelligence deception must be orchestrated to counter either the simple deception of a parlor magician or the complex intelligence deception program of a rogue nation-state. Both collection and analysis measures are required to provide the careful observation and critical thinking necessary to avoid deception. Improvements in collection can provide broader and more accurate coverage, even limited penetration of some covers.

The problem of mitigating intelligence surprise, therefore, must be addressed by considering both large numbers of models or hypotheses (analysis) and large sets of data (collection, storage, and analysis)

In his classic treatise, Strategem, Barton Whaley exhaustively studied over 100 historical D&D efforts and concluded, “Indeed, this is the general finding of my study—that is, the deceiver is almost always successful regardless of the sophistication of his victim in the same art. On the face of it, this seems an intolerable conclusion, one offending common sense. Yet it is the irrefutable conclusion of historical evidence”

The components of a rigorous counter D&D methodology, then, include the estimate of the adversary’s D&D plan as an intelligence subject (target) and the analysis of specific D&D hypotheses as alternatives. Incorporating this process within the ACH process described earlier amounts to assuring that reasonable and feasible D&D hypotheses (for which there may be no evidence to induce a hypothesis) are explicitly considered as alternatives.

two active searches for evidence to support, refute, or refine the D&D hypotheses [44]:

Reconstructive inference. This deductive process seeks to detect the presence of spurious signals (Harris call these sprignals) that are indicators of D&D—the faint evidence predicted by conjectured D&D plans. Such sprignals can be strong evidence confirming hypothesis A (the simulation), weak contradictory evidence of hypothesis C (leakage from the adversary’s dissimulation effort), or missing evidence that should be present if hypothesis A were true.
Incongruity testing. This process searches for inconsistencies in the data and inductively generates alternative explanations that attribute the incongruities to D&D (i.e., D&D explains the incongruity of evidence for more than one reality in simultaneous existence).

These processes should be a part of any rigorous alternative hypothesis process, developing evidence for potential D&D hypotheses while refining the estimate of the adversaries’ D&D intents, plans, and capabilities. The processes also focus attention on special collection tasking to support, refute, or refine current D&D hypotheses being entertained.

Summary

Central to the intelligence cycle, analysis-synthesis requires the integration of human skills and automation to provide description, explanation, and prediction with explicit and quantified judgments that include alternatives, missing evidence, and dissenting views carefully explained. The challenge of discovering the hidden, forecasting the future, and warning of the unexpected cannot be performed with infallibility, yet expectations remain high for the analytic com- munity.

The practical implementation of collaborative analysis-synthesis requires a range of tools to coordinate the process within the larger intelligence cycle, augment the analytic team with reasoning and sensemaking support, overcome human cognitive shortcomings, and counter adversarial D&D.

Knowledge Internalization and Externalization

The process of conducting knowledge transactions between humans and computing machines occurs at the intersection between tacit and explicit knowledge, between human reasoning and sensemaking, and the explicit computation of automation. The processes of externalization (tacit-to-explicit transactions) and internalization (explicit-to-tacit transactions) of knowledge, however, are not just interfaces between humans and machines; more properly, the intersection is between human thought, symbolic representations of thought, and the observed world.

7.1 Externalization and Internalization in the Intelligence Workflow

The knowledge-creating spiral described in Chapter 3 introduced the four phases of knowledge creation.

Externalization

Following social interactions with collaborating analysts, an analyst begins to explicitly frame the problem. The process includes the decomposition of the intelligence problem into component parts (as described in Section 2.2) and explicit articulation of essential elements of information required to solve the problem. The tacit-to-explicit transfer includes the explicit listing of these essential elements of information needed, candidate sources of data, the creation of searches for relevant SMEs, and the initiation of queries for relevant knowledge within current holdings and collected all-source data. The primary tools to interact with all-source holdings are query and retrieval tools that search and retrieve information for assessment of relevance by the analyst.

Combination

This explicit-explicit transfer process correlates and combines the collected data in two ways:

Interactive analytic tools. The analyst uses a wide variety of analytic tools to compare and combine data elements to identify relationships and marshal evidence against hypotheses.
Automated data fusion and mining services. Automated data combination services also process high-volume data to bring detections of known patterns and discoveries of “interesting” patterns to the attention of the analyst.

Internalization

The analyst integrates the results of combination in two domains: external hypotheses (explicit models and simulations) and decision models (like the alter- native competing hypothesis decision model introduced in the last chapter) are formed to explicitly structure the rationale between hypotheses, and internally, the analyst develops tacit experience with the structured evidence, hypotheses, and decision alternatives.

Services in the data tier capture incoming data from processing pipelines (e.g., imagery and signals producers), reporting sources (news services, intelligence reporting sources), and open Internet sources being monitored. Content appropriate for immediate processing and production, such as news alerts, indications, and warning events, and critical change data are routed to the operational storage for immediate processing. All data are indexed, transformed, and loaded into the long-term data warehouse or into specialized data stores (e.g., imagery, video, or technical databases). The intelligence services tier includes six basic service categories:

Operational processing. Information filtered for near-real-time criticality are processed to extract and tag content, correlate and combine with related content, and provide updates to operational watch officers. This path applies the automated processes of data fusion and data mining to provide near-real-time indicators, tracks, metrics, and situation summaries.
Indexing, query, and retrieval. Analysts use these services to access the cumulating holdings by both automated subscriptions for topics of interest to be pushed to the user upon receipt and interactive query and retrieval of holdings.
Cognitive (analytic) services. The analysis-synthesis and decision- making processes described in Chapters 5 and 6 are supported by cognitive services (thinking-support tools).
Collaboration services. These services, described in Chapter 4, allow synchronous and asynchronous collaboration between analytic team members.
Digital production services. Analyst-generated and automatically created dynamic products are produced and distributed to consumers based on their specified preferences.
Workflow management. The workflow is managed across all tiers to monitor the flow from data to product, to monitor resource utilization, to assess satisfaction of current priority intelligence requirements, and to manage collaborating workgroups.

7.2 Storage, Query, and Retrieval Services

At the center of the enterprise is the knowledge base, which stores explicit knowledge and provides the means to access that knowledge to create new knowledge.

7.2.1 Data Storage

Intelligence organizations receive a continuous stream of data from their own tasked technical sensors and human sources, as well as from tasked collections of data from open sources. One example might be Web spiders that are tasked to monitor Internet sites for new content (e.g., foreign news services), then to collect, analyze, and index the data for storage. The storage issues posed by the continual collection of high-volume data are numerous:

Diversity. All-source intelligence systems require large numbers of inde- pendent data stores for imagery, text, video, geospatial, and special technical data types. These data types are served by an equally high number of specialized applications (e.g., image and geospatial analysis and signal analysis).

Legacy. Storage system designers are confronted with the integration of existing (legacy) and new storage systems; this requires the integration of diverse logical and physical data types.

Federated retrieval and analysis. The analyst needs retrieval, application, and analysis capabilities that span across the entire storage system.

7.2.2 Information Retrieval

Information retrieval (IR) is formally defined as “… [the] actions, methods and procedures for recovering stored data to provide information on a given subject” [2]. Two approaches to query and retrieve stored data or text are required in most intelligence applications:

Data query and retrieval is performed on structured data stored in relational database applications. Imagery, signals, and MASINT data are generally structured and stored in structured formats that employ structured query language (SQL) and SQL extensions for a wide variety of databases (e.g., Access, IBM DB2 and Informix, Microsoft SQL Server, Oracle, and Sybase). SQL allows the user to retrieve data by context (e.g., by location in data tables, such as date of occurrence) or by content (e.g., retrieve all record with a defined set of values).
Text query and retrieval is performed on both structured and unstructured text in multiple languages by a variety of natural language search engines to locate text containing specific words, phrases, or general concepts within a specified context.

Data query methods are employed within the technical data processing pipelines (IMINT, SIGINT, and MASINT). The results of these analyses are then described by analysts in structured or unstructured text in an analytic database for subsequent retrieval by text query methods.

Moldovan and Harabagiu have defined a five-level taxonomy of Q&A systems (Table 7.1) that range from the common keyword search engine that searches for relevant content (class 1) to reasoning systems that solve complex natural language problems (class 5) [3]. Each level requires increasing scope of knowledge, depth of linguistic understanding, and sophistication of reasoning to translate relevant knowledge to an answer or solution.

The first two levels of current search capabilities locate and return relevant content based on keywords (content) or the relationships between clusters of words in the text (concept).

While class 1 capabilities only match and return content that matches the query, class 2 capabilities integrate the relevant data into a simple response to the question.

Class 3 capabilities require the retrieval of relevant knowledge and reasoning about that knowledge to deduce answers to queries, even when the specific answer is not explicitly stated in the knowledge base. This capability requires the ability to both reason from general knowledge to specific answers and provide rationale for those answers to the user.

Class 4 and 5 capabilities represent advanced capabilities, which require robust knowledge bases that contain sophisticated knowledge representation (assertions and axioms) and reasoning (mathematical calculation, logical inference, and temporal reasoning).

7.3 Cognitive (Analytic Tool) Services

Cognitive services support the analyst in the process of interactively analyzing data, synthesizing hypotheses, and making decisions (choosing among alternatives). These interactive services support the analysis-synthesis activities described in Chapters 5 and 6. Alternatively called thinking tools, analytics, knowledge discovery, or analytic tools, these services enable the human to trans- form and view data, create and model hypotheses, and compare alternative hypotheses and consequences of decisions.

Exploration tools allow the analyst to interact with raw or processed multi- media (text, numerical data, imagery, video, or audio) to locate and organize content relevant to an intelligence problem. These tools provide the ability to search and navigate large volumes of source data; they also provide automated taxonomies of clustered data and summaries of individual documents. The information retrieval functions described in the last subsection are within this category. The product of exploration is generally a relevant set of data/text organized and metadata tagged for subsequent analysis. The analyst may drill down to detail from the lists and summaries to view the full content of all items identified as relevant.
Reasoning tools support the analyst in the process of correlating, comparing, and combining data across all of the relevant sources. These tools support a wide variety of specific intelligence target analyses:
Temporal analysis. This is the creation of timelines of events, dynamic relationships, event sequences, and temporal transactions (e.g., electronic, financial, or communication).
Link analysis. This involves automated exploration of relationships among large numbers of different types of objects (entities and events).
Spatial analysis. This is the registration and layering of 3D data sets and creation of 3D static and dynamic models from all-source evidence. These capabilities are often met by commercial geospatial information system and computer-aided design (CAD) software.
Functional analysis. This is the analysis of processes and expected observables (e.g., manufacturing, business, and military operations, social networks and organizational analysis, and traffic analysis).

These tools aid the analyst in five key analytic tasks:

Correlation: detection and structuring of relationships or linkages between different entities or events in time, space, function, or interaction; association of different reports or content related to a common entity or event;
Combination: logical, functional, or mathematical joining of related evidence to synthesize a structured argument, process, or quantitative estimate;
Anomaly detection: detection of differences between expected (or modeled) characteristics of a target;
Change detection: detection of changes in a target over time—the changes may include spectral, spatial, or other phenomenological changes;
Construction: synthesis of a model or simulation of entities or events and their interactions based upon evidence and conjecture.

Sensemaking tools support the exploration, evaluation, and refinement of alternative hypotheses and explanations of the data. Argumentation structuring, modeling, and simulation tools in this category allow analysts to be immersed in their hypotheses and share explicit representations with other collaborators. This immersion process allows the analytic team to create shared meaning as they experience the alternative explanations.

Decision support (judgment) tools assist analytic decision making by explicitly estimating and comparing the consequences and relative merits of alternative decisions.

These tools include models and simulations that permit the analyst to create and evaluate alternative COAs and weigh the decision alternatives against objective decision criteria. Decision support systems (DSSs) apply the principles of probability to express uncertainty and decision theory to create and assess attributes of decision alternatives and quantify the relative utility of alternatives. Normative, or decision-analytic DSSs, aid the analyst in structuring the decision problem and in computing the many factors that lead from alternatives to quantifiable attributes and resulting utilities. These tools often relate attributes to utility by influence diagrams and compute utilities (and associated uncertainties) using Bayes networks.

The tools progressively move from data as the object of analysis (for exploration) to clusters of related information, to hypotheses, and finally on to decisions, or analytic judgments.

intelligence workflow management software can provide a means to organize the process by providing the following functions:

Requirements and progress tracking: maintains list of current intelligence requirements, monitors tasking to meet the requirements, links evidence and hypotheses to those requirements, tracks progress toward meeting requirements, and audits results;
Relevant data linking: maintains ontology of subjects relevant to the intelligence requirements and their relationships and maintains a data- base of all relevant data (evidence);
Collaboration directory: automatically locates and updates a directory of relevant subject matter experts as the problem topic develops.

In this example, an intelligence consumer has requested specific intelligence on a drug cartel named “Zehga” to support counter-drug activities in a foreign country. The sequence of one analyst’s use of tools in the example include:

The process begins with synchronous collaboration with other analysts to discuss the intelligence target (Zehga) and the intelligence requirements to understand the cartel organization structure, operations, and finances. The analyst creates a peer-to-peer collaborative workspace that contains requirements, essential elements of information (EEIs) needed, current intelligence, and a directory of team members before inviting additional counter-drug subject matter experts to the shared space.
The analyst opens a workflow management tool to record requirements, key concepts and keywords, and team members; the analyst will link results to the tool to track progress in delivering finished intelligence. The tool is also used to request special tasking from technical collectors (e.g., wiretaps) and field offices.
Once the problem has been externalized in terms of requirements and EEIs needed, the sources and databases to be searched are selected (e.g., country cables, COMINT, and foreign news feeds and archives). Key concepts and keywords are entered into IR tools; these tools search current holdings and external sources, retrieving relevant multi- media content. The analyst also sets up monitor parameters to continually check certain sources (e.g., field office cables and foreign news sites) for changes or detections of relevant topics; when detected, the analyst will be alerted to the availability of new information.

The IR tools also create a taxonomy of the collected data sets, structuring the catch into five major categories: Zehga organization (personnel), events, finances, locations, and activities. The taxonomy breaks each category into subcategories of clusters of related content. Documents located in open-source foreign news reports are translated into English, and all documents are summarized into 55-word abstracts.
The analyst views the taxonomy and drills down to summaries, then views the full content of the most critical items to the investigation. Selected items (or hyperlinks) are saved to the shared knowledge base for a local repository relevant to the investigation.
The retrieved catch is analyzed with text mining tools that discover and list the multidimensional associations (linkages or relationships) between entities (people, phone numbers, bank account numbers, and addresses) and events (meetings, deliveries, and crimes).
The linked lists are displayed on a link-analysis tool to allow the analyst to manipulate and view the complex web of relationships between people, communications, finances, and the time sequence of activities. From these network visuals, the analyst begins discovering the Zehga organizational structure, relationships to other drug cartels and financial institutions, and the timeline of explosive growth of the cartel’s influence.
The analyst internalizes these discoveries by synthesizing a Zehga organization structure and associated financial model, filling in the gaps with conjectures that result in three competing hypotheses: a centralized model, a federated model, and a loose network model. These models are created using a standard financial spreadsheet and a net- work relationship visualization tool. The process of creating these hypotheses causes the analyst to frequently return to the knowledge base to review retrieved data, to issue refined queries to fill in the gaps, and to further review the results of link analyses. The model synthesis process causes the analyst to internalize impressions of confidence, uncertainty, and ambiguity in the evidence, and the implications of potential missing or negative evidence. Here, the analyst ponders the potential for denial and deception tactics and the expected subtle “sprignals” that might appear in the data.
An ACH matrix is created to compare the accrued evidence and argumentation structures supporting each of the competing models. At any time, this matrix and the associated organizational-financial models summarize the status of the intelligence process; these may be posted on the collaboration space and used to identify progress on the work- flow management tool.
The analyst further internalizes the situation by applying a decision sup- port tool to consider the consequences or implications of each model on counter-drug policy courses of action relative to the Zehga cartel.
Once the analyst has reached a level of confidence to make objective analytic judgments about hypotheses, results can be digitally published to the requesting consumers and to the collaborative workgroup to begin socialization—and another cycle to further refine the results. (The next section describes the digital publication process.)

Commercial tool suites such as Wincite’s eWincite, Wisdom Builder’s Wisdombuilder, and Cipher’s Knowledge. Works similarly integrate text-based tools to support the competitive intelligence analysis.

Tacit capture and collaborative filtering monitors the activities of all users on the network and uses statistical clustering methods to identify the emergent clusters of interest that indicate communities of common practice. Such filtering could identify and alert these two analysts to other ana- lysts that are converging on a common suspect from other directions (e.g., money laundering and drug trafficking).

7.4 Intelligence Production, Dissemination, and Portals

The externalization-to-internalization workflow results in the production of digital intelligence content suitable for socialization (collaboration) across users and consumers. This production and dissemination of intelligence from KM enterprises has transitioned from static, hardcopy reports to dynamically linked digital softcopy products presented on portals.

Digital production processes employ content technologies that index, structure, and integrate fragmented components of content into deliverable products. In the intelligence context, content includes:

Structured numerical data (imagery, relational database queries) and text [e.g., extensible markup language (XML)-formatted documents] as well as unstructured information (e.g., audio, video, text, and HTML content from external sources);
Internally or externally created information;
Formally created information (e.g., cables, reports, and imagery or signals analyses) as well as informal or ad hoc information (e.g., e-mail, and collaboration exchanges);
Static or active (e.g., dynamic video or even interactive applets) content.

The key to dynamic assembly is the creation and translation of all content to a form that is understood by the KM system. While most intelligence data is transactional and structured (e.g., imagery, signals, MASINT), intelligence and open-source documents are unstructured. While the volume of open-source content available on Internet and closed-source intelligence content grows exponentially, the content remains largely unstructured.

Content technology pro- vides the capability to transform all-sources to a common structure for dynamic integration and personalized publication. The XML offers a method of embed- ding content descriptions by tagging each component with descriptive information that allows automated assembly and distribution of multimedia content

Intelligence standards being developed include an intelligence information markup language (ICML) specification for intelligence reporting and metadata standards for security, specifying digital signatures (XML-DSig), security/encryption (XML-Sec), key management (XML-KMS), and information security marking (XML-ISM) [12]. Such tagging makes the content interoperable; it can be reused and automatically integrated in numerous ways:

Numerical data may be correlated and combined.
Text may be assembled into a complete report (e.g., target abstract, tar- getpart1, targetpart2, …, related targets, most recent photo, threat summary, assessment).
Various formats may be constructed from a single collection of contents to suit unique consumer needs (e.g., portal target summary format, personal digital assistant format, or pilot’s cockpit target folder format).

a document object model (DOM) tree can be created from the integrated result to transform the result into a variety of formats (e.g., HTML or PDF) for digital publication.

The analysis and single-source publishing architecture adopted by the U.S. Navy Command 21 K-Web (Figure 7.7) illustrates a highly automated digital production process for intelligence and command applications [14]. The production workflow in the figure includes the processing, analysis, and dissemination steps of the intelligence cycle:

Content collection and creation (processing and analysis). Both quantitative technical data and unstructured text are received, and content is extracted and tagged for subsequent processing. This process is applied to legacy data (e.g., IMINT and SIGINT reports), structured intelligence message traffic, and unstructured sources (e.g., news reports and intelligence e-mail). Domain experts may support the process by creating metadata in a predefined XML metadata format to append to audio, video, or other nontext sources. Metadata includes source, pedigree, time of collection, and format information. New content created by analysts is entered in standard XML DTD templates.
Content applications. XML-tagged content is entered in the data mart, where data applications recognize, correlate, consolidate, and summarize content across the incoming components. A correlation agent may, for example, correlate all content relative to a new event or entity and pass the content on to a consolidation agent to index the components for subsequent integration into an event or target report. The data (and text) fusion and mining functions described in the next chapter are performed here.
Content management-product creation (production). Product templates dictate the aggregation of content into standard intelligence products: warnings, current intelligence, situation updates, and target status. These composite XML-tagged products are returned to the data mart.
Content publication and distribution. Intelligence products are personalized in terms of both style (presentation formats) and distribution (to users with an interest in the product). Users may explicitly define their areas of interests, or the automated system may monitor user activities (through queries, collaborative discussion topics, or folder names maintained) to implicitly estimate areas of interest to create a user’s personal profile. Presentation agents choose from the style library and user profiles to create distribution lists for content to be delivered via e-mail, pushed to users’ custom portals, or stored in the data mart for subsequent retrieval. The process of content syndication applies an information and content exchange (ICE) standard to allow a single product to be delivered in multiple styles and to provide automatic content update across all users.

The user’s single entry point is a personalized portal (or Web portal) that provides an organized entry into the information available on the intelligence enterprise.

7.5 Human-Machine Information Transactions and Interfaces

In all of the services and tools described in the previous sections, the intelligence analyst interacts with explicitly collected data, applying his or her own tacit knowledge about the domain of interest to create estimates, descriptions, expla- nations, and predictions based on collected data. This interaction between the analyst and KM systems requires efficient interfaces to conduct the transaction between the analyst and machine.

7.5.1 Information Visualization

Edward Tufte introduced his widely read text Envisioning Information with the prescient observation that, “Even though we navigate daily through a perceptual world of three dimensions and reason occasionally about higher dimensional arena with mathematical ease, the world portrayed on our information displays is caught up in the two-dimensionality of the flatlands of paper and video screen”. Indeed, intelligence organizations are continually seeking technologies that will allow analysts to escape from this flatland.

The essence of visualization is to provide multidimensional information to the analyst in a form that allows immediate understanding by this visual form of thinking.

A wide range of visualization methods are employed in analysis (Table 7.6) to allow the user to:

Perceive patterns and rapidly grasp the essence of large complex (multi-dimensional) information spaces, then navigate or rapidly browse through the space to explore its structure and contents;
Manipulate the information and visual dimensions to identify clusters of associated data, patterns of linkages and relationships, trends (temporal behavior), and outlying data;
Combine the information by registering, mathematically or logically jointing (fusing), or overlaying.

7.5.2 Analyst-Agent Interaction

Intelligent software agents tailored to support knowledge workers are being developed to provide autonomous automated support in the information retrieval and exploration tasks introduced throughout this chapter. These collaborative information agents, operating in multiagent networks, provide the

potential to amplify the analyst’s exploration of large bodies of data, as they search, organize, structure, and reason about findings before reporting results. Information agents are being developed to perform a wide variety of functions, as an autonomous collaborating community under the direction of a human analyst, including:

Personal information agents (PIMs) coordinate an analyst’s searches and organize bookmarks to relevant information; like a team of librarians, the PIMs collect, filter, and recommend relevant materials for the analyst.
Brokering agents mediate the flow of information between users and sources (databases, external sources, collection processors); they can also act as sentinels to monitor sources and alert users to changes or the availability of new information.
Planning agents accept requirements and create plans to coordinate agents and task resources to meet user goals.

agents also offer the promise of a means of interaction with the analyst that emulates face- to-face conversation, and will ultimately allow information agents to collaborate as (near) peers with individuals and teams of human analysts. These interactive agents (or avatars) will track the analyst (or analytic team) activities and needs to conduct dialogue with the analysts—in terms of the semantic concepts familiar to the topic of interest—to contribute the following kinds of functions:

Agent conversationalists that carry on dialogue to provide high- bandwidth interactions that include multimodal input from the analyst (e.g., spoken natural language, keyboard entries, and gestures and gaze) and multimodal replies (e.g., text, speech, and graphics). Such conversationalists will increase “discussions” about concepts, relevant data, and possible hypotheses [23].
Agent observers that monitor analyst activity, attention, intention, and task progress to converse about suggested alternatives, potentials for denial and deception, or warnings that the analyst’s actions imply cognitive shortcomings (discussed in Chapter 6) may be influencing the analysis process.
Agent contributors that will enter into collaborative discussions to interject alternatives, suggestions, or relevant data.

The integration of collaborating information agents and information visualization technologies holds the promise of more efficient means of helping analysts find and focus on relevant information, but these technologies require greater maturity to manage uncertainty, dynamically adapt to the changing ana- lytic context, and understand the analyst’s intentions.

7.6 Summary

The analytic workflow requires a constant interaction between the cognitive and visual-perceptive processes in the analyst’s mind and the explicit representations of knowledge in the intelligence enterprise.

Explicit Knowledge Capture and Combination

In the last chapter, we introduced analytic tools that allow the intelligence analyst to interactively correlate, compare, and combine numerical data and text to discover clusters and relationships among events and entities within large databases. These interactive combination tools are considered to be goal-driven processes: the analyst is driven by a goal to seek solutions within the database, and the reasoning process is interactive with the analyst and machine in a common reasoning loop. This chapter focuses on the largely automated combination processes that tend to be data driven: as data continuously arrives from intelligence sources, the incoming data drives a largely automated process that continually detects, identifies, and tracks emerging events of interest to the user. These parallel goal-driven and data-driven processes were depicted as complementary combination processes in the last chapter

In all cases, the combination processes help sources to cross-cue each other, locate and identify target events and entities, detect anomalies and changes, and track dynamic targets.

8.1 Explicit Capture, Representation, and Automated Reasoning

The term combination introduced by Nonaka and Takeuchi in the knowledge-creation spiral is an abstraction to describe the many functions that are performed to create knowledge, such as correlation, association, reasoning, inference, and decision (judgment). This process requires the explicit representation of knowledge; in the intelligence application this includes knowledge about the world (e.g., incoming source information), knowledge of the intelligence domain (e.g., characteristics of specific weapons of mass destruction and their production and deployment processes), and the more general procedural knowledge about reasoning.

The DARPA Rapid Knowledge Formation (RKF) project and its predecessor, the High-Performance Knowledge Base project, represent ambitious research aimed at providing a robust explicit knowledge capture, representation, and combination (reasoning) capability targeted toward the intelligence analysis application [1]. The projects focused on developing the tools to create and manage shared, reusable knowledge bases on specific intelligence domains (e.g., biological weapons subjects); the goal is to enable creation of over one million axioms of knowledge per year by collaborating teams of domain experts. Such a knowledge base requires a computational ontology—an explicit specification that defines a shared conceptualization of reality that can be used across all processes.

The challenge is to encode knowledge through the instantiation and assembly of generic knowledge components that can be readily entered and understood by domain experts (appropriate semantics) and provide sufficient coverage to encompass an expert-level of understanding of the domain. The knowledge base must have fundamental knowledge of entities (things that are), events (things that happen), states (descriptions of stable event characteristics), and roles (entities in the context of events). It must also describe knowledge of the relationships between (e.g. cause, object of, part of, purpose of, or result of) and properties (e.g., color, shape, capability, and speed) of each of these.

8.2 Automated Combination

Two primary categories of the combination processes can be distinguished, based on their approach to inference; each is essential to intelligence processing and analysis.

The inductive process of data mining discovers previously unrecognized patterns in data (new knowledge about characteristics of an unknown pattern class) by searching for patterns (relationships in data) that are in some sense “interesting.” The discovered candidates are usually presented to human users for analysis and validation before being adopted as general cases [3].

The deductive process, data fusion, detects the presence of previously known patterns in many sources of data (new knowledge about the existence of a known pattern in the data). This is performed by searching for specific pattern templates in sensor data streams or databases to detect entities, events, and complex situations comprised of interconnected entities and events.

data sets used by these processes for knowledge creation are incomplete, dynamic, and contain data contaminated by noise. These factors make the following process characteristics apply:

Pattern descriptions. Data mining seeks to induce general pattern descriptions (reference patterns, templates, or matched filters) to characterize data understood, while data fusion applies those descriptions to detect the presence of patterns in new data.
Uncertainty in inferred knowledge. The data and reference patterns are uncertain, leading to uncertain beliefs or knowledge.
Dynamic state of inferred knowledge. The process is sequential and inferred knowledge is dynamic, being refined as new data arrives.
Use of domain knowledge. Knowledge about the domain (e.g., constraints, context) may be used in addition to collected raw intelligence data.

8.2.1 Data Fusion

Data fusion is an adaptive knowledge creation process in which diverse elements of similar or dissimilar observations (data) are aligned, correlated, and combined into organized and indexed sets (information), which are further assessed to model, understand, and explain (knowledge) the makeup and behavior of a domain under observation.

The data-fusion process seeks to explain an adversary (or uncooperative) intelligence target by abstracting the target and its observable phenomena into a causal or relationship model, then applying all-source observation to detect entities and events to estimate the properties of the model. Consider the levels of representation in the simple target-observer processes in Figure 8.2 [6]. The adversary leadership holds to goals and values that create motives; these motives, combined with beliefs (created by perception of the current situation), lead to intentions. These intentions lead to plans and responses to the current situation; from alternative plans, decisions are made that lead to commands for action. In a hierarchical military, or a networked terrorist organization, these commands flow to activities (communication, logistics, surveillance, and movements). Using the three domains of reality terminology introduced in Chapter 5, the motive-to-decision events occur in the adversary’s cognitive domain with no observable phenomena.

The data-fusion process uses observable evidence from both the symbolic and physical domains to infer the operations, communications, and even the intentions of the adversary.

The emerging concept of effects-based military operations (EBO) requires intelligence products that provide planners with the ability to model the various effects influencing a target that make up a complex system. Planners and opera- tors require intelligence products that integrate models of the adversary physical infrastructure, information networks, and leadership and decision making

The U.S. DoD JDL has established a formal process model of data fusion that decomposes the process into five basic levels of information-refining processes (based upon the concept of levels of information abstraction) [8]:

Level 0: Data (or subobject) refinement. This is the correlation across signals or data (e.g., pixels and pulses) to recognize components of an object and the correlation of those components to recognize an object.
Level 1: Object refinement. This is the correlation of all data to refine individual objects within the domain of observation. (The JDL model uses the term object to refer to real-world entities, however, the subject of interest may be a transient event in time as well.)
Level 2: Situation refinement. This is the correlation of all objects (information) within the domain to assess the current situation.
Level 3: Impact refinement. This is the correlation of the current situation with environmental and other constraints to project the meaning of the situation (knowledge). The meaning of the situation refers to its implications to the user: threat, opportunity, change, or consequence.
Level 4: Process refinement. This is the continual adaptation of the fusion process to optimize the delivery of knowledge against a defined mission objective.

8.2.1.1 Level 0: Data Refinement

Raw data from sensors may be calibrated, corrected for bias and gain errors, limited (thresholded), and filtered to remove systematic noise sources. Object detection may occur at this point—in individual sensors or across multiple sensors (so-called predetection fusion). The object-detection process forms observation reports that contain data elements such as observation identifier, time of measurement, measurement or decision data, decision, and uncertainty data.

8.2.1.2 Level 1: Object Refinement

Sensor and source reports are first aligned to a common spatial reference (e.g., a geographic coordinate system) and temporal reference (e.g., samples are propagated forward or backward to a common time.) These alignment transformations place the observations in a common time-space coordinate system to allow an association process to determine which observations from different sensors have their source in a common object. The association process uses a quantitative correlation metric to measure the relative similarity between observations. The typical correlation metric, C, takes on the following form:

n
c = ∑wi xi

i1=1

Where;
wi = weighting coefficient for attribute xi.

xi = ith correlation attribute metric.

The correlation metric may be used to make a hard decision (an association), choosing the most likely parings of observations, or a deferred decision, assigning more that one hypothetical paring and deferring a hard decision until more observations arrive. Once observations have been associated, two functions are performed on each associated set of measurements for common object:

Tracking. For dynamic targets (vehicles or aircraft), the current state of the object is correlated with previously known targets to determine if the observation can update a model of an existing model (track). If the newly associated observations are determined to be updates to an existing track, the state estimation model for the track (e.g., a Kalman filter) is updated; otherwise, a new track is initiated.
Identification. All associated observations are used to determine if the object identity can be classified to any one of several levels (e.g., friend/foe, vehicle class, vehicle type or model, or vehicle status or intent).

8.2.1.3 Level 2: Situation Refinement

All objects placed in space-time context in an information base are analyzed to detect relationships based on spatial or temporal characteristics. Aggregate sets of objects are detected by their coordinated behavior, dependencies, proximity, common point of origin, or other characteristics using correlation metrics with high-level attributes (e.g., spatial geometries or coordinated behavior). The synoptic understanding of all objects, in their space-time context, provides situation knowledge, or awareness.

8.2.1.4 Level 3: Impact (or Threat) Refinement

Situation knowledge is used to model and analyze feasible future behaviors of objects, groups, and environmental constraints to determine future possible out- comes. These outcomes, when compared with user objectives, provide an assessment of the implications of the current situation. Consider, for example, a simple counter-terrorism intelligence situation that is analyzed in the sequence in Figure 8.4.

8.2.1.5 Level 4: Process Refinement

This process provides feedback control of the collection and processing activities to achieve the intelligence requirements. At the top level, current knowledge (about the situation) is compared to the intelligence requirements required to achieve operational objectives to determine knowledge shortfalls. These shortfalls are parsed, downward, into information, then data needs, which direct the future acquisition of data (sensor management) and the control of internal processes. Processes may be refined, for example, to focus on certain areas of interest, object types, or groups. This forms the feedback loop of the data-fusion process.

8.2.2 Data Mining

Data mining is the process by which large sets of data (or text in the specific case of text mining) are cleansed and transformed into organized and indexed sets (information), which are then analyzed to discover hidden and implicit, but previously undefined, patterns. These patterns are reviewed by domain experts to determine if they reveal new understandings of the general structure and relationships (knowledge) in the data of a domain under observation.

The object of discovery is a pattern, which is defined as a statement in some language, L, that describes relationships in subset Fs of a set of data, F, such that:

The statement holds with some certainty, c;
The statement is simpler (in some sense) than the enumeration of all facts in Fs [13].

This is the inductive generalization process described in Chapter 5. Mined knowledge, then, is formally defined as a pattern that is interesting, according to some user-defined criterion, and certain to a user-defined measure of degree.

In application, the mining process is extended from explanations of limited data sets to more general applications (induction). In this example, a relationship pattern between three terrorist cells may be discovered that includes intercommunication, periodic travel to common cities, and correlated statements posted on the Internet.

Data mining (also called knowledge discovery) is distinguished from data fusion by two key characteristics:

Inference method. Data fusion employs known patterns and deductive reasoning, while data mining searches for hidden patterns using inductive reasoning.
Temporal perspective. The focus of data fusion is retrospective (determining current state based on past data), while data mining is both retrospective and prospective—focused on locating hidden patterns that may reveal predictive knowledge.

Beginning with sensors and sources, the data warehouse is populated with data, and successive functions move the data toward learned knowledge at the top. The sources, queries, and mining processes may be refined, similar to data fusion. The functional stages in the figure are described next.

Data warehouse. Data from many sources are collected and indexed in the warehouse, initially in the native format of the source. One of the chief issues facing many mining operations is the reconciliation of diverse database formats that have different formats (e.g., field and record sizes and parameter scales), incompatible data definitions, and other differences. The warehouse collection process (flow in) may mediate between these input sources to transform the data before storing in common form [20].
Data cleansing. The warehoused data must be inspected and cleansed to identify and correct or remove conflicts, incomplete sets, and incompatibilities common to combined databases. Cleansing may include several categories of checks:

Uniformity checks verify the ranges of data, determine if sets exceed limits, and verify that formats versions are compatible.
Completeness checks evaluate the internal consistency of data sets to ensure, for example, that aggregate values are consistent with individual data components (e.g., “verify that total sales is equal to sum of all sales regions, and that data for all sales regions is present”).
Conformity checks exhaustively verify that each index and reference exists.
Genealogy checks generate and check audit trails to primitive data to permit analysts to drill down from high-level information.

Data selection and transformation. The types of data that will be used for mining are selected on the basis of relevance. For large operations, ini- tial mining may be performed on a small set, then extended to larger sets to check for the validity of abducted patterns. The selected data may then be transformed to organize all data into common dimensions and to add derived dimensions as necessary for analysis.
Data mining operations. Mining operations may be performed in a supervised manner in which the analyst presents the operator with a selected set of training data, in which the analyst has manually determined the existence of pattern classes. Alternatively, the operation may proceed without supervision, performing an automated search for patterns. A number of techniques are available (Table 8.4), depending upon the type of data and search objectives (interesting pattern types).

Discovery modeling. Prediction or classification models are synthesized to fit the data patterns detected. This is the proscriptive aspect of mining: modeling the historical data in the database (the past) to provide a model to predict the future. The model attempts to abduct a generalized description that explains discovered patterns of interest and, using statistical inference from larger volumes of data, seeks to induct generally applicable models. Simple extrapolation, time-series trends, com- plex linked relationships, and causal mathematical models are examples of models created.
Visualization. The analyst uses visualization tools that allow discovery of interesting patterns in the data. The automated mining operations cue the operator to discovered patterns of interest (candidates), and the analyst then visualizes the pattern and verifies if, indeed, it contains new and useful knowledge. OLAP refers to the manual visualization process in which a data manipulation engine allows the analyst to create data “views” from the human perspective and to perform the following categories of functions:

Multidimensional analysis of the data across dimensions, through relationships (e.g., command hierarchies and transaction networks) and in perspectives natural to the analyst (rather that inherent in the data);
Transformation of the viewing dimensions or slicing of the multidimensional array to view a subset of interest;
Drill down into the data from high levels of aggregation, downward into successively deeper levels of information;
Reach through from information levels to the underlying raw data, including reaching beyond the information base, back to raw data by the audit trail generated in genealogy checking;
Modeling of hypothetical explanations of the data, in terms of trend analysis, extrapolations.

Refinement feedback. The analyst may refine the process, by adjusting the parameters that control the lower level processes, as well as requesting more or different data on which to focus the mining operations.

8.2.3 Integrated Data Fusion and Mining

In a practical intelligence application, the full reasoning process integrates the discovery processes of data mining with the detection processes of data fusion. This integration helps the analyst to coordinate learning about new signatures and patterns and apply that new knowledge, in the form of templates, to detect other cases of the situation. A general application of these integrated tools can support the search for nonliteral target signatures, the use of those learned and validated signatures to detect new targets [21]. (Nonliteral target signatures refer to those signatures that extend across many diverse observation domains and are not intuitive or apparent to analysts, but may be discovered only by deeper analysis of multidimensional data.)

The mining component searches the accumulated database of sensor data, with discovery processes focused on relationships that may have relevance to the nonliteral target sets. Discovered models (templates) of target objects or processes are then tested, refined, and verified using the data-fusion process. Finally, the data-fusion process applies the models deductively for knowledge detection in incoming sensor data streams.

8.3 Intelligence Modeling and Simulation

Modeling activities take place in externalization (as explicit models are formed to describe mental models), combination (as evidence is combined and compared with the model), and in internalization (as the analyst ponders the matches, mismatches, and incongruities between evidence and model).

While we have used the general term model to describe any abstract representation, we now distinguish here between two implementations made by the modeling and simulation (M&S) community. Models refer to physical, mathematical, or otherwise logical representations of systems, entities, phenomena, or processes, while simulations refer to those methods to implement models over time (i.e., a simulation is a time-dynamic model)

Models and simulations are inherently collaborative; their explicit representations (versus mental models) allow analytic teams to collectively assemble, and explore the accumulating knowledge that they represent. They support the analysis-synthesis process in multiple ways:

Evidence marshaling. As described in Chapter 5, models and simulations provide the framework for which inference and evidence is assembled; they provide an audit trail of reasoning.
Exploration. Models and simulations also provide a means for analysts to be immersed in the modeled situation, its structure, and dynamics. It is a tool for experimentation and exploration that provides deeper understanding to determine necessary confirming or falsifying evidence, to evaluate potential sensing measures, and to examine potential denial and deception effects.
Dynamic process tracking. Simulations model the time-dynamic behavior of targets to forecast future behavior, compare with observations, and refine the behavior model over time. Dynamic models provide the potential for estimation, anticipation, forecasting, and even prediction (these words imply increasing accuracy and precision in their estimates of future behavior).
Explanation. Finally, the models and simulations provide a tool for presenting alternative hypotheses, final judgments, and rationale.

chance favors the prepared prototype: models and simulations can and should be media to create and capture surprise and serendipity

The table (8.5) illustrates independent models and simulations in all three domains, however these domains can be coupled to create a robust model to explore how an adversary thinks (cognitive domain), transacts (e.g., finances, command, and intelligence flows), and acts (physical domain).

A recent study of the advanced methods required to support counter-terrorism analysis recommended the creation of scenarios using top-down synthesis (manual creation by domain experts and large-scale simulation) to create synthetic evidence for comparison with real evidence discovered by bottom-up data mining.

8.3.1 M&S for I&W

The challenge of I&W demands predictive analysis, where “the analyst is looking at something entirely new, a discontinuous phenomenon, an outcome that he or she has never seen before. Furthermore, the analyst only sees this new pat- tern emerge in bits and pieces”

The tools monitor world events to track the state and time-sequence of state transitions for comparison with indicators of stress. These analytic tools apply three methods to provide indicators to analysts:

Structural indicator matching. Previously identified crisis patterns (statistical models) are matched to current conditions to seek indications in background conditions and long-term trends.
Sequential tracking models. Simulations track the dynamics of events to compare temporal behavior with statistical conflict accelerators in cur- rent situations that indicate imminent crises.
Complex behavior analysis. Simulations are used to support inductive exploration of the current situation, so the analyst can examine possible future scenarios to locate potential triggering events that may cause instability (though not in prior indicator models).

A general I&W system architecture (Figure 8.7), organized following the JDL data-fusion structure, accepts incoming news feed text reports of current situations and encodes the events into a common format (by human or automated coding). The event data is encoded into time-tagged actions (assault, kid- nap, flee, assassinate), proclamations (threaten, appeal, comment) and other pertinent events from relevant actors (governments, NGOs, terror groups). The level 1 fusion process correlates and combines similar reports to produce a single set of current events organized in time series for structural analysis of back- ground conditions and sequential analysis of behavioral trends by groups and interactions between groups. This statistical analysis is an automatic target-recognition process, comparing current state and trends with known clusters of unstable behaviors. The level 2 process correlates and aggregates individual events into larger patterns of behavior (situations). A dynamic simulation tracks the current situation (and is refined by the tracking loop shown) to enable the analyst to explore future excursions from the present condition. By analysis of the dynamics of the situation, the analyst can explore a wide range of feasible futures, including those that may reveal surprising behavior that is not intuitive—increasing the analyst’s awareness of unstable regions of behavior or the potential of subtle but potent triggering events.

8.3.2 Modeling Complex Situations and Human Behavior

The complex behavior noted in the prior example may result from random events, human free will, or the nonlinearity introduced by the interactions of many actors. The most advanced applications of M&S are those that seek to model environments (introduced in Section 4.4.2) that exhibit complex behaviors—emergent behaviors (surprises) that are not predictable from the individual contributing actors within the system. Complexity is the property of a system that prohibits the description of its overall behavior even when all of the components are described completely. Complex environments include social behaviors of significant interest to intelligence organizations: populations of nation states, terrorist organizations, military commands, and foreign leaders [32]. Perhaps the grand challenge of intelligence analysis is to understand an adversary’s cognitive behavior to provide both warning and insight into the effects of alternative preemptive actions that may avert threats.

Nonlinear mathematical solutions are intractable for most practical problems, and the research community has applied dynamic systems modeling and agent-based simulation (ABS) to represent systems that exhibit complex behavior [34]. ABS research is being applied to the simulation of a wide range of organizations to assess intent, decision making and planning (cognitive), com- mand and finances (symbolic), and actions (physical). The applications of these simulations include national policies [35], military C2 [36], and terrorist organizations [37].

9
The Intelligence Enterprise Architecture

The processing, analysis, and production components of intelligence operations are implemented by enterprises—complex networks of people and their business processes, integrated information and communication systems and technology components organized around the intelligence mission. As we have emphasized throughout this text, an effective intelligence enterprise requires more than just these components; the people require a collaborative culture, integrated electronic networks require content and contextual compatibility, and the implementing components must constantly adapt to technology trends to remain competitive. The effective implementation of KM in such enterprises requires a comprehensive requirements analysis and enterprise design (synthesis) approach to translate high-level mission statements into detailed business processes, networked systems, and technology implementations.

9.1 Intelligence Enterprise Operations

In the early 1990s the community implemented Intelink, a communitywide network to allow the exchange of intelligence between agencies that maintained internal compartmented networks [2]. The DCI vision for “a unified IC optimized to provide a decisive information advantage…” in the mid-1990s led to the IC CIO to establish an IC Operational Network (ICON) office to perform enterprise architecture analysis and engineering to define the system and communication architectures in order to integrate the many agency networks within the IC [3]. This architecture is required to provide the ability to collaborate securely and synchronously from the users’ desktops across the IC and with customers (e.g., federal government intelligence consumers), partners (component agencies of the IC), and suppliers (intelligence data providers within and external to the IC).

The undertaking illustrates the challenge of implementing a mammoth intelligence enterprise that is comprised of four components:

Policies. These are the strategic vision and derivative policies that explicitly define objectives and the approaches to achieve the vision.

Operational processes. These are collaborative and operationally secure processes to enable people to share knowledge and assets securely and freely across large, diverse, and in some cases necessarily compartmented organizations. This requires processes for dynamic modification of security controls, public key infrastructure, standardized intelligence product markup, the availability of common services, and enterprisewide search, collaboration, and application sharing.
System (network). This is an IC system for information sharing (ICSIS) that includes an agreed set of databases and applications hosted within shared virtual spaces within agencies and across the IC. The system architecture (Figure 9.1) defines three virtual collaboration spaces, one internal to each organization and a second that is accessible across the community (an intranet and extranet, respectively). The internal space provides collaboration at the Special Compartmented Intelligence (SCI) level within the organization; owners tightly control their data holdings (that are organizationally sensitive). The community space enables IC-wide collaboration at the SCI level; resource protection and control is provided by a central security policy. A separate collateral community space provides a space for data shared with DoD and other federal agencies.

The enterprise requires the integration of large installed bases of legacy components and systems with new technologies. The integration requires definition of standards (e.g., metadata, markup languages, protocols, and data schemas) and the plans for incremental technology transitions.

9.2 Describing the Enterprise Architecture

Two major approaches to architecture design that are immediately applicable to the intelligence enterprise have been applied by the U.S. DoD and IC for intelligence and related applications. Both approaches provide an organizing method- ology to assure that all aspects of the enterprise are explicitly defined, analyzed, and described to assure compatibility, completeness, and traceability back to the mission objectives. The approaches provide guidance to develop a comprehensive abstract model to describe the enterprise; the model may be understood from different views in which the model is observed from a particular perspective (i.e., the perspectives of the user or developer) and described by specific products that makeup the viewpoint.

The first methodology is the Zachman Architecture FrameworkTM, developed by John Zachman in the late1980s while at IBM. Zachman pioneered a concept of multiple perspectives (views) and descriptions (viewpoints) to completely define the information architecture [6]. This framework is organized as a matrix of 30 perspective products, defined by the cross product of two dimensions:

Rows of the matrix represent the viewpoints of architecture stakeholders: the owner, planner, designer, builder (e.g., prime contractor), and subcontractor. The rows progress from higher level (greater degree of abstraction) descriptions by the owner toward lower level (details of implementation) by the subcontractor.
Columns represent the descriptive aspects of the system across the dimensions of data handled, functions performed, network, people involved, time sequence of operations, and motivation of each stakeholder.

Each cell in the framework matrix represents a descriptive product required to describe an aspect of the architecture.

This framework identifies a single descriptive product per view, but permits a wide range of specific descriptive approaches to implement the products in each cell of the framework:

Mission needs statements, value propositions, balanced scorecard, and organizational model methods are suitable to structure and define the owner’s high-level view.
Business process modeling, the object-oriented Unified Modeling Language (UML), or functional decomposition using Integrated Definition Models (IDEF) explicitly describe entities and attributes, data, functions, and relationships. These methods also support enterprise functional simulation at the owner and designer level to permit evaluation of expected enterprise performance.
Detailed functional standards (e.g., IEEE and DoD standards specification guidelines) provide guidance to structure detailed builder- and subcontractor–level descriptions that define component designs.

The second descriptive methodology is the U.S. DoD Architecture Frame- work (formally the C4ISR Architecture Framework), which defines three inter- related perspectives or architectural views, each with a number of defined products [7]. The three interrelated views (Figure 9.2) are as follows:

1. Operational architecture is a description (often graphical) of the operational elements, intelligence business processes, assigned tasks, work- flows, and information flows required to accomplish or support the intelligence function. It defines the type of information, the frequency of exchange, and what tasks are supported by these information exchanges.
2. Systems architecture is a description, including graphics, of the systems and interconnections providing for or supporting intelligence functions. The system architecture defines the physical connection, location, and identification of the key nodes, circuits, networks, and users and specifies system and component performance parameters. It is constructed to satisfy operational architecture requirements per standards defined in the technical architecture. This architecture view shows how multiple systems within a subject area link and interoperate and may describe the internal construction or operations of particular systems within the architecture.
3. Technical architecture is a minimal set of rules governing the arrangement, interaction, and interdependence of the parts or elements whose purpose is to ensure that a conformant system satisfies a specified set of requirements. The technical architecture identifies the services, interfaces, standards, and their relationships. It provides the technical guidelines for implementation of systems upon which engineering specifications are based, common building blocks are built, and product lines are developed.

Both approaches provide a framework to decompose the enterprise into a comprehensive set of perspectives that must be defined before building; following either approach introduces the necessary discipline to structure the enterprise architecture design process.

The emerging foundation for enterprise architecting using framework models is distinguished from the traditional systems engineering approach, which focuses on optimization, completeness, and a build-from-scratch originality [11]. Enterprise (or system) architecting recognizes that most enterprises will be constructed from a combination of existing and new integrating components:

Policies, based on the enterprise strategic vision;
People, including current cultures that must change to adopt new and changing value propositions and business processes;
Systems, including legacy data structures and processes that must work with new structures and processes until retirement;
IT, including legacy hardware and software that must be integrated with new technology and scheduled for planned retirement.

The adoption of the architecture framework models and system architecting methodologies are developed in greater detail in a number of foundational papers and texts [12].

9.3 Architecture Design Case Study: A Small Competitive Intelligence Enterprise

The enterprise architecture design principles can be best illustrated by developing the architecture description for a fictional small-scale intelligence enterprise: a typical CI unit for a Fortune 500 business. This simple example defines the introduction of a new CI unit, deliberately avoiding the challenges of introducing significant culture change across an existing organization and integrating numerous legacy systems.

The CI unit provides legal and ethical development of descriptive and inferential intelligence products for top management to assess the state of competitors’ businesses and estimate their future actions within the current marketplace. The unit is not the traditional marketing function (which addresses the marketplace of customers) but focuses specifically on the competitive environment, especially competitors’ operations, their business options, and likely decision-making actions.

The enterprise architect recognizes the assignment as a corporate KM project that should be evaluated against O’Dell and Grayson’s four-question checklist for KM projects [14]:

Select projects to advance your business performance. This project will enhance competitiveness and allow FaxTech to position and adapt its product and services (e.g., reduce cycle time and enhance product development to remain competitive).
Select projects that have a high success probability. This project is small, does not confront integration with legacy systems, and has a high probability of technical success. The contribution of KM can be articulated (to deliver competitive intelligence for executive decision making), there is a champion on the board (the CIO), and the business case (to deliver decisive competitor knowledge) is strong. The small CI unit implementation does not require culture change in the larger Fax- Tech organization—and it may set an example of the benefits of collaborative knowledge creation to set the stage for a larger organization-wide transformation.
Select projects appropriate for exploring emerging technologies. The project is an ideal opportunity to implement a small KM enterprise in FaxTech that can demonstrate intelligence product delivery to top management and can support critical decision making.
Select projects with significant potential to build KM culture and discipline within the organization. The CI enterprise will develop reusable processes and tools that can be scaled up to support the larger organization; the lessons learned in implementation will be invaluable in planning for an organization-wide KM enterprise.

9.3.1 The Value Proposition

The CI value proposition must define the value of competitive intelligence.

The quantitative measures may be difficult to define; the financial return on CI investment measure, for example, requires a careful consideration of how the derived intelligence couples with strategy and impacts revenue gains. Kilmetz and Bridge define a top-level measure of CI return on investment (ROI) metric that considers the time frame of the payback period (t, usually updated quarterly and accumulated to measure the long-term return on strategic decisions) and applies the traditional ROI formula, which subtracts the cost of the CI investment (C CI+I,, the initial implementation cost, plus accumulating quarterly operations costs using net present values) from the revenue gain [17]:

ROICI =∑[(P×Q)−CCI+I]t

The expected revenue gain is estimated by the increase in sales (units sold, Q, multiplied by price, P, in this case) that are attributable to CI-induced decisions. Of course, the difficulty in defining such quantities is the issue of assuring that the gains are uniquely attributable to decisions possible only by CI information [18].

In building the scorecard, the enterprise architect should seek the lessons learned from others, using sources such as the Society for Competitive Intelligence Professionals or the American Productivity and Quality Center

9.3.2 The CI Business Process

The Society of Competitive Intelligence Professionals has defined a CI business cycle that corresponds to the intelligence cycle; the cycle differs by distinguishing primary and published source information, while eliminating the automated processing of technical intelligence sources. The five stages, or business processes, of this high-level business model include:

Planning and direction. The cycle begins with the specific identification of management needs for competitive intelligence. Management defines the specific categories of competitors (companies, alliances) and threats (new products or services, mergers, market shifts, technology discontinuities) for focus and the specific issues to be addressed. The priorities of intelligence needed, routine reporting expectations, and schedules for team reporting enables the CI unit manager to plan specific tasks for analysts, establish collection and reporting schedules, and direct day-to-day operations.

Published source collection. The collection of articles, reports, and financial data from open sources (Internet, news feeds, clipping services, commercial content providers) includes both manual searches by analysts and active, automated searches by software agents that explore (crawl) the networks and cue analysts to rank-ordered findings. This collection provides broad, background knowledge of CI targets; the results of these searches provide cues to support deeper, more focused primary source collection.
Primary source collection. The primary sources of deep competitor information are humans with expert knowledge; ethical collection process includes the identification, contact, and interview of these individuals. Such collections range from phone interviews, formal meetings, and consulting assignments to brief discussions with competitor sales representatives at trade shows. The results of all primary collections are recorded on standard format reports (date, source, qualifications, response to task requirement, results, further sources suggested, references learned) for subsequent analysis.
Analysis and production. Once indexed and organized, the corpus of data is analyzed to answer the questions posed by the initial tasks. Collected information is placed in a framework that includes organizational, financial, and product-service models that allow analysts to estimate the performance and operations of the competitor and predict likely strategies and planned activities. This process relies on a synoptic view of the organized information, experience, and judgment. SMEs may be called in from within FaxTech or from the outside (consultants) to support the analysis of data and synthesis of models.
Reporting. Once approved by the CI unit manager, these quantitative models and more qualitative estimative judgments of competitor strategies are published for presentation in a secure portal or for formal presentation to management. As result of this reporting, management provides further refining direction and the cycle repeats.

9.3.4 The CI Unit Organizational Structure and Relationships

This manager accepts tasking from executive management, issues detailed tasks to the analytic team, and then reviews and approves results before release to management. The manager also manages the budget, secures consultants for collection or analysis support, manages special collections, and coordinates team training and special briefings by SMEs.

9.3.5 A Typical Operational Scenario

For each of the five processes, a number of use cases may be developed to describe specific actions that actors (CI team members or system components) perform to complete the process. In object-oriented design processes, the devel- opment of such use cases drives the design process by first describing the many ways in which actors interact to perform the business process [22]. A scenario or process thread provides a view of one completed sequence through a single or numerous use case(s) to complete an enterprise task. A typical crisis response scenario is summarized in Table 9.3 to illustrate the sequence of interactions between the actors (management, CI manager, deputy, knowledge-base man- ager and analysts, system, portal, and sources) to complete a quick response thread. The scenario can be further modeled by an activity diagram [23] that models the behavior between objects.

The development of the operational scenario also raises nonfunctional performance issues that are identified and defined, generally in parametric terms, for example:

Rate and volume of data ingested daily;
Total storage capacity of the on-line and offline archived holdings;
Access time for on-line and off-line holdings;
Number of concurrent analysts, searches, and portal users;
Information assurance requirements (access, confidentiality, and attack rejection).

9.3.6 CI System Abstraction

The purpose of use cases and narrative scenarios is to capture enterprise behavior and then to identify the classes of object-oriented design. The italicized text in the scenario identifies the actors, and the remaining nouns are candidates for objects (instantiated software classes). From these use cases, software designers can identify the objects of design, their attributes, and interactions. Based upon the use cases, object-oriented design proceeds to develop sequence diagrams that model messages passing between objects, state diagrams that model the dynamic behavior within each object, and object diagrams that model the static description of objects. The object encapsulates state attributes and provides services to manipulate the internal attributes

Based on the scenario of the last section, the enterprise designer defines the class diagram (Figure 9.7) that relates objects that accept the input CI requirements through the entire CI process to a summary of finished intelligence. This diagram does not include all objects; the objects presented illustrate those that acquire data related to specific competitors, and these objects are only a subset of the classes required to meet the full enterprise requirements defined earlier. (The objects in this are included in the analysis package described in the next section.) The requirement object accepts new CI requirements for a defined competitor; requirements are specified in terms of essential elements of information (EEI), financial data, SWOT characteristics, and organization structure. In this object, key intelligence topics may be selected from predefined templates to specify specific intelligence requirements for a competitor or for a marketplace event [24]. The analyst translates the requirements to tasks in the task object; the task object generates search and collect objects that specify the terms for automated search and human collection from primary sources, respectively. The results of these activities generate data objects that organize and present accumulated evidence that is related to the corresponding search and collect objects.

The analyst reviews the acquired data, creating text reports and completing analysis templates (SWOT, EEI, financial) in the analysis object. Analysis entries are linked to the appropriate competitor in the competitor list and to the supporting evidence in data objects. As results are accumulated in the templates, the status (e.g., percentage of required information in template completed) is computed and reported by the status object. Summary of current intelligence and status are rolled up in the summary object, which may be used to drive the CI portal.

9.3.7 System and Technical Architecture Descriptions

The abstractions that describe functions and data form the basis for partitioning packages of software services and the system hardware configuration. The system architecture description includes a network hardware view (Figure 9.8, top) and a comparable view of the packaged software objects (Figure 9.8, bottom)

The enterprise technical architecture is described by the standards for commercial and custom software packages (e.g., the commercial and developed software components with versions, as illustrated in Table 9.4) to meet the requirements developed in system model row of the matrix. Fuld & Company has published periodic reviews of software tools to support the CI process; these reviews provide a helpful evaluation of available commercial packages to support the CI enterprise [25]. The technical architecture is also described by the standards imposed on the implementing components—both software and hardware. These standards include general implementation standards [e.g., American National Standards Institute (ANSI), International Standards Organization (ISO), and Institute of Electrical and Electronics Engineers (IEEE)] and federal standards regulating workplace environments and protocols. The applicable standards are listed to identify applicability to various functions within the enterprise.

A technology roadmap should also be developed to project future transitions as new components are scheduled to be integrated and old components are retired. It is particularly important to plan for integration of new software releases and products to assure sustained functionality and compatibility across the enterprise.

10
Knowledge Management Technologies

IT has enabled the growth of organizational KM in business and government; it will continue to be the predominant influence on the progress in creating knowledge and foreknowledge within intelligence organizations.

10.1 Role of IT in KM

When we refer to technology, the application of science by the use of engineering principles to solve a practical problem, it is essential that we distinguish the difference between three categories of technologies that all contribute to our ability to create and disseminate knowledge (Table 10.1). We may view these as three technology layers, with the basic computing materials sciences providing the foundation technology applications for increasing complexity and scale of communications and computing.

10.4.1 Explicit Knowledge Combination Technologies

Future explicit knowledge combination technologies include those that trans- form explicit knowledge into useable forms and those that perform combination processes to create new knowledge.

Multimedia content-context tagged knowledge bases. Knowledgebase technology will support the storage of multimedia data (structured and unstructured) with tagging of both content and context to allow com- prehensive searches for knowledge across heterogeneous sources.
Multilingual natural language. Global natural language technologies will allow accurate indexing, tagging, search, linking, and reasoning about multilingual text (and recognized human speech at both the content level and the concept level. This technology will allow analysts to conduct multilingual searches by topic and concept at a global scale

Integrated deductive-inductive reasoning. Data-fusion and-data mining technologies will become integrated to allow interactive deductive and inductive reasoning for structured and unstructured (text) data sources. Data-fusion technology will develop level 2 (situation) and level 3 (impact, or explanation) capabilities using simulations to represent complex and dynamic situations for comparison with observed situations.
Purposeful deductive-inductive reasoning. Agent-based intelligence will coordinate inductive (learning and generalization) and deductive (decision and detection) reasoning processes (as well as abductive explanatory reasoning) across unstructured multilingual natural language, common sense, and structured knowledge bases. This reasoning will be goal-directed based upon agent awareness of purpose, values, goals, and beliefs.
Automated ontology creation. Agent-based intelligence will learn the structure of content and context, automatically populating knowledge bases under configuration management by humans.

10.4.3 Knowledge-Based Organization Technologies

Technologies that support the socialization processes of tacit knowledge exchange will enhance the performance and effectiveness of organizations; these technologies will increasingly integrate intelligence agents into the organization as aids, mentors, and ultimately as collaborating peers.

Tailored naturalistic collaboration. Collaboration technologies will provide environments with automated capabilities that will track the con- text of activities (speech, text, graphics) and manage the activity toward defined goals. These environments will also recognize and adapt to individual personality styles, tailoring the collaborative process (and the mix of agents-humans) to the diversity of the human-team composition.
Intimate tacit simulations. Simulation and game technologies will enable human analysts to be immersed in the virtual physical, symbolic, and cognitive environments they are tasked to understand. These technologies will allow users to explore data, information, and complex situations in all three domains of reality to gain tacit experience and to be able to share the experience with others.
Human-like agent partners. Multiagent system technologies will enable the formation of agent communities of practice and teams—and the creation of human-agent organizations. Such hybrid organizations will enable new analytic cultures and communities of problem-solving.
Combined human-agent learning. Personal agent tutors, mentors, and models will shadow their human partners, share experiences and observations, and show what they are learning. These agents will learn monitor subtle human cues about the capture and use of tacit knowledge in collaborative analytic processes.
Direct brain tacit knowledge. Direct brain biological-to-machine connections will allow monitors to provide awareness, tracking, articulation, and capture of tacit experiences to augment human cognitive performance.

10.5 Summary

KM technologies are built upon materials and ITs that enable the complex social (organizational) and cognitive processes of collaborative knowledge creation and dissemination to occur over large organizations, over massive scales of knowledge. Technologists, analysts, and developers of intelligence enterprises must monitor these fast-paced technology developments to continually reinvent the enterprise to remain competitive in the global competition for knowledge. This continual reinvention process requires a wise application of technology in three modes. The first mode is the direct adoption of technologies by upgrade and integration of COTS and GOTS products. This process requires the continual monitoring of industry standards, technologies, and the marketplace to project the lifecycle of products and forecast adoption transitions. The second application mode is adaptation, in which a commercial product component may be adapted for use by wrapping, modifying, and integrating with commercial or custom components to achieve a desired capability. The final mode is custom development of a technology unique to the intelligence application. Often, such technologies may be classified to protect the unique investment in, the capability of, and in some cases even the existence of the technology.

Technology is enabling, but it is not sufficient; intelligence organizations must also have the vision to apply these technologies while transforming the intelligence business in a rapidly changing world.

Notes on The Threat Closer to Home: Hugo Chavez and the War Against America

Michael Rowan is the author of The Threat Closer to Home: Hugo Chavez and the War Against America and is a political consultant for U.S. and Latin American leaders. He has advised former Bolivian president Jaime Paz Zamora and Costa Rican president Oscar Arias. Mr. Rowan has also counseled winning Democratic candidates in 30 U.S. states. He is a former president of the International Association of Political Consultants.

(2)

Hugo Chavez, the president of Venezuela, is a much more dangerous individuals than the famously elusive leader of al-Quaeda. He has made the United States his sworn enemy, and the sad truth is that few people are really listening.

“I’m still a subversive,” Chavez has admitted. “I think the entire world should be subverted.”

Hugo Chavez to Jan James of the Associated Press, September 23, 2007

(4)

One cannot discount how much Castro’s aura has shaped Chavez’s thoughts and actions.

(5)

There are many who harbor bad intentions towards the United States, but only a few who possess the capability to do anything about it. Chavez is one of these few because:

His de facto dictatorship gives him absolute control over Venezuela’s military, oil production, and treasury.

He harbors oil reserves second only to those of Saudi Arabia; Venezuela’s annual windfall profits exceed the net worth of Bill Gates.

He has a strategic military and oil alliance with a major American foe and terrorism sponsor, the Islamic Republic of Iran

He has more soldiers on active and reserve duty and more modern weapons – mostly from Russia and China – than any other nation in Latin America

Fulfilling Castro’s dream, he has funded a Communist insurgency against the United States, effectively annexing Bolivia, Nicaragua, Dominica, and Ecuador as surrogate states, and is developing cells in dozens of countries to create new fronts in this struggle.

He is allied with the narcotics-financed guerrillas against the government of Colombia, which the United States supports in its war against drug trafficking

He has numerous assocaiions with terorrists, money launderers, kidnappers, and drug traffickers.

He has more hard assets (the Citgo oil company) and soft assets (Hollywood stars, politicians, lobbyists, and media connections) than any other foreign power.

(6)

Chavez longs for the ear when there will be no liberal international order to constrain his dream of a worldwide “socialist” revolution: no World Bank, no International Monetary Fund, no Organization for Economic Cooperation and Development, no World Trade Organization, no international law, not economic necessity for modernization and globalilzation. And perhaps more important, he longs for the day when the United States no longer policies the world’s playing fields. Chavez has spent more than $100 billion trying to minimize the impact of each international institution on Latin America. He is clearly opposed to international cooperation that does not endorse the Cuba-Venezuela government philosophy.

(10)

According to reports from among its 2,400 former members, the FARC resembles a mafia crime gang more than a Communist guerrilla army, but Chavez disagrees, calling the FARC, “insurgent forces that have a political project.” They “are not terrorists, they are true armies… they must be recognized.”

(11)

Chavez’s goal in life are to complete Simon Bolivar’s dream to united Latin America and Castro’s dream to communize it.

(13)

Since he was elected, Chavez’s public relations machinery has spent close to a billion dollars in the United States to convince Americas that he alone is telling the true story.

(14)

There are a number of influential Americans who have been attracted by Chavez’s money. These influde the 1996 Republican vice-presidential candidate Jack Kemp, who has repaed large dees trying to sell Chavez’s oil to the U.S. government; Tom Boggs, one of the most powerful lobbyists in Washington D.C.; Giuliani Partners, the lobbying arms of the former New York mayor and presidential hopeful (principal lobbyists for Chavez’s CITGO oil company in Texas); former Massachusetts governor Mitt Romney’s Bain Associates, which prospered by handling Chavez’s oil and bond interests; and Joseph P. Kennedy II of Massachusetts, who advertises Chavez’s oil discounts to low-income Americans, a program that reaches more than a million American families (Kennedy and Chavez cast this program as nonpolitical philanthropy).

(19)

Chavez’s schoolteacher parents could not afford to raise all of their six children at home, so the two older boys, Adan and Hugo, were sent to live with their grandmother, Rosa Ines. Several distinguished Chavez-watchers, including Alvaro Vargas Llosa, have theorized that his being locked in cloastes at home and then sent away by his parents to grow up elsewhere constituted a seminal rejection that gave rise to what Vargas Llosa called Chavez’s “messianic inferiority complex” – his overarching yearning to be loved and his irrepressible need to act out.

(26)

Chavez began living the life of a Communist double agent. “During the day I’m a career military officer who does his job,” he told his lover Herma Marksman, “but at night I work on achieving the transformations this country needs.” His nights were filled with secret meetings of Communist subversives and co-conspirators, often in disguises, planning the armed overthrow of the government.

(27)

In 1979, he was transferred to Caracas to teach at his former military academic. It was the perfect perch from which to build a network of officers sympathetic to his revolutionary cause.

Chavez also expanded the circle of his ideological mentors. By far the most important of these was Douglas Bravo, an unreconstructed communist who disobeyed Moscow’s orders after détente to give up the armed struggle against the United States. Bravo was the leader of the Party of the Venezuelan Revolution (PVR) and the Armed Forces of National Liberation. Chavez actively recruited his military friends to the PVR, couching it in the rhetoric of Bolivarianism to make it more palatable to their sensibilities.

(32)

From 1981 to 1984, a determined Chavez began secretly converting his students at the military academy to co-conspirators; ironically his day job was to teach Venezuelan military history with an emphasis on promoting military professionalism and noninvolvement in politics.

(45)

Chavez emerged from jail in 1994 a hero to Venezuela’s poor. He had also, while imprisoned, assiduously courted the international left, who helped him build an impressive war-chest – including, it was recently revealed, $150,000 from the FARC guerrillas of Colombia.

(46)

John Maisto, the US ambassador to Venezuela, at one point called Chavez a “terrorist” because of his coup attempt and denied him a visa to visit the United States. In reply, Chavez mocked Maisto by taking his Visa credit card from his wallet and waiving it about, saying, “I already have a Visa!”

(48)

Corruption made a good campaign issue for Chavez, but when it came time to do something about it, he balked. Chavez initially appointed Jesus Urdaneta – one of the four saman tree oath takers – as anticorruption czar. But Urdaneta was too energetic and effective for the President, within five months he had identified forty cases of corruption within Chavez’s own administration. Chavez refused to back his czar, who was eventually pushed out of office by the very people he was investigating. Chavez did nothing to save him.

In 1999 Chavez started a give-away project called “Plan Bolivar 2000.” Implemented by Chavez loyalists organized in groups known as Bolivarian Circles, the project was modeled after the Communist bloc committees in Castro’s Cuba The plan was basically a social welfare program that mirrored the populist ethic…. In eighteen months, Bolivar 2000 had become so corrupt that it had to be disbanded.

(49)

Independent studies estimate that the amounts taken from Venezuelan poverty and development funds by middlemen, brokers, and subcontractors – all of whom charge an “administrative” cost for passing on the funds – range as high as 80 percent to 90 percent. By contrast, the U.S. government, the World Bank, nongovernmental organizations, and international charities limit their administrative costs to 20 percent of project funds; the Nobal Peace Prize winning Doctors without Borders, for example, spends only 16 percent on administration.

(52)

Between 1999 and 2009, Chavez has spent some 20,000 hours on television.

(69)

Hugo Chavez is implementing a sophisticated oil war against the United Sates. To understand this you have to look back to 1999, when he asked the Venezuelan Congress for emergency executive powers and got them, whereupon he consolidated government power to his advantage. His big move was to take full control over the national oil company PDVSA. Chavez replaced PDVSA’s directors and managers with military or political loyalists, many of whom knew little to nothing about the oil business. This action rankled the company’s professional and technical employees – some 50,000 of them – who enjoyed the only true meritocracy in the country. Citgo…. Later received similar treatment.

Chavez in effect demodernized and de-Americanized PDVAS, which had adopted organizational efficiency cultures similar to its predecessors ExxonMobil and Shell, by claiming that they were ideologically incorrect. Chavez compared this to Haiti’s elimination of French culture under Toussain L’Ouverture in the early 1800s.

The president’s effort to dumb down the business was evident early on. In 1999 Chavez fired Science Applications International Corporations (Known as SAIC), an enormous U.S.-based global information technology firm that had served as PDVSA’s back office since 1995 (as it had for British Petroleum and other energy companies).

SAIC appealed to an international court and got a judgement against Chavez for stealing SAIC’s knowledge without compensation. Chavez ignored the judgement, refusing to pay “one penny”.

Stripped of SAIC technology and thousands of oil professionals who quit out of frustration, PDVSA steadily lost operational capacity from 1999 to 2001. Well maintenance suffered; production investment was slashed, oil productivity declined; environmental standards were ignored; and safety accidents proliferated. After the 2002 stroke that led to Chavez’s brief removal from power, PDVSA sacked some 18,000 more of it’s knowledge workers. Its production fell to 2.4 million barrels per day.

(68)

After Venezuela’s 2006 presidential election, Chavez…told three American oil companies – ExxonMobil, ConocoPhillips, and Chevron – to turn over 60 percent of their heavy oil exploration [which they had spent a decade and nearly $20 billion developing] or leave Venezuela.

(72)

Oil has caused a massive shift in the wealth of nations. All told, $12 trillion has been transferred from the oil consumers to the oil producers since 2002. This is a very large figure – it is comparable to the 2006 GDP of the United States – and it has contributed greatly to our unprecedented trade deficit; a weakening of the dollar; and the weakness of the U.S. financial system in surviving the housing mortgage crisis.

Two decades ago, private companies controlled half the world’s oil reserved, but today they only control 13 percent… While many Americans believe that big oil is behind the high prices at the gas pump, the fact is that the national oil companies controlled by Chavez of Venezuela, Ahmadinejad of Iran, and Putin of Russia are the real culprits.

(73)

When Chavez’s plane first landed in Havana in 1994, Fidel Castro greeted him at the airport. What made Hugo Chavez important to Castro then was the same thing that makes him important to the United States now: oil. Castro’s plan to weaken America – which he had to shelve when the Soviet Union collapsed and Cuba lost its USSR oil and financial subsidy – was dusted off.

The Chavez Castro condominium was a two-way street. Chavez soon began delivering from 50,000 to 90,000 barrels of oil per day to Castro, a subsidy eventually worth $3 billion to $4 billion per year, which far exceeded the sugar subsidy Castro once received from the Soviet Union until Gorbachev ended it around 1980. Castro used the huge infusion of Chavez’s cash to solidify his absolute control in Cuba and to crack down on political dissidents.

(79)

Chavez’s predatory, undemocratic, and destabilizing actions are not limited to Venezuela.

Chavez is striving to remake Latin America in his own image, and for his own purposes – purposes that mirror Fidel Castro’s half-aborted but never abandoned plans for hemispheric revolution hatched half a decade ago.

(81)

Hugo Chavez sees himself as leading the revolutionary charge that Fidel Castro always wanted to mount but was never able to spread beyond the shores of the island prison he created in the Caribbean. Ye four decades after taking power, Castro found a surrogate, a right arm who could carry on the work that he could not.

(82)

[Chavez] routinely uses oil to bribe Latin American states into lining up against the United States, either by subsidizing oil in the surrogate state or by using oil to interfere in other countries’ elections.

For instance, in 1999 Chavez created Petrocaribe, a company that provides oil discounts with delayed payments to thirteen Caribbean nations. It was so successful at fulfilling it’s real purpose – buying influence and loyalty – that two years later Chavez created PetroSur, which does the same for twenty Central and South American nations, at an annual cost to Venezuela’s treasury of an estimated $1 billion.

(83)

From 2005 to 2007 alone, Chavez gave away a total of $39 billion in oil and cash; $9.9 billion to Argentina, $7.5 billion to Cuba, $4.9 billion to Ecuador, and $4.9 billion from Nicaragua were the largest sums Chavez gave…

At a time when U.S. influence is waning – in part owing to Washington’s preoccupation with Iraq and the Middle East – Chavez has filled the void. The United States provides less than $1 billion in foreign economic aid to the entire region, a figure that rises to only $1.6 billion in foreign economic aid to the entire region… Chavez, meanwhile, spends nearly $9 billion in the region every single year. And his money is always welcome because it comes with no strings. The World Bank and IMF, by contrast, require concomitant reforms – for instance, efforts to fight corruption, drug trafficking, and money laundering – in return for grants and loans.

Consequently, over the course of a handful of years, virtually all the Latin American countries have wound up dependent on Venezuela’s oil or money or both. These include not just resource-poor nations; in Latin America only Mexico and Peru are fully independent of Chavez’s money.

One consequence: at the Organization of American States (OAS), which serves as a mini-United Nations for Latin America, Venezuela has assumed the position of the “veto” vote that once belonged to the United States.

(84)

Since Chavez has been president of Venezuela, the OAS has not passed on substantive resolution supported by the United States when Chavez was on the opposite side.

In all, since coming to power in 1999, Chavez has spent or committed an estimated $110 billion – some say twice the amount needed to eliminate poverty in Venezuela forever – in more than thirty countries to advance his anti-American agenda. Since 2005, Chavez’s total foreign aid budget for Latin America has been more than $50 billion – much more than the amount of U.S. foreign aid for the region over the same period.

Many of these expenditures have been hidden from the Venezuelan public in secret off-budget slush funds.The result is that Chavez now, by any measure, the most powerful figure in Latin America.

(85)

During Morale’s first year in office, 2006, Chavez contributed a whopping $1 billion in aid to Bolivia (equivalent to 12 percent of the country’s GDP). He also provided access to one of Venezuela’s presidential jets, sent a forty-soldier personal guard to accompany Morales at all times, subsidized the pay of Bolivia’s military, and paid to send thousands of Cuban doctors to Bolivia’s barrio health clinics.

(86)

After his political success in Bolivia, Chavez has aggressively supported every anti-American presidential candidate in the region. U.S. policymakers console themselves by claiming that Chavez’s favorites have mostly been defeated by pro-American centrists. The truth is more complex. Chavez came close to winning every one of those contests, and lost only when he overplayed his hand. More troubling, U.S. influence and prestige in Latin America is at perhaps its lowest ebb ever; today, being considered America’s ally is the political kiss of death.

(91)

Since turning unabashedly criminal, the FARC has imported arms, exported drugs, recruited minors, kidnapped thousands for ransom, executed hostages, hijacked planes, planted land mines, operated an extortion and protection racket in peasant communities, committed atrocities against innocent civilians, and massacred farmers as traitors…

A long-held ambition of the FARC’s leadership is to have the group officially recognized as a belligerent force, a legitimate army in rebellion. Such a designation – conferred by individual nations and under international law – would give the FARC rights normally accorded only to sovereign powers.

(93)

Uribe, a calm and soft-spoken attorney, set out methodologically to finish what Pastrana had begun.

To Chavez, any friend of the United States is his enemy, and any enemy of a friend of the United States is his friend – even a terrorist organization working to destabilize one of his country’s most important neighbors.

(94)

The relationship [between Chavez and the FARC] began more than a decade and a half ago, in the wake of Chavez’s failed coup. In 1992, the FARC gave a jailed Chavez $150,000, money that launched him to the presidency.

(95)

Perhaps the most sinister aspect to Chavez’s relationship with the FARC is the help he has provided to maximize its cocaine sales to the United States and Europe. British journalist John Carlin, who writes for The Guardian, a newspaper generally supportive of Chavez, secured interviews with several of the 2,400 FARC guerrillas who deserted the group in 2007. One of his subject told him that “the guerillas have a non-aggression pact with the Venezuelan military. The Venezuelan government lets FARC operate freely because they share the same left-wing, Bolivarian ideals, and because FARC bribes their people. Without cocaine revenues, the FARC would disappear, its former members assert. “If it were not for cocaine, the fuel that feeds the Colombian war, FARC would long ago have disbanded.”

(104)

Iran and Venezuela are working together to drive up the price of oil in hopes of crippling the American economy and enhancing their hegemonies in the Middle East and Latin America. They are using their windfall petro-revenues to finance a simmering war – sometimes cold, sometimes hot, sometimes covert, sometimes overt – against the United States.

(105)

As Chavez told Venezuelans repeatedly, Saddam’s fate was also what he feared for himself.

(119)

Hugo Chavez’s first reaction after the attack on the camp of narcoterrorist Raul Reyes was to accuse Colombia of behaving like Israel. “We’re not going to allow an Israel in the region,” he said.

Actually the parallel is not far off. Like Colombia, Israel is a state that wishes to live in peace with its neighbors, but they insist on destroying it. Israel’s fondest wish would be for the Palestinians to be capable of building a peaceful and prosperous nation with which Israel could establish normal relations.

(123)

American officials have also submitted some 130 written requests for basic biographical or immigration-related information, such as entry and exit dates into and out of Venezuela, for suspected terrorists. Not one of the requests has generated a substantive response.

(126)

***

Michael Rowan talked about the book he co-wrote, The Threat Closer to Home: Hugo Chavez and the War Against America, on C-SPAN. Former U.S. Ambassador to Venezuela Otto Reich joined him to comment on the book. Ray Walser moderated. Discussion topics included the global geopolitical impact of Venezuela’s decreasing economic and personal freedoms and what the U.S. can do. Then both men responded to questions from members of the audience.

Notes on Intelligence Analysis: A Target-Centric Approach

A major contribution of the 9/11 Commission and the Iraqi WMD Commission was their focus on a failed process, specifically on that part of the process where intelligence analysts interact with their policy customers.

“Thus, this book has two objectives:

The first objective is to redefine the intelligence process to help make all parts of what is commonly referred to as the “intelligence cycle” run smoothly and effectively, with special emphasis on both the analyst-collector and the analyst-customer relationships.

The second goal is to describe some methodologies that make for better predictive analysis.”

“An intelligence process should accomplish three basic tasks. First, it should make it easy for customers to ask questions. Second, it should use the existing base of intelligence information to provide immediate responses to the customer. Third, it should manage the expeditious creation of new information to answer remaining questions. To do these things, intelligence must be collaborative and predictive: collaborative to engage all participants while making it easy for customers to get answers; predictive because intelligence customers above all else want to know what will happen next.”

“the target-centric process outlines a collaborative approach for intelligence collectors, analysts, and customers to operate cohesively against increasingly complex opponents. We cannot simply provide more intelligence to customers; they already have more information than they can process, and information overload encourages intelligence failures. The community must provide what is called “actionable intelligence”—intelligence that is relevant to customer needs, is accepted, and is used in forming policy and in conducting operations.”

“The second objective is to clarify and refine the analysis process by drawing on existing prediction methodologies. These include the analytic tools used in organizational planning and problem solving, science and engineering, law, and economics. In many cases, these are tools and techniques that have endured despite dramatic changes in information technology over the past fifty years. All can be useful in making intelligence predictions, even in seemingly unrelated fields.”

“This book, rather, is a general guide, with references to lead the reader to more in-depth studies and reports on specific topics or techniques. The book offers insights that intelligence customers and analysts alike need in order to become more proactive in the changing world of intelligence and to extract more useful intelligence.”

“The common theme of these and many other intelligence failures discussed in this book is not the failure to collect intelligence. In each of these cases, the intelligence had been collected. Three themes are common in intelligence failures: failure to share information, failure to analyze collected material objectively, and failure of the customer to act on intelligence.”

“ though progress has been made in the past decade, the root causes for the failure to share remain, in the U.S. intelligence community as well as in almost all intelligence services worldwide:

Sharing requires openness. But any organization that requires secrecy to perform its duties will struggle with and often reject openness. Most governmental intelligence organizations, including the U.S. intelligence community, place more emphasis on secrecy than on effectiveness. The penalty for producing poor intelligence usually is modest. The penalty for improperly handling classified information can be career-ending. There are legitimate reasons not to share; the U.S. intelligence community has lost many collection assets because details about them were too widely shared. So it comes down to a balancing act between protecting assets and acting effectively in the world. ”

“Experts on any subject have an information advantage, and they tend to use that advantage to serve their own agendas. Collectors and analysts are no different. At lower levels in the organization, hoarding information may have job security benefits. At senior levels, unique knowledge may help protect the organizational budget. ”

“Finally, both collectors of intelligence and analysts find it easy to be insular. They are disinclined to draw on resources outside their own organizations.12 Communication takes time and effort. It has long-term payoffs in access to intelligence from other sources, but few short-term benefits.”

Failure to Analyze Collected Material Objectively

In each of the cases cited at the beginning of this introduction, intelligence analysts or national leaders were locked into a mindset—a consistent thread in analytic failures. Falling into the trap that Louis Pasteur warned about in the observation that begins this chapter, they believed because, consciously or unconsciously, they wished it to be so. ”

Ethnocentric bias involves projecting one’s own cultural beliefs and expectations on others. It leads to the creation of a “mirror-image” model, which looks at others as one looks at oneself, and to the assumption that others will act “rationally” as rationality is defined in one’s own culture.”
Wishful thinking involves excessive optimism or avoiding unpleasant choices in analysis.
Parochial interests cause organizational loyalties or personal agendas to affect the analysis process.
Status quo biases cause analysts to assume that events will proceed along a straight line. The safest weather prediction, after all, is that tomorrow’s weather will be like today’s.
Premature closure results when analysts make early judgments about the answer to a question and then, often because of ego, defend the initial judgments tenaciously. This can lead the analyst to select (usually without conscious awareness) subsequent evidence that supports the favored answer and to reject (or dismiss as unimportant) evidence that conflicts with it.

Summary

Intelligence, when supporting policy or operations, is always concerned with a target. Traditionally, intelligence has been described as a cycle: a process starting from requirements, to planning or direction, collection, processing, analysis and production, dissemination, and then back to requirements. That traditional view has several shortcomings. It separates the customer from the process and intelligence professionals from one another. A gap exists in practice between dissemination and requirements. The traditional cycle is useful for describing structure and function and serves as a convenient framework for organizing and managing a large intelligence community. But it does not describe how the process works or should work.”

Intelligence is in practice a nonlinear and target-centric process, operated by a collaborative team of analysts, collectors, and customers collectively focused on the intelligence target. The rapid advances in information technology have enabled this transition.

All significant intelligence targets of this target-centric process are complex systems in that they are nonlinear, dynamic, and evolving. As such, they can almost always be represented structurally as dynamic networks—opposing networks that constantly change with time. In dealing with opposing networks, the intelligence network must be highly collaborative.

“Historically, however, large intelligence organizations, such as those in the United States, provide disincentives to collaboration. If those disincentives can be removed, U.S. intelligence will increasingly resemble the most advanced business intelligence organizations in being both target-centric and network-centric.”

“Having defined the target, the first question to address is, What do we need to learn about the target that our customers do not already know? This is the intelligence problem, and for complex targets, the associated intelligence issues are also complex. ”

Chapter 4

Defining the Intelligence Issue

A problem well stated is a problem half solved.

Inventor Charles Franklin Kettering

“all intelligence analysis efforts start with some form of problem definition.”

“The initial guidance that customers give analysts about an issue, however, almost always is incomplete, and it may even be unintentionally misleading.”

“Therefore, the first and most important step an analyst can take is to understand the issue in detail. He or she must determine why the intelligence analysis is being requested and what decisions the results will support. The success of analysis depends on an accurate issue definition. As one senior policy customer noted in commenting on intelligence failures, “Sometimes, what they [the intelligence officers] think is important is not, and what they think is not important, is.”

“The poorly defined issue is so common that it has a name: the framing effect. It has been described as “the tendency to accept problems as they are presented, even when a logically equivalent reformulation would lead to diverse lines of inquiry not prompted by the original formulation.”

“veteran analysts go about the analysis process quite differently than do novices. At the beginning of a task, novices tend to attempt to solve the perceived customer problem immediately. Veteran analysts spend more time thinking about it to avoid the framing effect. They use their knowledge of previous cases as context for creating mental models to give them a head start in addressing the problem. Veterans also are better able to recognize when they lack the necessary information to solve a problem,6 in part because they spend enough time at the beginning, in the problem definition phase. In the case of the complex problems discussed in this chapter, issue definition should be a large part of an analyst’s work.

Issue definition is the first step in a process known as structured argumentation.”

“structured argumentation always starts by breaking down a problem into parts so that each part can be examined systematically.”

Statement of the Issue

In the world of scientific research, the guidelines for problem definition are that the problem should have “a reasonable expectation of results, believing that someone will care about your results and that others will be able to build upon them, and ensuring that the problem is indeed open and underexplored.”8 Intelligence analysts should have similar goals in their profession. But this list represents just a starting point. Defining an intelligence analysis issue begins with answering five questions:

When is the result needed? Determine when the product must be delivered. (Usually, the customer wants the report yesterday.) In the traditional intelligence process, many reports are delivered too late—long after the decisions have been made that generated the need—in part because the customer is isolated from the intelligence process… The target-centric approach can dramatically cut the time required to get actionable intelligence to the customer because the customer is part of the process.”

Who is the customer? Identify the intelligence customers and try to understand their needs. The traditional process of communicating needs typically involves several intermediaries, and the needs inevitably become distorted as they move through the communications channels.

What is the purpose? Intelligence efforts usually have one main purpose. This purpose should be clear to all participants when the effort begins and also should be clear to the customer in the result…Customer involvement helps to make the purpose clear to the analyst.”

What form of output, or product, does the customer want? Written reports (now in electronic form) are standard in the intelligence business because they endure and can be distributed widely. When the result goes to a single customer or is extremely sensitive, a verbal briefing may be the form of output.”

“Studies have shown that customers never read most written intelligence. Subordinates may read and interpret the report, but the message tends to be distorted as a result. So briefings or (ideally) constant customer interaction with the intelligence team during the target-centric process helps to get the message through.”

What are the real questions? Obtain as much background knowledge as possible about the problem behind the questions the customer asks, and understand how the answers will affect organizational decisions. The purpose of this step is to narrow the problem definition. A vaguely worded request for information is usually misleading, and the result will almost never be what the requester wanted.”

Be particularly wary of a request that has come through several “nodes” in the organization. The layers of an organization, especially those of an intelligence bureaucracy, will sometimes “load” a request as it passes through with additional guidance that may have no relevance to the original customer’s interests. A question that travels through several such layers often becomes cumbersome by the time it reaches the analyst.

“The request should be specific and stripped of unwanted excess. ”

“The time spent focusing the request saves time later during collection and analysis. It also makes clear what questions the customer does not want answered—and that should set off alarm bells, as the next example illustrates.”

“After answering these five questions, the analyst will have some form of problem statement. On large (multiweek) intelligence projects, this statement will itself be a formal product. The issue definition product helps explain the real questions and related issues. Once it is done, the analyst will be able to focus more easily on answering the questions that the customer wants answered.”

The Issue Definition Product

“When the final intelligence product is to be a written report, the issue definition product is usually in précis (summary, abstract, or terms of reference) form. The précis should include the problem definition or question, notional results or conclusions, and assumptions. For large projects, many intelligence organizations require the creation of a concept paper or outline that provides the stakeholders with agreed terms of reference in précis form.”

“Whether the précis approach or the notional briefing is used, the issue definition should conclude with an issue decomposition view.”

Issue Decomposition

“taking a seemingly intractable problem and breaking it into a series of manageable subproblems.”

“Glenn Kent of RAND Corporation uses the name strategies-to-task for a similar breakout of U.S. Defense Department problems.12 Within the U.S. intelligence community, it is sometimes referred to as problem decomposition or “decomposition and visualization.”

“Whatever the name, the process is simple: Deconstruct the highest level abstraction of the issue into its lower-level constituent functions until you arrive at the lowest level of tasks that are to be performed or subissues to be dealt with. In intelligence, the deconstruction typically details issues to be addressed or questions to be answered. Start from the problem definition statement and provide more specific details about the problem.”

“Start from the problem definition statement and provide more specific details about the problem. The process defines intelligence needs from the top level to the specific task level via taxonomy—a classification system in which objects are arranged into natural or related groups based on some factor common to each object in the group. ”

“At the top level, the taxonomy reflects the policymaker’s or decision maker’s view and reflects the priorities of that customer. At the task level, the taxonomy reflects the view of the collection and analysis team. These subtasks are sometimes called key intelligence questions (KIQs) or essential elements of information (EEIs).”

“Issue decomposition follows the classic method for problem solving. It results in a requirements, or needs, hierarchy that is widely used in intelligence organizations. ”

it is difficult to evaluate how well an intelligence organization is answering the question, “What is the political situation in Region X?” It is much easier to evaluate the intelligence unit’s performance in researching the transparency, honesty, and legitimacy of elections, because these are very specific issues.

“Obviously there can be several different issues associated with a given intelligence target or several different targets associated with a given issue.”

Complex Issue Decomposition

We have learned that the most important step in the intelligence process is to understand the issue accurately and in detail. Equally true, however, is that intelligence problems today are increasingly complex—often described as nonlinear, or “wicked.” They are dynamic and evolving, and thus their solutions are, too. This makes them difficult to deal with—and almost impossible to address within the traditional intelligence cycle framework. A typical example of a wicked issue is that of a drug cartel—the cartel itself is dynamic and evolving and so are the questions being posed by intelligence consumers who have an interest in it.”

“A typical real-world customer’s issue today presents an intelligence officer with the following challenges:

It represents an evolving set of interlocking issues and constraints.

“There are many stakeholders—people who care about or have something at stake in how the issue is resolved.”

“There are many stakeholders—people who care about or have something at stake in how the issue is resolved. (Again, this makes the problem-solving process a fundamentally social one, in contrast to the antisocial traditional intelligence cycle.) ”

The constraints on the solution, such as limited resources and political ramifications, change over time. The target is constantly changing, as the Escobar example illustrates, and the customers (stakeholders) change their minds, fail to communicate, or otherwise change the rules of the game.”

Because there is no final issue definition, there is no definitive solution. The intelligence process often ends when time runs out, and the customer must act on the most currently available information.”

“Harvard professor David S. Landes summarized these challenges nicely when he wrote, “The determinants of complex processes are invariably plural and interrelated.”15 Because of this—because complex or wicked problems are an evolving set of interlocking issues and constraints, and because the introduction of new constraints cannot be prevented—the decomposition of a complex problem must be dynamic; it will change with time and circumstances. ”

“As intelligence customers learn more about the targets, their needs and interests will shift.

Ideally, a complex issue decomposition should be created as a network because of the interrelationship among the elements.

Although the hierarchical decomposition approach may be less than ideal for complex problems, it works well enough if it is constantly reviewed and revised during the analysis process. It allows analysts to define the issue in sufficient detail and with sufficient accuracy so that the rest of the process remains relevant. There may be redundancy in a linear hierarchy, but the human mind can usually recognize and deal with the redundancy. To keep the decomposition manageable, analysts should continue to use the hierarchy, recognizing the need for frequent revisions, until information technology comes up with a better way.

Structured Analytic Methodologies for Issue Definition

Throughout the book we discuss a class of analytic methodologies that are collectively referred to as structured analytic methodologies or SATs. ”

“a relevancy check needs to be done. To be “key,” an assumption must be essential to the analytic reasoning that follows it. That is, if the assumption turns out to be invalid, then the conclusions also probably are invalid. CIA’s Tradecraft Primer identifies several questions that need to be asked about key assumptions:

How much confidence exists that this assumption is correct?

What explains the degree of confidence in the assumption?

What circumstances or information might undermine this assumption?

Is a key assumption more likely a key uncertainty or key factor?

Could the assumption have been true in the past but less so now?

If the assumption proves to be wrong, would it significantly alter the analytic line? How?

Has this process identified new factors that need further analysis?”

Example: Defining the Counterintelligence Issue

Counterintelligence (CI) in government usually is thought of as having two subordinate problems: security (protecting sources and methods) and catching spies (counterespionage).

If the issue is defined this way—security and counterespionage—the response in both policy and operations is defensive. Personnel background security investigations are conducted. Annual financial statements are required of all employees. Profiling is used to detect unusual patterns of computer use that might indicate computer espionage. Cipher-protected doors, badges, personal identification numbers, and passwords are used to ensure that only authorized persons have access to sensitive intelligence. The focus of communications security is on denial, typically by encryption. Leaks of intelligence are investigated to identify their source.

But whereas the focus on security and counterespionage is basically defensive, the first rule of strategic conflict is that the offense always wins. So, for intelligence purposes, you’re starting out on the wrong path if the issue decomposition starts with managing security and catching spies.

A better issue definition approach starts by considering the real target of counterintelligence: the opponent’s intelligence organization. Good counterintelligence requires good analysis of the hostile intelligence services. As we will see in several examples later in this book, if you can model an opponent’s intelligence system, you can defeat it. So we start with the target as the core of the problem and begin an issue decomposition.

If the counterintelligence issue is defined in this fashion, then the counterintelligence response will be forward-leaning and will focus on managing foreign intelligence perceptions through a combination of covert action, denial, and deception. The best way to win the CI conflict is to go on the offensive (model the target, anticipate the opponent’s actions, and defeat him or her). Instead of denying information to the opposing side’s intelligence machine, for example, you feed it false information that eventually degrades the leadership’s confidence in its intelligence services.

To do this, one needs a model of the opponent’s intelligence system that can be subjected to target-centric analysis, including its communications channels and nodes, its requirements and targets, and its preferred sources of intelligence.

Summary

Before beginning intelligence analysis, the analyst must understand the customer’s issue. This usually involves close interaction with the customer until the important issues are identified. The problem then has to be deconstructed in an issue decomposition process so that collection, synthesis, and analysis can be effective.”

All significant intelligence issues, however, are complex and nonlinear. The complex problem is a dynamic set of interlocking issues and constraints with many stakeholders and no definitive solution. Although the linear issue decomposition process is not an optimal way to approach such problems, it can work if it is reviewed and updated frequently during the analysis process.

“Issue definition is the first step in a process known as structured argumentation. As an analyst works through this process, he or she collects and evaluates relevant information, fitting it into a target model (which may or may not look like the issue decomposition); this part of the process is discussed in chapters 5–7. The analyst identifies information gaps in the target model and plans strategies to fill them. The analysis of the target model then provides answers to the questions posed in the issue definition process. The next chapter discusses the concept of a model and how it is analyzed.”

Chapter 5

Conceptual Frameworks for Intelligence Analysis

“If we are to think seriously about the world, and act effectively in it, some sort of simplified map of reality . . . is necessary.”

Samuel P. Huntington, The Clash of Civilizations and the Remaking of World Order

“Balance of power,” for example, was an important conceptual framework used by policymakers during the Cold War. A different conceptual framework has been proposed for assessing the influence that one country can exercise over another.”

Analytic Perspectives—PMESII

In chapter 2, we discussed the instruments of national power—an actions view that defines the diplomatic, information, military, and economic (DIME) actions that executives, policymakers, and military or law enforcement officers can take to deal with a situation.

The customer of intelligence may have those four “levers” that can be pulled, but intelligence must be concerned with the effects of pulling those levers. Viewed from an effects perspective, there are usually six factors to consider: political, military, economic, social, infrastructure, and information, abbreviated PMESII.

Political. Describes the distribution of responsibility and power at all levels of governance—formally constituted authorities, as well as informal or covert political powers. (Who are the tribal leaders in the village? Which political leaders have popular support? Who exercises decision-making or veto power in a government, insurgent group, commercial entity, or criminal enterprise?)

Military. Explores the military and/or paramilitary capabilities or other ability to exercise force of all relevant actors (enemy, friendly, and neutral) in a given region or for a given issue. (What is the force structure of the opponent? What weaponry does the insurgent group possess? What is the accuracy of the rockets that Hamas intends to use against Israel? What enforcement mechanisms are drug cartels using to protect their territories?)

Economic. Encompasses individual and group behaviors related to producing, distributing, and consuming resources. (What is the unemployment rate? Which banks are supporting funds laundering? What are Egypt’s financial reserves? What are the profit margins in the heroin trade?)

Social. Describes the cultural, religious, and ethnic makeup within an area and the beliefs, values, customs, and behaviors of society members. (What is the ethnic composition of Nigeria? What religious factions exist there? What key issues unite or divide the population?)

Infrastructure. Details the composition of the basic facilities, services, and installations needed for the functioning of a community, business enterprise, or society in an area. (What are the key modes of transportation? Where are the electric power substations? Which roads are critical for food supplies?)

Information. Explains the nature, scope, characteristics, and effects of individuals, organizations, and systems that collect, process, disseminate, or act on information. (How much access does the local population have to news media or the Internet? What are the cyber attack and defense capabilities of the Saudi government? How effective would attack ads be in Japanese elections?)

The typical intelligence problem seldom must deal with only one of these factors or systems. Complex issues are likely to involve them all. The events of the Arab Spring in 2011, the Syrian uprising that began that year, and the Ukrainian crisis of 2014 involved all of the PMESII factors. But PMESII is also relevant in issues that are not necessarily international. Law enforcement must deal with them all (in this case, “military” refers to the use of violence or armed force by criminal elements).

Modeling the Intelligence Target

Models are used so extensively in intelligence that analysts seldom give them much thought, even as they use them.

The model paradigm is a powerful tool in many disciplines.

“Former national intelligence officer Paul Pillar described them as “guiding images” that policymakers rely on in making decisions. We’ve discussed one guiding image—that of the PMESII concept. The second guiding image—that of a map, theory, concept, or paradigm—in this book is merged into a single entity called a model.Or, as the CIA’s Tradecraft Primer puts it succinctly:

“all individuals assimilate and evaluate information through the medium of “mental models…”

Modeling is usually thought of as being quantitative and using computers. However, all models start in the human mind. Modeling does not always require a computer, and many useful models exist only on paper. Models are used widely in fields such as operations research and systems analysis. With modeling, one can analyze, design, and operate complex systems. One can use simulation models to evaluate real-world processes that are too complex to analyze with spreadsheets or flowcharts (which are themselves models, of course) to test hypotheses at a fraction of the cost of undertaking the actual activities. Models are an efficient communication tool for showing how the target functions and stimulating creative thinking about how to deal with an opponent.

Models are essential when dealing with complex targets (Analysis Principle 5-1). Without a device to capture the full range of thinking and creativity that occurs in the target-centric approach to intelligence, an analyst would have to keep in mind far too many details. Furthermore, in the target-centric approach, the customer of intelligence is part of the collaborative process. Presented with a model as an organizing construct for thinking about the target, customers can contribute pieces to the model from their own knowledge—pieces that the analyst might be unaware of. The primary suppliers of information (the collectors) can do likewise.

The Concept of a Model

A model, as used in intelligence, is an organizing constraint. It is a combination of facts, hypotheses, and assumptions about a target, developed in a form that is useful for analyzing the target and for customer decision making (producing actionable intelligence). The type of model used in intelligence typically comprises facts, hypotheses, and assumptions, so it’s important to distinguish them here:

Fact. Something that is indisputably the case.

Hypothesis. A proposition that is set forth to explain developments or observed phenomena. It can be posed as conjecture to guide research (a working hypothesis) or accepted as a highly probable conclusion from established facts.

Assumption. A thing that is accepted as true or as certain to happen, without proof.

These are the things that go into a model. But, it is important to distinguish them when you present the model. Customers should never wonder whether they are hearing facts, hypotheses, or assumptions.

A model is a replica or representation of an idea, an object, or an actual system. It often describes how a system behaves. Instead of interacting with the real system, an analyst can create a model that corresponds to the actual one in certain ways.

Physical models are a tangible representation of something. A map, a globe, a calendar, and a clock are all physical models. The first two represent the Earth or parts of it, and the latter two represent time. Physical models are always descriptive.

Conceptual models—inventions of the mind—are essential to the analytic process. They allow the analyst to describe things or situations in abstract terms both for estimating current situations and for predicting future ones.”

A normative model may contain some descriptive segments, but its purpose is to describe a best, or preferable, course of action.

A decision-support model—that is, a model used to choose among competing alternatives—is normative.

A conceptual model may be either descriptive, describing what it represents, or normative. A normative model may contain some descriptive segments, but its purpose is to describe a best, or preferable, course of action. A decision-support model—that is, a model used to choose among competing alternatives—is normative.

In intelligence analysis, the models of most interest are conceptual and descriptive rather than normative. Some common traits of these conceptual models follow.

Descriptive models can be deterministic or stochastic.

In a deterministic model the relationships are known and specified explicitly. A model that has any uncertainty incorporated into it is a stochastic model (meaning that probabilities are involved), even though it may have deterministic properties.

Descriptive models can be linear or nonlinear.

Linear models use only linear equations (for example, x = Ay + B) to describe relationships.

Nonlinear models use any type of mathematical function. Because nonlinear models are more difficult to work with and are not always capable of being analyzed, the usual practice is to make some compromises so that a linear model can be used.

Descriptive models can be static or dynamic.

A static model assumes that a specific time period is being analyzed and the state of nature is fixed for that time period. Static models ignore time-based variances. For example, one cannot use them to determine the impact of an event’s timing in relation to other events. Returning to the example of a combat model, a snapshot of the combat that shows where opposing forces are located and their directions of movement at that instant is static. Static models do not take into account the synergy of the components of a system, where the actions of separate elements can have a different effect on the system than the sum of their individual effects would indicate. Spreadsheets and most relationship models are static.

Dynamic modeling (also known as simulation) is a software representation of the time-based behavior of a system. Where a static model involves a single computation of an equation, a dynamic model is iterative; it constantly recomputes its equations as time changes.

Descriptive models can be solvable or simulated.

A solvable model is one in which there is an analytic way of finding the answer. The performance model of a radar, a missile, or a warhead is a solvable problem. But other problems require such a complicated set of equations to describe them that there is no way to solve them. Worse still, complex problems typically cannot be described in a manageable set of equations. In complex cases—such as the performance of an economy or a person—one can turn to simulation.

Using Target Models for Analysis

Operations

Intelligence services prefer specific sources of intelligence, shaped in part by what has worked for them in the past; by their strategic targets; and by the size of their pocketbooks. The poorer intelligence services rely heavily on open source (including the web) and HUMINT, because both are relatively inexpensive. COMINT also can be cheap, unless it is collected by satellites. The wealthier services also make use of satellite-collected imagery intelligence (IMINT) and COMINT, and other types of technical collection.

“China relies heavily on HUMINT, working through commercial organizations, particularly trading firms, students, and university professors far more than most other major intelligence powers do.

In addition to being acquainted with opponents’ collection habits, CI also needs to understand a foreign intelligence service’s analytic capabilities. Many services have analytic biases, are ethnocentric, or handle anomalies poorly. It is important to understand their intelligence communications channels and how well they share intelligence within the government. In many countries, the senior policymaker or military commander is the analyst. That provides a prime opportunity for “perception management,” especially if a narcissistic leader like Hitler, Stalin, or Saddam Hussein is in charge and doing his own analysis. Leaders and policymakers find it difficult to be objective; they are people of action, and they always have an agenda. They have lots of biases and are prone to wishful thinking.

Linkages

Almost all intelligence services have liaison relationships with foreign intelligence or security services. It is important to model these relationships because they can dramatically extend the capabilities of an intelligence service.

Summary

Two conceptual frameworks are invaluable for doing intelligence analysis. One deals with the instruments of national or organizational power and the effects of their use. The second involves the use of target models to produce analysis.

The intelligence customer has four instruments of national or organizational power, as discussed in chapter 2. Intelligence is concerned with how opponents will use those instruments and the effects that result when customers use them. Viewed from both the opponent’s actions and the effects perspectives, there are usually six factors to consider: political, military, economic, social, infrastructure, and information, abbreviated PMESII:

Political. The distribution of power and control at all levels of governance.

Military. The ability of all relevant actors (enemy, friendly, and neutral) to exercise force.

Economic. Behavior relating to producing, distributing, and consuming resources.

Social. The cultural, religious, and ethnic composition of a region and the beliefs, values, customs, and behaviors of people.

Infrastructure. The basic facilities, services, and installations needed for the functioning of a community or society.

Information. The nature, scope, characteristics, and effects of individuals, organizations, and systems that collect, process, disseminate, or act on information.”

Models in intelligence are typically conceptual and descriptive. The easiest ones to work with are deterministic, linear, static, solvable, or some combination. Unfortunately, in the intelligence business the target models tend to be stochastic, nonlinear, dynamic, and simulated.

From an existing knowledge base, a model of the target is developed. Next, the model is analyzed to extract information for customers or for additional collection. The “model” of complex targets will typically be a collection of associated models that can serve the purposes of intelligence customers and collectors.

Chapter 6

Overview of Models in Intelligence

One picture is worth more than ten thousand words.

Chinese proverb

“The process of populating the appropriate model is known as synthesis, a term borrowed from the engineering disciplines. Synthesis is defined as putting together parts or elements to form a whole—in this case, a model of the target. It is what intelligence analysts do, and their skill at it is a primary measure of their professional competence. ” .

Creating a Conceptual Model

The first step in creating a model is to define the system that encompasses the intelligence issues of interest, so that the resulting model answers any problem that has been defined by using the issue definition process.

few questions in strategic intelligence or in-depth research can be answered by using a narrowly defined target.

For the complex targets that are typical of in-depth research, an analyst usually will deal with a complete system, such as an air defense system that will use the new fighter aircraft

In law enforcement, analysis of an organized crime syndicate involves consideration of people, funds, communications, operational practices, movement of goods, political relationships, and victims. Many intelligence problems will require consideration of related systems as well. The energy production system, for example, will give rise to intelligence questions about related companies, governments, suppliers and customers, and nongovernmental organizations (such as environmental advocacy groups). The questions that customers pose should be answerable by reference only to the target model, without the need to reach beyond it.

A major challenge in defining the relevant system is to use restraint. The definition must include essential subsystems or collateral systems, but nothing more. Part of an analyst’s skill lies in being able to include in a definition the relevant components, and only the relevant components, that will address the issue.

The systems model can therefore be structural, functional, process oriented, or any combination thereof. Structural models include actors, objects, and the organization of their relationships to each other. Process models focus on interactions and their dynamics. Functional models concentrate on the results achieved, for example, a model that simulates the financial consequences of a proposed trade agreement.

After an analyst has defined the relevant system, the next step is to select the generic models, or model templates, to be used. These model templates then will be made specific, or “populated,” using evidence (discussed in chapter 7). Several types of generic models are used in intelligence. The three most basic types are textual, mathematical, and visual.

Textual Models

Almost any model can be described using written text. The CIA’s World Factbook is an example of a set of textual models—actually a series of models (political, military, economic, social, infrastructure, and information)—of a country. Some common examples of textual models that are used in intelligence analysis are lists, comparative models, profiles, and matrix models.

Lists

Lists and outlines are the simplest examples of a model.

The list continues to be used by analysts today for much the same purpose—to reach a yes-or-no decision.

Comparative Models

Comparative techniques, like lists, are a simple but useful form of modeling that typically does not require a computer simulation. Comparative techniques are used in government, mostly for weapons systems and technology analyses. Both governments and businesses use comparative models to evaluate a competitor’s operational practices, products, and technologies. This is called benchmarking.

A powerful tool for analyzing a competitor’s developments is to compare them with your own organization’s developments. Your own systems or technologies can provide a benchmark for comparison.

Comparative models have to be culture specific to help avoid mirror imaging.

A keiretsu is a network of businesses, usually in related industries, that own stakes in one another and have board members in common as a means of mutual security. A network of essentially captive (because they are dependent on the keiretsu) suppliers provides the raw material for the keiretsu manufacturers, and the keiretsu trading companies and banks provide marketing services. Keiretsu have their roots in prewar Japan.

Profiles

Profiles are models of individuals—in national intelligence, of leaders of foreign governments; in business intelligence, of top executives in a competing organization; in law enforcement, of mob leaders and serial criminals.

Profiles depend heavily on understanding the pattern of mental and behavioral traits that are shared by adult members of a society—referred to as the society’s modal personality. Several modal personality types may exist in a society, and their common elements are often referred to as national character.

Defining the modal personality type is beyond the capabilities of the journeyman intelligence analyst, and one must turn to experts.

The modal personality model usually includes at least the following elements:

Concept of self—the conscious ideas of what a person thinks he or she is, along with the frequently unconscious motives and defenses against ego-threatening experiences such as withdrawal of love, public shaming, guilt, or isolation.

Relation to authority—how an individual adapts to authority figures

Modes of impulse control and expressing emotion

Processes of forming and manipulating ideas”

Three model types are often used for studying modal personalities and creating behavioral profiles:

Cultural pattern models are relatively straightforward to analyze and are useful in assessing group behavior.

Child-rearing systems can be studied to allow the projection of adult personality patterns and behavior. They may allow more accurate assessments of an individual than a simple study of cultural patterns, but they cannot account for the wide range of possible pattern variations occurring after childhood.

Individual assessments are probably the most accurate starting points for creating a behavioral model, but they depend on detailed data about the specific individual. Such data are usually gathered from testing techniques; the Rorschach (or “Inkblot”) test—a projective personality assessment based on the subject’s reactions to a series of ten inkblot pictures—is an example.

Interaction Matrices

A textual variant of the spreadsheet (discussed later) is the interaction matrix, a valuable analytic tool for certain types of synthesis. It appears in various disciplines and under different names and is also called a parametric matrix or a traceability matrix.

Mathematical Models

The most common modeling problem involves solving an equation. Most problems in engineering or technical intelligence are single equations of the form.

Most analysis involves fixing all of the variables and constants in such an equation or system of equations, except for two variables. The equation is then solved repetitively to obtain a graphical picture of one variable as a function of another. A number of software packages perform this type of solution very efficiently. For example, as a part of radar performance analysis, the radar range equation is solved for signal-to-noise ratio as a function of range, and a two-dimensional curve is plotted. Then, perhaps, signal-to-noise ratio is fixed and a new curve plotted for radar cross-section as a function of range.

Often the requirement is to solve an equation, get a set of ordered pairs, and plug those into another equation to get a graphical picture rather than solving simultaneous equations.

Spreadsheets

The computer is a powerful tool for handling the equation-solution type of problem. Spreadsheet software has made it easy to create equation-based models. The rich set of mathematical functions that can be incorporated in it, and its flexibility, make the spreadsheet a widely used model in intelligence.

Simulation Models

A simulation model is a mathematical model of a real object, a system, or an actual situation. It is useful for estimating the performance of its real-world analogue under different conditions. We often wish to determine how something will behave without actually testing it in real life. So simulation models are useful for helping decision makers choose among alternative actions by determining the likely outcomes of those actions.

In intelligence, simulation models also are used to assess the performance of opposing weapons systems, the consequences of trade embargoes, and the success of insurgencies.

Simulation models can be challenging to build. The main challenge usually is validation: determining that the model accurately represents what it is supposed to represent, under different input conditions.

Visual Models

Models can be described in written text, as noted earlier. But the models that have the most impact for both analysts and customers in facilitating understanding take a visual form.

Visualization involves transforming raw intelligence into graphical, pictorial, or multimedia forms so that our brains can process and understand large amounts of data more readily than is possible from simply reading text. Visualization lets us deal with massive quantities of data and identify meaningful patterns and structures that otherwise would be incomprehensible.

Charts and Graphs

Graphical displays, often in the form of curves, are a simple type of model that can be synthesized both for analysis and for presenting the results of analysis.

Pattern Models

Many types of models fall under the broad category of pattern models. Pattern recognition is a critical element of all intelligence

Most governmental and industrial organizations (and intelligence services) also prefer to stick with techniques that have been successful in the past. An important aspect of intelligence synthesis, therefore, is recognizing patterns of activities and then determining in the analysis phase whether (a) the patterns represent a departure from what is known or expected and (b) the changes in patterns are significant enough to merit attention. The computer is a valuable ally here; it can display trends and allow the analyst to identify them. This capability is particularly useful when trends would be difficult or impossible to find by sorting through and mentally processing a large volume of data. Pattern analysis is one way to effectively handle complex issues.

One type of pattern model used by intelligence analysts relies on statistics. In fact, a great deal of pattern modeling is statistical. Intelligence deals with a wide variety of statistical modeling techniques. Some of the most useful techniques are easy to learn and require no previous statistical training.

Histograms, which are bar charts that show a frequency distribution, are one example of a simple statistical pattern.

Advanced Target Models

The example models introduced so far are frequently used in intelligence. They’re fairly straightforward and relatively easy to create. Intelligence also makes use of four model types that are more difficult to create and to analyze, but that give more in-depth analysis. We’ll briefly introduce them here.

Systems Models

Systems models are well known in intelligence for their use in assessing the performance of weapons systems.

Systems models have been created for all of the following examples:

A republic, a dictatorship, or an oligarchy can be modeled as a political system.

Air defense systems, carrier strike groups, special operations teams, and ballistic missile systems all are modeled as military systems.

Economic systems models describe the functioning of capitalist or socialist economies, international trade, and informal economies.

Social systems include welfare or antipoverty programs, health care systems, religious networks, urban gangs, and tribal groups.

Infrastructure systems could include electrical power, automobile manufacturing, railroads, and seaports.

A news gathering, production, and distribution system is an example of an information system.

Creating a systems model requires an understanding of the system, developed by examining the linkages and interactions between the elements that compose the system as a whole.

A system has structure. It is comprised of parts that are related (directly or indirectly). It has a defined boundary physically, temporally, and spatially, though it can overlap with or be a part of a larger system.

A system has a function. It receives inputs from, and sends outputs into, an outside environment. It is autonomous in fulfilling its function. A main battle tank standing alone is not a system. A tank with a crew, fuel, ammunition, and a communications subsystem is a system.

A system has a process that performs its function by transforming inputs into outputs.

Relationship Models

Relationships among entities—people, places, things, and events—are perhaps the most common subject of intelligence modeling. There are four levels of such relationship models, each using increasingly sophisticated analytic approaches: hierarchy, matrix, link, and network models. The four are closely related, representing the same fundamental idea at increasing levels of complexity.

Relationship models require a considerable amount of time to create, and maintaining the model (known to those who do it as “feeding the beast”) demands much effort. But such models are highly effective in analyzing complex problems, and the associated graphical displays are powerful in persuading customers to accept the results.

Hierarchy Models

The hierarchy model is a simple tree structure. Organizational modeling naturally lends itself to the creation of a hierarchy, as anyone who ever drew an organizational chart is aware. A natural extension of such a hierarchy is to use a weighting scheme to indicate the importance of individuals or suborganizations in it.

Matrix Models

The interaction matrix was introduced earlier. The relationship matrix model is different. It portrays the existence of an association, known or suspected, between individuals. It usually portrays direct connections such as face-to-face meetings and telephone conversations. Analysts can use association matrices to identify those personalities and associations needing a more in-depth analysis to determine the degree of relationships, contacts, or knowledge between individuals.

Link Models

A link model allows the view of relationships in more complex tree structures. Though it physically resembles a hierarchy model (both are trees), a link model differs in that it shows different kinds of relationships but does not indicate subordination.

Network Models

A network model can be thought of as a flexible interrelationship of multiple tree structures at multiple levels. The key limitation of the matrix model discussed earlier is that although it can deal with the interaction of two hierarchies at a given level, because it is a two-dimensional representation, it cannot deal with interactions at multiple levels or with more than two hierarchies. Network synthesis is an extension of the link or matrix synthesis concept that can handle such complex problems. There are several types of network models. Two are widely used in intelligence:

Social network models show patterns of human relationships. The nodes are people, and the links show that some type of relationship exists.

Target network models are most useful in intelligence. The nodes can be any type of entity—people, places, things, concepts—and the links show that some type of relationship exists between entities.

Spatial and Temporal Models

Another way to examine data and to search for patterns is to use spatial modeling—depicting locations of objects in space. Spatial modeling can be used effectively on a small scale. For example, within a building, computer-aided design/computer-aided modeling, known as CAD/CAM, can be a powerful tool for intelligence synthesis. Layouts of buildings and floor plans are valuable in physical security analysis and in assessing production capacity.

Spatial modeling on larger scales is usually called geospatial modeling.

Patterns of activity over time are important for showing trends. Pattern changes are often used to compare how things are going now with how they went last year (or last decade). Estimative analysis often relies on chronological models.

Scenarios

Arguably the most important model for estimative intelligence purposes is the scenario, a very sophisticated model.

Alternative scenarios are used to model future situations. These scenarios increasingly are produced as virtual reality models because they are powerful ways to convey intelligence and are very persuasive.

Target Model Combinations

Almost all target models are actually combinations of many models. In fact, most of the models described in the previous sections can be merged into combination mod- els. One simple example is a relationship-time display.

This is a dynamic model where link or network nodes and links (relationships) change, appear, and disappear over time.

We also typically want to have several distinct but interrelated models of the target in order to be able to answer different customer questions.

Submodels

One type of component model is a submodel, a more detailed breakout of the top-level model. It is typical, for complex targets, to have many such submodels of a target that provide different levels of detail.

Participants in the target-centric process then can reach into the model set to pull out the information they need. The collectors of information can drill down into more detail to refine collection targeting and to fill specific gaps.

The intelligence customer can drill down to answer questions, gain confidence in the analyst’s picture of the target, and understand the limits of the analyst’s work. The target model is a powerful collaborative tool.

Collateral Models

In contrast to the submodel, a collateral model may show particular aspects of the overall target model, but it is not simply a detailed breakout of a top-level model. A collateral model typically presents a different way of thinking about the target for a specific intelligence purpose.

The collateral models in Figures 6-7 to 6-9 are examples of the three general types—structural, functional, and process—used in systems analysis. Figures 6-7 and 6-8 are structural models. Figure 6-9 is both a process model and a functional mod- el. In analyzing complex intelligence targets, all three types are likely to be used.

These models, taken together, allow an analyst to answer a wide range of customer questions.

More complex intelligence targets can re- quire a combination of several model types. They may have system characteristics, take a network form, and have spatial and temporal characteristics.

Alternative and Competitive Target Models

Alternative and competitive models are somewhat different things, though they are frequently confused with each other.

Alternative Models

Alternative models are an essential part of the synthesis process. It is important to keep more than one possible target model in mind, especially as conflicting or contradict- ory intelligence information is collected.

“The disciplined use of alternative hypotheses could have helped counter the natural cognitive tendency to force new information into existing paradigms.” As law professor David Schum has noted, “the generation of new ideas in fact investigation usually rests upon arranging or juxtaposing our thoughts and evidence in different ways.” To do that we need multiple alternative models.

And, the more inclusive you can be when defining alternative models, the better…

In studies listing the analytic pitfalls that hampered past assessments, one of the most prevalent is failure to consider alternative scenarios, hypotheses, or models.

Analysts have to guard against allowing three things to interfere with their need to develop alternative models:

Ego. Former director of national intelligence Mike McConnell once observed that analysts inherently dislike alternative, dissenting, or competitive views. But, the opposite becomes true of analysts who operate within the target-centric approach—the focus is not on each other anymore, but instead on contributing to a shared target model.
Time. Analysts are usually facing tight deadlines. They must resist the temptation to go with the model that best fits the evidence without considering alternatives. Otherwise, the result is premature closure that can cost dearly in the end result.
The customer. Customers can view a change in judgment as evidence that the original judgment was wrong, not that new evidence forced the change. Furthermore, when presented with two or more target models, customers will tend to pick the one that they like best, which may or may not be the most likely model. Analysts know this.

It is the analyst’s responsibility to establish a tone of setting egos aside and of conveying to all participants in the process, including the customer, that time spent up front developing alternative models is time saved at the end if it keeps them from committing to the wrong model in haste.

Competitive Models

It is well established in intelligence that, if you can afford the resources, you should have independent groups providing competing analyses. This is because we’re dealing with uncertainty. Different analysts, given the same set of facts, are likely to come to different conclusions.

It is important to be inclusive when defining alternative or competitive models.

Summary

Creating a target model starts with defining the relevant system. The system model can be a structural, functional, or process model, or any combination. The next step is to select the generic models or model templates.

Lists and curves are the simplest form of model. In intelligence, comparative models or benchmarks are often used; almost any type of model can be made comparative, typically by creating models of one’s own system side by side with the target system model.

Pattern models are widely used in the intelligence business. Chronological models allow intelligence customers to examine the timing of related events and plan a way to change the course of these events. Geospatial models are popular in military intelligence for weapons targeting and to assess the location and movement of opposing forces.

Relationship models are used to analyze the relationships among elements of the tar- get—organizations, people, places, and physical objects—over time. Four general types of relationship models are commonly used: hierarchy, matrix, link, and network models. The most powerful of these, network models, are increasingly used to describe complex intelligence targets.

Competitive and alternative target models are an essential part of the process. Properly used, they help the analyst deal with denial and deception and avoid being trapped by analytic biases. But they take time to create, analysts find it difficult to change or chal- lenge existing judgments, and alternative models give policymakers the option to se- lect the conclusion they prefer—which may or may not be the best choice.

Chapter 7

Creating the Model

Believe nothing you hear, and only one half that you see. – Edgar Allen Poe

This chapter describes the steps that analysts go through in populating the target model. Here, we focus on the synthesis part of the target-centric approach, often called collation in the intelligence business.

We discuss the importance of existing pieces of intelligence, both finished and raw, and how best to think about sources of new raw data.

We talk about how credentials of evidence must be established, introduce widely used in- formal methods of combining evidence, and touch on structured argumentation as a formal methodology for combining evidence.

Analysts generally go through the actions described here in service to collation. They may not think about them as separate steps and in any event aren’t likely to do them in the order presented. They nevertheless almost always do the following:

Review existing finished intelligence about the target and examine existing raw intelligence
Acquire new raw intelligence
Evaluate the new raw intelligence
Combine the intelligence from all sources into the target model

Existing Intelligence

Existing finished intelligence reports typic- ally define the current target model. So information gathering to create or revise a model begins with the existing knowledge base. Before starting an intelligence collection effort, analysts should ensure that they are aware of what has already been found on a subject.

Finished studies or reports on file at an analyst’s organization are the best place to start any research effort. There are few truly new issues.

The databases of intelligence organizations include finished intelligence reports as well as many specialized data files on specific topics. Large commercial firms typically have comparable facilities in-house, or they depend on commercially available databases.

a literature search should be the first step an analyst takes on a new project. The purpose is to both define the current state of knowledge—that is, to understand the existing model(s) of the intelligence target—and to identify the major controversies and disagreements surrounding the target model.

The existing intelligence should not be accepted automatically as fact. Few experienced analysts would blithely accept the results of earlier studies on a topic, though they would know exactly what the studies found. The danger is that, in conducting the search, an analyst naturally tends to adopt a preexisting target model.

In this case, premature closure, or a bias toward the status quo, leads the analyst to keep the existing model even when evidence indicates that a different model is more appropriate.

To counter this tendency, it’s important to do a key assumptions check on the existing model(s).

Do the existing analytic conclusions appear to be valid?

What are the premises on which these conclusions rest, and do they appear to be valid as well?

Has the underlying situation changed so that the premises may no longer apply?

Once the finished reports are in hand, the analyst should review all of the relevant raw intelligence data that already exist. Few things can ruin an analyst’s career faster than sending collectors after information that is already in the organization’s files.

Sources of New Raw Intelligence

Raw intelligence comes from a number of sources, but they typically are categorized as part of the five major “INTs” shown in this section.

The definitions of each INT follow:

Open source (OSINT). Information of potential intelligence value that is available to the general public
Human intelligence (HUMINT). Intelligence derived from information collected and provided by human sources
Measurements and signatures intelligence (MASINT). Scientific and technical intelligence obtained by quantitative and qualitative analysis of data (metric, angle, spatial, wavelength, time dependence, modulation, plasma, and hydromagnetic) derived from specific technical sensors
Signals intelligence (SIGINT). Intelligence comprising either individually or in combination all communications intelligence, electronics intelligence, and foreign instrumentation signals intelligence
Imagery intelligence (IMINT). Intelligence derived from the exploitation of collection by visual photography, infrared sensors, lasers, electro-optics, and radar sensors such as synthetic aperture radar wherein images of objects are reproduced optically or electronically on film, electronic dis- play devices, or other media

The taxonomy approach in this book is quite different. It strives for a breakout that focuses on the nature of the material collected and processed, rather than on the collection means.

Traditional COMINT, HUMINT, and open- source collection are concerned mainly with literal information, that is, information in a form that humans use for communication. The basic product and the general methods for collecting and analyzing literal information are usually well understood by intelligence analysts and the customers of intelligence. It requires no special exploitation after the processing step (which includes translation) to be understood. It literally speaks for itself.

Nonliteral information, in contrast, usually requires special processing and exploitation in order for analysts to make use of it.

The logic of this division has been noted by other writers in the intelligence business. British author Michael Herman observed that there are two basic types of collection: One produces evidence in the form of observations and measurements of things (nonlit- eral), and one produces access to human thought processes

The automation of data handling has been a major boon to intelligence analysts. Informa- tion collected from around the globe arrives at the analyst’s desk through the Internet or in electronic message form, ready for review and often presorted on the basis of keyword searches. A downside of this automation, however, is the tendency to treat all information in the same way. In some cases the analyst does not even know what collection source provided the information; after all, everything looks alike on the display screen. However, information must be treated depending on its source. And, no matter the source, all information must be evaluated before it is synthesized into the model—the subject to which we now turn.

Evaluating Evidence

The fundamental problem in weighing evidence is determining its credibility—its completeness and soundness.

checking the quality of information used in intelligence analysis is an ongoing, continuous process. Having multiple sources on an issue is not a substitute for having good information that has been thoroughly examined. Analysts should perform periodic checks of the information base for their analytic judgments.

Evaluating the Source

Is the source competent (knowledgeable about the information being given)?
Did the source have the access needed to get the information?
Does the source have a vested interest or bias?

Competence

The Anglo-American judicial system deals ef- fectively with competence: It allows people to describe what they observed with their senses because, absent disability, we are pre- sumed competent to sense things. The judi- cial system does not allow the average per- son to interpret what he or she sensed unless the person is qualified as an expert in such interpretation.

Access

The issue of source access typically does not arise because it is assumed that the source had access. When there is reason to be suspicious about the source, however, check whether the source might not have had the claimed access.

In the legal world, checks on source access come up regularly in witness cross-examinations. One of the most famous examples was the “Almanac Trial” of 1858, where Abraham Lincoln conducted the cross-examination. It was the dying wish of an old friend that

Lincoln represent his friend’s son, Duff Armstrong, who was on trial for murder. Lincoln gave his client a tough, artful, and ultimately successful defense; in the trial’s highlight, Lincoln consulted an almanac to discredit a prosecution witness who claimed that he saw the murder clearly because the moon was high in the sky. The almanac showed that the moon was lower on the horizon, and the wit- ness’s access—that is, his ability to see the murder—was called into question.

Vested Interest or Bias

In HUMINT, analysts occasionally encounter the “professional source” who sells information to as many bidders as possible and has an incentive to make the information as interesting as possible. Even the densest sources quickly realize that more interesting information gets them more money.

An intelligence organization faces a problem in using its own parent organization’s (or country’s) test and evaluation results: Many have been contaminated. Some of the test results are fabricated; some contain distortions or omit key points. An honestly conducted, objective test may be a rarity. Several reasons for this problem exist. Tests are sometimes conducted to prove or dis- prove a preconceived notion and thus unconsciously are slanted. Some results are fabricated because they would show the vulnerability or the ineffectiveness of a system and because procurement decisions often depend on the test outcomes.

Although the majority of contaminated cases probably are never discovered, history provides many examples of this issue.

In examining any test or evaluation results, begin by asking two questions:

Did the testing organization have a major stake in the outcome (such as the threat that a program would be canceled due to negative test results or the possibility that it would profit from positive results)?
Did the reported outcome support the organization’s position or interests?

If the answer to both questions is yes, be wary of accepting the validity of the test. In the pharmaceutical testing industry, for example, tests have been fraudulently conducted or the results skewed to support the regulatory approval of the pharmaceutical.

A very different type of bias can occur when collection is focused on a particular issue. This bias comes from the fact that, when you look for something in the intelligence business, you may find what you are looking for, whether or not it’s there. In looking at suspected Iraqi chemical facilities prior to 2003, analysts concluded from imagery reporting that the level of activity had increased at the facilities. But the appearance of an increase in activity may simply have been a result of an increase in imagery collection.

David Schum and Jon Morris have published a detailed treatise on human sources of intelligence analysis. They pose a set of twenty-five questions di- vided into four categories: source competence, veracity, objectivity, and observational sensitivity. Their questions cover in more explicit detail the three questions posed in thissection about competence, access, and vested interest.

Evaluating the Communications Channel

A second basic rule of weighing evidence is to look at the communications channel through which the evidence arrives.

The accuracy of a message through any communications system decreases with the length of the link or the number of intermediate nodes.

Large and complex systems tend to have more entropy. The result is often cited as “poor communication” problems in large organizations

In the business intelligence world, analysts recognize the importance of the communications channel by using the differentiating terms primary sources for firsthand information, acquired through discussions or other interaction directly with a human source, and secondary sources for information learned through an intermediary, a publication, or online. This division does not consider the many gradations of reliability, and national intelligence organizations commonly do not use the primary/secondary source division. Some national intelligence collection organizations use the term collateral to refer to intelligence gained from other collectors, but it does not have the same meaning as the terms primary and secondary as used in business intelligence.

It’s not un- heard of (though fortunately not common) for the raw intelligence to be misinterpreted or misanalyzed as it passes through the chain. Organizational or personal biases can shape the interpretation and analysis, especially of literal intelligence. It’s also possible for such biases to shape the analysis of non- literal intelligence, but that is a more difficult product for all-source analysts to challenge, as noted earlier.

Entropy has another effect in intelligence. An intelligence assertion that “X is a possibility” very often, over time and through diverse communications channels, can become “X may be true,” then “X probably is the case,” and eventually “X is a fact,” without a shred of new evidence to support the assertion. In intelligence, we refer to this as the “creeping validity” problem.

Evaluating the Credentials of Evidence

The major credentials of evidence, as noted earlier, are credibility, reliability, and inferential force. Credibility refers to the extent to which we can believe something. Reliability means consistency or replicability. Inferential force means that the evidence carries weight, or has value, in supporting a conclusion.

U.S. government intelligence organizations have established a set of definitions to distinguish levels of credibility of intelligence:

Fact. Verified information, something known to exist or to have happened.
Direct information. The content of reports, research, and reflection on an intelligence issue that helps to evaluate the likelihood that something is factual and thereby reduces uncertainty. This is information that can be considered factual because of the nature of the source (imagery, signal intercepts, and similar observations).
Indirect information. Information that may or may not be factual because of some doubt about the source’s reliability, the source’s lack of direct access, or the complex (non-concrete) character of the contents (hearsay from clandestine sources, foreign government reports, or local media accounts).

In weighing evidence, the usual approach is to ask three questions that are embedded in the oath that witnesses take before giving testimony in U.S. courts:

Is it true?
Is it the whole truth?
Is it nothing but the truth? (Is it relevant or significant?)

Is It True?

Is the evidence factual or opinion (someone else’s analysis)? If it is opinion, question its validity unless the source quotes evidence to support it.

How does it fit with other evidence? The relating of evidence—how it fits in—is best done in the synthesis phase. The data from different collection sources are most valuable when used together.

The synergistic effect of combining data from many sources both strengthens the conclusions and increases the analyst’s confidence in them.

HUMINT and OSINT are often melded together to give a more comprehensive picture of people, programs, products, facilities, and research specialties. This is excellent background information to interpret data derived from COMINT and IMINT.
Data on environmental conditions during weapons tests, acquired through specialized technical collection, can be used with ELINT and COMINT data obtained during the same test event to evaluate the cap- abilities of the opponent’s sensor systems.
Identification of research institutes and their key scientists and research- ers can be initially made through HUMINT, COMINT, or OSINT. Once the organization or individual has been identified by one intelligence collector, the other ones can often provide extensive additional information.
Successful analysis of COMINT data may require correlating raw COMINT data with external information such as ELINT and IMINT, or with knowledge of operational or technical practices.

Is It the Whole Truth?

When asking this question, it is time to do source analysis.

An incomplete picture can mislead as much as an outright lie.

Is It Nothing but the Truth?

It is worthwhile at this point to distinguish between data and evidence. Data become evidence only when the data are relevant to the problem or issue at hand. The simple test of relevance is whether it affects the likelihood of a hypothesis about the target.

Does it help answer a question that has been asked?

Or does it help answer a question that should be asked?

The preliminary or initial guidance from customers seldom tells what they really need to know—an important reason to keep them in the loop through the target-centric process.

Doctors encounter difficulties when they must deal with a patient who has two pathologies simultaneously. Some of the symptoms are relevant to one pathology, some to the other. If the doctor tries to fit all of the symptoms into one diagnosis, he or she is apt to make the wrong call. This is a severe enough problem for doctors, who must deal with relatively few symptoms. It is a much worse problem for intelligence analysts, who typically deal with a large volume of data, most of which is irrelevant.

Pitfalls in Evaluating Evidence

Vividness Weighting

In general, the channel for communication of intelligence should be as short as possible; but when could a short channel become a problem? If the channel is too short, the res- ult is vividness weighting—the phenomenon that evidence that is experienced directly is strongest (“seeing is believing”). Customers place the most weight on evidence that they collect themselves—a dangerous pitfall that senior executives fall into repeatedly and that makes them vulnerable to deception.

Michael Herman tells how Churchill, reading Field Marshal Erwin Rommel’s decrypted cables during World War II, concluded that the Germans were desperately short of supplies in North Africa. Basing his interpretation on this raw COMINT traffic, Churchill pressed his generals to take the offensive against Rommel. Churchill did not realize what his own intelligence analysts could have readily told him: Rommel consistently exaggerated his short- ages in order to bolster his demands for sup- plies and reinforcements.

Statistics are the least persuasive form of evidence; abstract (general) text is next; concrete (specific, focused, exemplary) text is a more persuasive form still; and visual evidence, such as imagery or video, is the most persuasive.

Weighing Based on the Source

One of the most difficult traps for an analyst to avoid is that of weighing evidence based on its source.

Favoring the Most Recent Evidence

Analysts often give the most recently acquired evidence the most weight.

The freshest intelligence—crisp, clear, and the focus of the analyst’s attention—often gets more weight than the fuzzy and half-re- membered (but possibly more important) in- formation that has had to travel down the long lines of time. The analyst has to remember this tendency and compensate for it. It sometimes helps to go back to the original (older) intelligence and reread it to bring it more freshly to mind.

Favoring or Disfavoring the Unknown

It is hard to decide how much weight to give to answers when little or no information is available for or against each one.

Trusting Hearsay

The chief problem with much of HUMINT (not including documents) is that it is hearsay evidence; and as noted earlier, the judiciary long ago learned to distrust hearsay for good reasons, including the biases of the source and the collector. Sources may deliberately distort or misinform because they want to influence policy or increase their value to the collector.

Finally, and most important, people can be misinformed or lie. COMINT can only report what people say, not the truth about what they say. So intelligence analysts have to use hearsay, but they must also weigh it accordingly.

Unquestioning Reliance on Expert Opinions

Expert opinion is often used as a tool for analyzing data and making estimates. Any intelligence community must often rely on its nation’s leading scientists, economists, and political and social scientists for insights into foreign developments.

outside experts often have issues with objectivity. With experts, an ana- lyst gets not only their expertise, but also their biases; there are those experts who have axes to grind or egos that convince them there is only one right way to do things (their way).

British counterintelligence officer Peter Wright once noted that “on the big issues, the experts are very rarely right.”

Analysts should treat expert opinion as HUMINT and be wary when the expert makes extremely positive comments (“that foreign development is a stroke of genius!”) or extremely negative ones (“it can’t be done”).

Analysis Principle 7-3

Many experts, particularly scientists, are not mentally prepared to look for deception, as intelligence officers should be. It is simply not part of the expert’s training. A second problem, as noted earlier, is that experts often are quite able to deceive themselves without any help from opponents.

Varying the way expert opinion is used is one way to attempt to head off the problems cited here. Using a panel of experts to make analytic judgments is a common method of trying to reach conclusions or to sort through a complex array of interdisciplinary data.

Such panels have had mixed results. One former CIA office director observed that “advisory panels of eminent scientists are usually useless. The members are seldom willing to commit the time to studying the data to be of much help.”

The quality of the conclusions reached by such panels depends

on several variables, including the panel’s

Expertise
Motivation to produce a quality product
Understanding of the problem area to be addressed
Effectiveness in working as a group

A major advantage of the target-centric approach is that it formalizes the process of obtaining independent opinions.

Both single-source and all-source analysts have to guard against falling into the trap of reaching conclusions too early.

Premature closure also has been described as “affirming conclusions,” based on the observation that people are inclined to verify or affirm their existing beliefs rather than modify or discredit those beliefs.

The primary danger of premature closure is not that one might make a bad assessment because the evidence is incomplete. Rather, the danger is that when a situation is changing quickly or when a major, unprecedented event occurs, the analyst will become trapped by the judgments already made. Chances increase that he or she will miss indications of change, and it becomes harder to revise an initial estimate

The counterintelligence technique of deception thrives on this tendency to ignore evidence that would disprove an existing assumption

Denial and deception succeed if one op- ponent can get the other to make a wrong initial estimate.

Combining Evidence

In almost all cases, intelligence analysis in- volves combining disparate types of evidence.

Analysts have to have methods for weighing the combined data to help them make qualitative judgments as to which conclusions the various data best support.

Convergent and Divergent Evidence

Two items of evidence are said to be conflicting or divergent if one item favors one conclusion and the other item favors a different conclusion.

two items of evidence are contradictory if they say logically opposing things.

Redundant Evidence

Convergent evidence can also be redundant. To understand the concept of redundancy, it helps to understand its importance in communications theory.

Redundant, or duplicative, evidence can have corroborative redundancy or cumulatsive redundancy. In both types, the weight of the evidence piles up to reinforce a given conclusion. A simple example illustrates the difference.

Formal Methods for Combining Evidence

The preceding sections describe some informal methods for evidence combination. It often is important to combine evidence and demonstrate the logical process of reaching a conclusion based on that evidence by careful argument. The formal process of making that argument is called structured argumentation. Such formal structured argumentation approaches have been around at least since the seventeenth century.

Structured Argumentation

Structured argumentation is an analytic process that relies on a framework to make assumptions, reasoning, rationales, and evidence explicit and transparent. The process begins with breaking down and organizing a problem into parts so that each one can be examined systematically, as discussed in earlier chapters.

As analysts work through each part, they identify the data require- ments, state their assumptions, define any terms or concepts, and collect and evaluate relevant information. Potential explanations or hypotheses are formulated and evaluated with empirical evidence, and information gaps are identified.

Formal graphical or numerical processes for combining evidence are time consuming to apply and are not widely used in intelligence analysis. They are usually reserved for cases in which the customer requires them because the issue is critically important, because the customer wants to examine the reasoning process, or because the exact probabilities associated with each alternative are import- ant to the customer.

Wigmore’s Charting Method

John Henry Wigmore was the dean of the Northwestern University School of Law in the early 1900s and author of a ten-volume treatise commonly known as Wigmore on Evidence. In this treatise he defined some principles for rational inquiry into disputed facts and methods for rigorously analyzing and ordering possible inferences from those facts.

Wigmore argued that structured argumentation brings into the open and makes explicit the important steps in an argument, and thereby makes it easier to judge both their soundness and their probative value. One of the best ways to recognize any inherent tendencies one may have in making biased or illogical arguments is to go through the body of evidence using Wigmore’s method.

Different symbols are used to show varying kinds of evidence: explanatory, testimonial, circumstantial, corroborative, undisputed fact, and combinations.
Relationships between symbols (that is, between individual pieces of evidence) are indicated by their relative positions (for example, evidence tending to prove a fact is placed be- low the fact symbol).
The connections between symbols indicate the probative effect of their relationship and the degree of uncertainty about the relationship.

Even proponents admit that it is too time-consuming for most practical uses, especially in intelligence analysis, where the analyst typically has limited time.

Nevertheless, making Wigmore’s approach, or something like it, widely usable in intelligence analysis would be a major contribution.

Bayesian Techniques for Combining Evidence

By the early part of the eighteenth century, mathematicians had solved what is called the “forward probability” problem: When all of the facts about a situation are known, what is the probability of a given event happening?

Intelligence analysts find this problem of far more interest than the forward probability problem, because they often must make judgments about an underlying situation from observing the events that the situation causes. Bayes developed a formula for the answer that bears his name: Bayes’ rule.

One advantage claimed for Bayesian analysis is its ability to blend the subjective probability judgments of experts with historical frequencies and the latest sample evidence.

Bayes seems difficult to teach. It is generally considered to be “advanced” statistics and, given the problem that many people (including intelligence analysts) have with traditional elementary probabilistic and statistical techniques, such a solution seems to require expertise not currently resident in the intelligence community or available only through expensive software solutions.

A Note about the Role of Information Technology

It may be impossible for new analysts today to appreciate the markedly different work environment that their counterparts faced 40 years ago. Incoming intelligence arrived at the analyst’s desk in hard copy, to be scanned, marked up, and placed in file drawers. Details about intelligence targets—installations, persons, and organizations—were often kept on 5” × 7” cards in card catalog boxes. Less tidy analysts “filed” their most interesting raw intelligence on their desktops and cabinet tops, sometimes in stacks over 2 feet high.

IT systems allow analysts to acquire raw intelligence material of interest (incoming classified cable traffic and open source) and to search, organize, and store it electronically. Such IT capabilities have been eagerly accepted and used by analysts because of their ad- vantages in dealing with the information explosion.

A major consequence of this information explosion is that we must deal with what is called “big data” in collating and analyzing intelligence. Big data has been defined as “datasets whose size is beyond the ability of typical database software tools to capture, store, manage, and analyze.”

Analysts, inundated by the flood, have turned to IT tools for extracting meaning from the data. A wide range of such tools exists, including ones for visualizing the data and identifying patterns of intelligence interest, ones for conducting statistical analysis, and ones for running simulation models. Analysts with responsibility for counterterrorism, organized crime, counternarcotics, counterproliferation, or financial fraud can choose from commercially available tools such as Palantir, CrimeLink, Analyst’s Notebook, NetMap, Orion, or VisuaLinks to produce matrix and link diagrams, timeline charts, telephone toll charts, and similar pattern displays.

Tactical intelligence units, in both the military and law enforcement, find geospatial analysis tools to be essential.

Some intelligence agencies also have in-house tools that replicate these capabilities. Depending on the analyst’s specialty, some tools may be more relevant than others. All, though, have definite learning curves and their database structures are generally not compatible with each other. The result is that these tools are used less effectively than they might be, and the absence of a single standard tool hinders collaborative work across intelligence organizations.

Summary

In gathering information for synthesizing the target model, analysts should start by re- viewing existing finished and raw intelligence. This provides a picture of the current target model. It is important to do a key assumptions check at this point: Do the premises that underlie existing conclusions about the target seem to be valid?

Next, the analyst must acquire and evaluate raw intelligence about the target, and fit it into the target model—a step often called col- lation. Raw intelligence is viewed and evalu- ated differently depending on whether it is literal or nonliteral. Literal sources include open source, COMINT, HUMINT, and cyber collection. Nonliteral sources involve several types of newer and highly focused collection techniques that depend heavily on processing, exploitation, and interpretation

to turn the material into usable intelligence.

Once a model template has been selected for the target, it becomes necessary to fit the relevant information into the template. Fitting the information into the model template re- quires a three-step process:

Evaluating the source, by determining whether the source (a) is competent, that is, knowledgeable about the information being given; (b) had the access needed to get the information; and (c) had a vested interest or bias regarding the information provided.
Evaluating the communications channel through which the information arrived. Information that passes through many intermediate points becomes distorted. Processors and exploiters of collected information can also have a vested interest or bias.
Evaluating the credentials of the evidence itself. This involves evaluating (a) the credibility of evidence, based in part on the previously completed source and communications channel evaluations; (b) the reliability; and (c) the relevance of the evidence. Relevance is a particularly important evaluation step; it is too easy to fit evidence into the wrong target model.
As evidence is evaluated, it must be combined and incorporated into the target mod- el. Multiple pieces of evidence can be convergent (favoring the same conclusion) or diver- gent (favoring different conclusions and leading to alternative target models). Convergent evidence can also be redundant, reinforcing a conclusion.

Tools to extract meaning from data, for example, by relation- ship, pattern, and geospatial analysis, are used by analysts where they add value that offsets the cost of “care and feeding” of the tool. Tools to support structured argumentation are available and can significantly im- prove the quality of the analytic product, but whether they will find serious use in intelligence analysis is still an open question.

Denial, Deception, and Signaling

There is nothing more deceptive than an obvious fact.

Sherlock Holmes, in “The Boscombe Valley Mystery”

In evaluating evidence and developing a target model, an analyst must constantly take into account the fact that evidence may have been deliberately shaped by an opponent.

Denial and deception are major weapons in the counterintelligence arsenal of a country or organization.

They may be the only weapons available for many countries to use against highly sophisticated technical intelligence.

At the opposite extreme, the opponent may intentionally shape what the analyst sees, not to mislead but rather to send a message or signal. It is important to be able to recognize signals and to understand their meaning.

Denial

Denial and deception come in many forms. Denial is somewhat more straightforward.

Deception

Deception techniques are limited only by our imagination. Passive deception might include using decoys or having the intelligence target emulate an activity that is not of intelligence interest—making a chemical or biological warfare plant look like a medical drug production facility, for example. Decoys that have been widely used in warfare include dummy ships, missiles, and tanks.

Active deception includes misinformation (false communications traffic, signals, stories, and documents), misleading activities, and double agents (agents who have been discovered and “turned” to work against their former employers), among others.

Illicit groups (for example, terrorists) con- duct most of the deception that intelligence must deal with. Illicit arms traffickers (known as gray arms traffickers) and narcotics traffickers have developed an extensive set of deceptive techniques to evade international restrictions. They use intermediaries to hide financial transactions. They change ship names or aircraft call signs en route to mislead law enforcement officials. One airline changed its corporate structure and name overnight when its name became linked to illicit activities.1 Gray arms traffickers use front companies and false end-user certificates.

Defense against Denial and Deception: Protecting Intelligence Sources and Methods

In the intelligence business, it is axiomatic that if you need information, someone will try to keep it from you. And we have noted repeatedly that if an opponent can model a system, he can defeat it. So your best defense is to deny your opponent an understanding of your intelligence capabilities. Without such understanding, the opponent cannot effectively conduct D&D.

For small governments, and in the business intelligence world, protection of sources and methods is relatively straightforward. Selective dissemination of and tight controls on intelligence information are possible. But a major government has too many intelligence customers to justify such tight restrictions. Thus these bureaucracies have established an elaborate system to simultaneously protect and disseminate intelligence information. This protection system is loosely called compartmentation, because it puts information in “compartments” and restricts access to the compartments.

In the U.S. intelligence community, the intelligence product, sources, and methods are protected by the sensitive compartmented information (SCI) system. The SCI system uses an extensive set of compartments to protect sources and methods. Only the col- lectors and processors have access to many of the compartmented materials. Much of the product, however, is protected only by standard markings such as “Secret,” and access is granted to a wide range of people.

Open-source intelligence has little or no protection because the source material is unclassified. However, the techniques for exploiting open-source material, and the specific material of interest for exploitation, can tell an opponent much about an intelligence service’s targets. For this reason, intelligence agencies that translate open source often restrict its dissemination, using markings such as “Official Use Only.”

Higher Level Denial and Deception

A few straightforward examples of denial and deception were cited earlier. But sophisticated deception must follow a careful path; it has to be very subtle (too-obvious clues are likely to tip off the deception) yet not so subtle that your opponent misses it. It is commonly used in HUMINT, but today it frequently requires multi-INT participation or a “swarm” attack to be effective. Increasingly, carefully planned and elaborate multi- INT D&D is being used by various countries. Such efforts even have been given a different name—perception management—that focuses on the end result that the effort is intended to achieve.

Perception management can be effective against an intelligence organization that, through hubris or bureaucratic politics, is reluctant to change its initial conclusions about a topic. If the opposing intelligence organization makes a wrong initial estimate, then long-term deception is much easier to pull off. If D&D are successful, the opposing organization faces an unlearning process: its predispositions and settled conclusions have to be discarded and replaced.

The best perception management results from highly selective targeting, intended to get a specific message to a specific person or organization. This requires knowledge of that person’s or organization’s preferences in intelligence—a difficult feat to accomplish, but the payoff of a successful perception management effort is very high. It can result in an opposing intelligence service making a miscall or causing it to develop a false sense of security. If you are armed with a well-developed model of the three elements of a foreign intelligence strategy —targets, operations, and linkages—an effective counterintelligence counterattack in the form of perception management or covert action is possible, as the following examples show.

The Farewell Dossier

Detailed knowledge of an opponent is the key to successful counterintelligence, as the “Farewell” operation shows. In 1980 the French internal security service Direction de la Surveillance du Territoire (DST) recruited a KGB lieutenant colonel, Vladimir I. Vetrov, codenamed “Farewell.” Vetrov gave the French some four thousand documents, de- tailing an extensive KGB effort to clandes- tinely acquire technical know-how from the West, primarily from the United States.

In 1981 French president François Mitterrand shared the source and the documents (which DST named “the Farewell Dossier”) with U.S. president Ronald Reagan.

In early 1982 the U.S. Department of Defense, the Federal Bureau of Investigation, and the CIA began developing a counterattack. Instead of simply improving U.S. defenses against the KGB efforts, the U.S. team used the KGB shopping list to feed back, through CIA-controlled channels, the items on the list—augmented with “improvements” that were designed to pass acceptance testing but would fail randomly in service. Flawed computer chips, turbines, and factory plans found their way into Soviet military and civilian factories and equipment. Misleading information on U.S. stealth technology and space defense flowed into the Soviet intelligence reporting. The resulting failures were a severe setback for major segments of Soviet industry. The most dramatic single event resulted when the United States provided gas pipeline management software that was in- stalled in the trans-Siberian gas pipeline. The software had a feature that would, at some time, cause the pipeline pressure to build up to a level far above its fracture pres- sure. The result was the Soviet gas pipeline explosion of 1982, described as the “most monumental non-nuclear explosion and fire ever seen from space.

Countering Denial and Deception

In recognizing possible deception, an analyst must first understand how deception works. Four fundamental factors have been identified as essential to deception: truth, denial, deception, and misdirection.

Truth—All deception works within the context of what is true. Truth establishes a foundation of perceptions and beliefs that are accepted by an opponent and can then be exploited in deception. Supplying the opponent with real data establishes the credibility of future communications that the opponent then relies on.

Denial—It’s essential to deny the op- ponent access to some parts of the truth. Denial conceals aspects of what is true, such as your real intentions and capabilities. Denial often is used when no deception is intended; that is, the end objective is simply to deny knowledge. One can deny without intent to deceive, but not the

converse.

Deceit—Successful deception requires the practice of deceit.

Misdirection—Deception depends on manipulating the opponent’s perceptions. You want to redirect the opponent away from the truth and toward a false perception. In operations, a feint is used to redirect the adversary’s attention away from where the real operation will occur.

The first three factors allow the deceiver to present the target with desirable, genuine data while reducing or eliminating signals that the target needs to form accurate perceptions. The fourth provides an attractive alternative that commands the target’s attention.

The effectiveness of hostile D&D is a direct reflection of the predictability of collection.

Collection Rules

The best way to defeat D&D is for all of the stakeholders in the target-centric approach to work closely together. The two basic rules for collection, described here, form a complementary set. One rule is intended to provide incentive for collectors to defeat D&D. The other rule suggests ways to defeat it.

The first rule is to establish an effective feedback mechanism.

Relevance of the product to intelligence questions is the correct measure of collection effectiveness, and analysts and customers—not collectors—determine relevance. The system must enforce a content-oriented evaluation of the product, because content is used to determine relevance.

The second rule is to make collection smarter and less predictable. There exist several tried-and-true tactics for doing so:

Don’t optimize systems for quality and quantity; optimize for content.
Apply sensors in new ways. Analysis groups often can help with new sensor approaches in their areas of responsibility.
Consider provocative techniques against D&D targets.

Probing an opponent’s system and watching the response is a useful tactic for learning more about the system. Even so, probing may have its own set of un- desirable consequences: The Soviets would occasionally chase and shoot down the reconnaissance aircraft to discourage the probing practice.

Hit the collateral or inferential tar- gets. If an opponent engages in D&D about a specific facility, then sup- porting facilities may allow inferences to be made or to expose the deception. Security measures around a facility and the nature and status of nearby communications, power, or transportation facilities may provide a more complete picture.
Finally, use deception to protect a collection capability.

The best weapon against D&D is to mis- lead or confuse opponents about intelligence capabilities, disrupt their warning programs, and discredit their intelligence services.

An analyst can often beat D&D simply by using several types of intelligence—HUMINT, COMINT, and so on—in combination, simultaneously, or successively. It is relatively easy to defeat one sensor or collection channel. It is more difficult to defeat all types of intelligence at the same time.

Increasingly, opponents can be expected to use “swarm” D&D, targeting several INTs in a coordinated effort like that used by the Soviets in the Cuban missile crisis and the Indian government in the Pokhran deception.

The Information Instrument

Analysts, whether single- or all-source, are the focal points for identifying D&D. In the types of conflicts that analysts now deal with opponents have made effective use of a weapon that relies on deception: using both traditional media and social media to paint a misleading picture of their adversaries. Nongovernmental opponents (insurgents and terrorists) have made effective use of this information instrument.

the prevalence of media reporters in all conflicts, and the easy access to social media, have given the information instrument more utility. Media deception has been used repeatedly by opponents to portray U.S. and allied “atrocities” during military campaigns in Kosovo, Iraq, Afghanistan, and Syria.

Signaling

Signaling is the opposite of denial and deception. It is the process of deliberately sending a message, usually to an opposing intelligence service.

its use depends on a good know- ledge of how the opposing intelligence ser- vice obtains and analyzes knowledge. Recognizing and interpreting an opponent’s signals is one of the more difficult challenges an analyst must face. Depending on the situation, signals can be made verbally, by actions, by displays, or by very subtle nuances that depend on the context of the signal.

In negotiations, signals can be both verbal and nonverbal.

True signals often are used in place of open declarations, to provide in- formation while preserving the right of deniability.

Analyzing signals requires examining the content of the signal and its context, timing, and source. Statements made to the press are quite different from statements made through diplomatic channels—the latter usually carry more weight.

Signaling between members of the same culture can be subtle, with high success rates of the signal being understood. Two U.S. corporate executives can signal to each other with confidence; they both understand the rules. A U.S. executive and an Indonesian executive would face far greater risks of misunderstanding each other’s signals. The cultural differences in signaling can be substantial. Cultures differ in their reliance on verbal and nonverbal signals to communicate their messages. The more people rely on nonverbal or indirect verbal signals and on context, the higher the complexity.

In July 1990 the U.S. State Department unintentionally sent several signals that Saddam Hussein apparently interpreted as a green light to attack Kuwait. State Department spokesperson Margaret Tutwiler said, “[W]e do not have any defense treaties with Kuwait. . . .” The next day, Ambassador April Glaspie told Saddam Hussein, “[W]e have no opinion on Arab-Arab conflicts like your border disagreement with Kuwait.” And two days before the invasion, Assistant Secretary of State John Kelly testified before the House Foreign Affairs Committee that there was no obligation on our part to come to the defense of Kuwait if it were attacked.

Analytic Tradecraft in a World of Denial and Deception

Writers often use the analogy that intelligence analysis is like the medical profession.

Analysts and doctors weigh evidence and reach conclusions in much the same fashion. In fact, intelligence analysis, like medicine, is a combination of art, tradecraft, and science. Different doctors can draw different conclusions from the same evidence, just as different analysts do.

But intelligence analysts have a different type of problem than doctors do. Scientific researchers and medical professionals do not routinely have to deal with denial and deception. Though patients may forget to tell them about certain symptoms, physicians typically don’t have an opponent who is trying to deny them knowledge. In medicine, once doctors have a process for treating a pathology, it will in most cases work as expected. The human body won’t develop countermeasures to the treatment. But in intelligence, your opponent may be able to identify the analysis process and counter it. If analysis becomes standardized, an opponent can predict how you will analyze the available intelligence, and then D&D become much easier to pull off.

One cannot establish a process and retain it indefinitely.

Intelligence analysis within the context of D&D is in fact analogous to being a professional poker player, especially in the games of Seven Card Stud or Texas Hold ’em. You have an opponent. Some of the opponent’s resources are in plain sight, some are hidden. You have to observe the opponent’s actions (bets, timing, facial expressions, all of which incorporate art and tradecraft) and do pattern analysis (using statistics and other tools of science).

Summary

In evaluating raw intelligence, analysts must constantly be aware of the possibility that they may be seeing material that was deliberately provided by the opposing side. Most targets of intelligence efforts practice some form of denial. Deception—providing false information—is less common than denial because it takes more effort to execute, and it can backfire.

Defense against D&D starts with your own denial of your intelligence capabilities to op- posing intelligence services.

Where one intelligence service has extensive knowledge of another service’s sources and methods, more ambitious and elaborate D&D efforts are possible. Often called perception management, these involve developing a coordinated multi-INT campaign to get the opposing service to make a wrong initial estimate. Once this happens, the opposing service faces an unlearning process, which is difficult. A high level of detailed knowledge also allows for covert actions to disrupt and discredit the opposing service.

A collaborative target-centric process helps

to stymie D&D by bringing together different perspectives from the customer, the collector, and the analyst. Collectors can be more effective in a D&D environment with the help of analysts. Working as a team, they can make more use of deceptive, unpredictable, and provocative collection methods that have proven effective in defeating D&D.

Intelligence analysis is a combination of art, tradecraft, and science. In large part, this is because analysts must constantly deal with denial and deception, and dealing with D&D is primarily a matter of artfully applying tradecraft.

Systems Modeling and Analysis

Believe what you yourself have tested and found to be reasonable.

Buddha

In chapter 3, we described the target as three things: as a complex system, as a network, and as having temporal and spatial attributes.

any entity having the attributes of structure, function, and process can be de- scribed and analyzed as a system, as noted in previous chapters.

the basic principles apply in modeling political and economic systems, as well. Systems analysis can be applied to analyze both existing systems and those under development.

A government can be considered a system and analyzed in much the same way—by creating structural, functional, and process models.

Analyzing an Existing System: The Mujahedeen Insurgency

a single weapon can be defeated, as in this case, by tactics. But the proper mix of antiair weaponry could not. The mix here included surface-to-air missiles (SA-7s, British Blowpipes, and Stinger missiles) and machine guns (Oerlikons and captured Soviet Dashika machine guns). The Soviet helicopter operators could defend against some of these, but not all simultaneously. SA-7s were vulnerable to flares; Blowpipes were not. The HINDs could stay out of range of the Dashikas, but then they would be at an effective range for the Oerlikons.3 Unable to know what they might be hit with, Soviet pilots were likely to avoid at- tacking or rely on defensive maneuvers that would make them almost ineffective—which is exactly what happened.

Analyzing a Developmental System: Methodology

In intelligence, we also are concerned about modeling a system that is un- der development. The first step in modeling a developmental system, and particularly a future weapons system, is to identify the system(s) under development. Two approaches traditionally have been applied in weapons systems analysis, both based on reasoning paradigms drawn from the writings of philosophers: deductive and inductive.

The deductive approach to prediction is to postulate desirable objectives, in the eyes of the opponent; identify the system requirements; and then search the incoming intelligence for evidence of work on the weapons systems, subsystems, components, devices, and basic research and development (R&D) required to reach those objectives.
The opposite, an inductive or synthesis approach, is to begin by looking at the evidence of development work and then synthesize the advances in systems, subsystems, and devices that are likely to follow.

A number of writers in the intelligence field have argued that intelligence uses a different method of reasoning—abduction, which seeks to develop the best hypothesis or inference from a given body of evidence. Abduction is much like induction, but its stress is on integrating the analyst’s own thoughts and intuitions into the reasoning process.

The deductive approach can be described as starting from a hypothesis and using evidence to test the hypothesis. The inductive approach is described as evidence-based reasoning to develop a conclusion.7 Evidence- based reasoning is applied in a number of professions. In medicine, it is known as evidence-based practice—applying a combination of theory and empirical evidence to make medical decisions.

Both (or all three) approaches have advantages and drawbacks. In practice, though, deduction has some advantages over induction or abduction in identifying future systems development.

The problem arises when two or more systems are under development at the same time. Each system will have its R&D process, and it can be very difficult to separate the processes out of the mass of in- coming raw intelligence. This is the “multiple pathologies” problem: When two or more pathologies are present in a patient, the symptoms are mixed together, and diagnosing the separate ill- nesses becomes very difficult. Generally, the deductive technique works better for dealing with the multiple pathologies issue in future systems assessments.

Once a system has been identified as being in development, analysis proceeds to the second step: answering customers’ questions about it. These questions usually are about the system’s functional, process, and structural characteristics—that is, about performance, schedule, risk, and cost.

As the system comes closer to completion, a wider group of customers will want to know what specific targets the system has been designed against, in what circumstances it will be used, and what its effectiveness will be. These matters typically require analysis of the system’s performance, including its suitability for operating in its environment or in accomplishing the mission for which it has been designed. The schedule for completing development and fielding the system, as well as associated risks, also become important. In some cases, the cost of development and deployment will be of interest.

Performance

Performance analyses are done on a wide range of systems, varying from simple to highly complex multidisciplinary systems. Determining the performance of a narrowly defined system is straightforward. More challenging is assessing the performance of a complex system such as an air defense network or a narcotics distribution network. Most complex system performance analysis is now done by using simulation, a topic to which we will return.

Comparative Modeling

Comparative modeling is similar to benchmarking, but the focus is on analysis of one group’s system or product performance, versus an opponent’s.

Comparing your country’s or organization’s developments with those of an opponent can involve four distinct fact patterns. Each pat- tern poses challenges that the analyst must deal with.

In short, the possibilities can be de- scribed as follows:

We did it—they did it.
• We did it—they didn’t do it.
• We didn’t do it—they did it.
• We didn’t do it—they didn’t do it.

There are many examples of the “we did it—they did it” sort of intelligence problem, especially in industries in which competitors typically develop similar products.

In the second case, “we did it—they didn’t do it,” the intelligence officer runs into a real problem: It is almost impossible to prove a negative in intelligence. The fact that no intelligence information exists about an opponent’s development cannot be used to show that no such development exists.

The third pattern, “we didn’t do it—they did it,” is the most dangerous type that we en- counter. Here the intelligence officer has to overcome opposition from skeptics in his country, because he has no model to use for comparison.

The “we didn’t do it—they did it” case presents analysts with an opportunity to go off in the wrong direction analytically

This sort of transposition of cause and effect is not uncommon in human source report- ing. Part of the skill required of an intelli- gence analyst is to avoid the trap of taking sources too literally. Occasionally, intelli- gence analysts must spend more time than they should on problems that are even more fantastic or improbable than that of the German engine killer.

Simulation

Performance simulation typically is a parametric, sensitivity, or “what if” type of analysis; that is, the analyst needs to try a relationship between two variables (parameters), run a computer analysis and examine the results, change the input constants, and run the simulation again.

The case also illustrates the common systems analysis problem of presenting the worst- case estimate: National security plans often are made on the basis of a systems estimate; out of fear that policymakers may become complacent, an analyst will tend to make the worst case that is reasonably possible.

The Mirror-Imaging Challenge

Both comparative modeling and simulation have to deal with the risks of mirror imaging. The opponent’s system or product (such as an airplane, a missile, a tank, or a supercomputer) may be designed to do different things or to serve a different market than expected.

The risk in all systems analysis is one of mirror imaging, which is much the same as the mirror-imaging problem in decision-making.

Unexpected Simplicity

In effect, the Soviets applied a version of Occam’s razor (choose the simplest explanation that fits the facts at hand) in their industrial practice. Because they were cautious in adopting new technology, they tended to keep everything as simple as possible. They liked straightforward, proven designs. When they copied a design, they simplified it in obvious ways and got rid of the extra features that the United States tends to put on its weapons systems. The Soviets made maintenance as simple as possible, because the hardware was going to be maintained by people who did not have extensive training.

In a comparison of Soviet and U.S. small jet engine technology, the U.S. model engine was found to have 2.5 times as much materials cost per pound of weight. It was smaller and lighter than the Soviet engine, of course, but it had 12 times as many maintenance hours per flight-hour as the Soviet model, and overall the Soviet engine had a life cycle cost half that of the U.S. engine.10 The ability to keep things simple was the Soviets’ primary advantage over the United States in technology, especially military technology.

Quantity May Replace Quality

U.S. analysts often underestimated the number of units that the Soviets would produce. The United States needed fewer units of a given system to perform a mission, since each unit had more flexibility, quality, and performance ability than its Soviet counterpart. The United States forgot a lesson that it had learned in World War II—U.S. Sherman tanks were inferior to the German Tiger tanks in combat, but the United States deployed a lot of Shermans and overwhelmed the Tigers with numbers.

Schedule

The intelligence customer’s primary concern about systems under development usually centers on performance, as discussed previously.

the importance of the systems development process, which is one of the many types of processes we deal with in intelligence.

Process Models

The functions of any system are carried out by processes. The processes will be different for different systems. That’s true whether you are describing an organization, a weapons system, or an industrial system. Different types of organizations, for ex- ample—civil government, law enforcement, military, and commercial organizations—will have markedly different processes. Even similar types of organizations will have different processes, especially in different cultures.

Political, military, economic, and weapons systems analysts all use specialized process-analysis techniques.

Most processes and most process models have feedback loops. Feedback al- lows the system to be adaptive, that is, to ad- just its inputs based on the output. Even simple systems such as a home heating/air conditioning system provide feedback via a thermostat. For complex systems, feedback is essential to prevent the process from producing undesirable output. Feedback is an important part of both synthesis and analysis

Development Process Models

In determining the schedule for a systems development, we concentrate on examining the development process and identifying the critical points in that process.

An example development process model is shown in Figure 9-2. In this display, the pro- cess nodes are separated by function into “swim lanes” to facilitate analysis.

The Program Cycle Model

Beginning with the system requirement and progressing to production, deployment, and operations, each phase bears unique indicators and opportunities for collection and synthesis/analysis. Customers of intelligence often want to know where a major system is in this life cycle.

Different types of systems may evolve through different versions of the cycle, and product development differs somewhat from systems development. It is therefore important for the analyst to first determine the specific names and functions of the cycle phases for the target country, industry, or company and then determine exactly where the target program is in that cycle. With that information, analytic techniques can be used to predict when the program might become operational or begin producing output.

It is important to know where a program is in the cycle in order to make accurate predictions.

A general rule of thumb is that the more phases in the program cycle, the longer the process will take, all other things being equal. Countries and organizations with large, stable bureaucracies typically have many phases, and the process, whatever it may be, takes that much longer.

Program Staffing

The duration of any stage of the cycle shown in the Generic Program Cycle is determined by the type of work involved and the number and expertise of workers assigned.

Fred Brooks, one of the premier figures in computer systems development, defined four types of projects in his book The Mythical Man-Month. Each type of project has a unique relationship between the number of workers needed (the project loading) and the time it takes to complete the effort.

The first type of project is a perfectly partitionable task—that is, one that can be completed in half the time by doubling the number of workers.

A second type of project involves the unpartitionable task…The profile is referred to here as the “baby production curve,” because no matter how many women are assigned to the task, it takes nine months to produce a baby.

Most small projects fit the curve shown in the lower left of the figure, which is a com- bination of the first two curves. In this case a project can be partitioned into subtasks, but the time it takes for people working on different subtasks to communicate with one another will eventually balance out the time saved by adding workers, and the curve levels off.

Large projects tend to be dominated by communication. At some point, shown as the bottom point of the lower right curve, adding additional workers begins to slow the project because all workers have to spend more time in communication.

The Technology Factor

Technology is another important factor in any development schedule; and technology is neither available nor applied in the same way everywhere. An analyst in a technologically advanced country, such as the United States, tends to take for granted that certain equipment—test equipment, for example—will be readily available and will be of a certain quality.

There is also a definite schedule advantage to not being the first to develop a system. A country or organization that is not a leader in technology development has the advantage of learning from the leader’s mistakes, an ad- vantage that entails being able to keep research and development costs low and avoid wrong paths.

A basic rule of engineering is that you are halfway to a solution when you know that there is a solution, and you are three-quarters there when you know how a competitor solved the problem. It took much less time for the Soviets to develop atomic and hydrogen bombs than U.S. intelligence had predicted. The Soviets had no principles of impotence or doubts to slow them down.

Risk

Analysts often assume that the programs and projects they are evaluating will be completed on time and that the target system will work perfectly. They would seldom be so foolish in evaluating their own projects or the performance of their own organizations. Risk analysis needs to be done in any assessment of a target program.

It is typically difficult to do and, once done, difficult to get the customer to accept. But it is important to do because intelligence customers, like many analysts, also tend to assume that an opponent’s program will be executed perfectly.

One fairly simple but often overlooked approach to evaluating the probability of success is to examine the success rate of similar ventures.

Known risk areas can be readily identified from past experience and from discussions with technical experts who have been through similar projects. The risks fall into four major categories—programmatic, technical, production, and engineering. Analyzing potential problems requires identifying specific potential risks from each category. Some of these risks include the following:

Programmatic: funding, schedule, contract relationships, political issues
Technical: feasibility, survivability, system performance
Production: manufacturability, lead times, packaging, equipment
Engineering: reliability, maintainability, training, operations

Risk assessment assesses risks quantitatively and ranks them to establish those of most concern. A typical ranking is based on the risk factor, which is a mathematical combination of the probability of failure and the consequence of failure. This assessment requires a combination of expertise and software tools in a structured and consistent approach to ensure that all risk categories are considered and ranked.

Risk management is the definition of alternative paths to minimize risk and set criteria on which to initiate or terminate these activities. It includes identifying alternatives, options, and approaches to mitigation.

Examples are initiation of parallel developments (for example, funding two manufacturers to build a satellite, where only one satellite is needed), extensive development testing, addition of simulations to check performance predictions, design reviews by consultants, or focused management attention on specific elements of the program. A number of decision analysis tools are useful for risk management. The most widely used tool is the Program Evaluation and Review Technique (PERT) chart, which shows the interrelationships and dependencies among tasks in a program on a timeline.

Cost

Systems analysis usually doesn’t focus heavily on cost estimates. The usual assumption is that costs will not keep the system from being completed. Sometimes, though, the costs are important because of their effect on the overall economy of a country.

Estimating the cost of a system usually starts with comparative modeling. That is, you be- gin with an estimate of what it would cost your organization or an industry in your country to build something. You multiply that number by a factor that accounts for the difference in costs of the target organization (and they will always be different).

When several system models are being considered, cost-utility analysis may be necessary. Cost-utility analysis is an important part of decision prediction. Many decision-making processes, especially those that require resource allocation, make use of cost-utility analysis. For an analyst assessing a foreign military’s decision whether to produce a new weapons system, it is a useful place to start. But the analyst must be sure to take “rationality” into account. As noted earlier, what is “rational” is different across cultures and from one individual to the next. It is important for the analyst to understand the logic of the decision maker—that is, how the opposing decision maker thinks about topics such as cost and utility.

In performing cost-utility analysis, the analyst must match cost figures to the same time horizon over which utility is being assessed. This will be a difficult task if the horizon reaches past a few years away. Life-cycle costs should be considered for new systems, and many new systems have life cycles in the tens of years.

Operations Research

A number of specialized methodologies are used to do systems analysis. Operations re- search is one of the more widely used ones.

Operations research has a rigorous process for defining problems that can be usefully applied in intelligence. As one specialist in the discipline has noted, “It often occurs that the major contribution of the operations research worker is to decide what is the real problem.” Understanding the problem often requires understanding the environment and/or system in which an issue is embedded, and operations researchers do that well.

After defining the problem, the operations research process requires representing the system in mathematical form. That is, the operations researcher builds a computation- al model of the system and then manipulates or solves the model, using computers, to come up with an answer that approximates how the real-world system should function. Systems of interest in intelligence are characterized by uncertainty, so probability analysis is a commonly used approach.

Two widely used operations research techniques are linear programming and network analysis. They are used in many fields, such as network planning, reliability analysis, capacity planning, expansion capability de- termination, and quality control.

Linear Programming

Linear programming involves planning the efficient allocation of scarce resources, such as material, skilled workers, machines, money, and time.

Linear programs are simply systems of linear equations or in- equalities that are solved in a manner that yields as its solution an optimum value—the best way to allocate limited resources, for example. The optimum value is based on some single-goal statement (provided to the program in the form of what is called a linear objective function). Linear programming is often used in intelligence for estimating production rates, though it has applicability in a wide range of disciplines.

Network Analysis

In chapter 10 we’ll investigate the concept of network analysis as applied to relation- ships among entities. Network analysis in an operations research sense is not the same. Here, networks are interconnected paths over which things move. The things can be automobiles (in which case we are dealing with a network of roads), oil (with a pipeline system), electricity (with wiring diagrams or circuits), information signals (with communication systems), or people (with elevators or hallways).

In intelligence against networks, we frequently are concerned with things like maximum throughput of the system, the shortest (or cheapest) route between two or more locations, or bottlenecks in the system.

Summary

Any entity having the attributes of structure, function, and process can be described and analyzed as a system. Systems analysis is used in intelligence extensively for assessing foreign weapons systems performance. But it also is used to model political, economic, infrastructure, and social systems.

Modeling the structure of a system can rely on an inductive, a deductive, or an abductive approach.

Functional assessments typically require analysis of a system’s performance. Comparative performance analysis is widely used in such assessments. Simulations are used to prepare more sophisticated predictions of a system’s performance.

Process analysis is important for assessing organizations and systems in general. Organizational processes vary by organization type and across cultures. Process analysis also is used to determine systems development schedules and in looking at the life cycle of a program. Program staffing and the technologies involved are other factors that shape development schedules.

Network Modeling and Analysis

Future conflicts will be fought more by networks than by hierarchies, and whoever masters the network form will gain major advantages.

John Arquilla and David Ronfeldt, RAND Corporation

In intelligence, we’re concerned with many types of networks: communications, social, organizational, and financial networks, to name just a few. The basic principles of modeling and analysis apply across most different types of networks.

intelligence has the job of providing an advantage in conflicts by reducing uncertainty.

One of the most powerful tools in the analyst’s toolkit is network modeling and analysis. It has been used for years in the U.S. intelligence community against targets such as terrorist groups and narcotics traffickers. The netwar model of multidimensional conflict between opposing networks is more and more applicable to all intelligence, and network analysis is our tool for examining the opposing network.

a few definitions:

Network—that group of elements forming a unified whole, also known as a system
• Node—an element of a system that represents a person, place, or physical thing
• Cell—a subordinate organization formed around a specific process, capability, or activity within a designated larger organization
Link—a behavioral, physical, or functional relationship between nodes

Link Models

Link modeling has a long history; the Los Angeles police department reportedly used it first in the 1940s as a tool for assessing organized crime networks. Its primary purpose was to display relationships among people or between people and events. Link models demonstrated their value in discerning the complex and typically circuitous ties between entities.

some types of link diagrams are referred to as horizontal relevance trees. Their essence is the graphical representation of (a) nodes and their connection patterns or (b) entities and relationships.

Most humans simply cannot assimilate all the information collected on a topic over the course of several years. Yet a typical goal of intelligence synthesis and analysis is to develop precise, reliable, and valid inferences (hypotheses, estimations, and conclusions) from the available data for use in strategic decision-making or operational planning. Link models directly support such inferences.

The primary purpose of link modeling is to facilitate the organization and presentation of data to assist the analytic process. A major part of many assessments is the analysis of relationships among people, organizations, locations, and things. Once the relationships have been created in a database system, they can be displayed and analyzed quickly in a link analysis program.

To be useful in intelligence analysis, the links should not only identify relationships among data items but also show the nature of their ties. A subject-verb-object display has been used in the intelligence community for sever- al decades to show the nature of such ties, and it is sometimes used in link displays.

Quantitative and temporal (date stamping) relationships have also been used when the display software has a filtering capability. Filters allow the user to focus on connections of interest and can simplify by several orders of magnitude the data shown in a link dis- play.

Link modeling has been replaced almost completely by network modeling, discussed next, because it offers a number of advantages in dealing with complex networks.

Network Models

Most modeling and analysis in intelligence today focuses on networks.

Some Network Types

A target network can include friendly or allied entities

It can include neutrals that your customer wishes to influence—either to become an ally or to remain neutral.

Social Networks

When intelligence analysts talk about net- work analysis, they often mean social net- work analysis (SNA). SNA involves identifying and assessing the relationships among people and groups—the nodes of the network. The links show relationships or trans- actions between nodes. So a social network model provides a visual display of relation- ships among people, and SNA provides a visual or mathematical analysis of the relationships. SNA is used to identify key people in an organization or social network and to model the flow of information within the network.

Organizational Networks

Management consultants often use SNA methodology with their business clients, referring to it as organizational network analysis. It is a method for looking at communication and social networks within a formal organization. Organizational network modeling is used to create statistical and graphical models of the people, tasks, groups, knowledge, and resources of organizations.

Commercial Networks

In competitive intelligence, network analysis tends to focus on networks where the nodes are organizations.

As Babson College professor and business analyst Liam Fahey noted, competition in many industries is now as much competition between networked enterprises

Fahey has de- scribed several such networks and defined five principal types:

Vertical networks. Networks organized across the value chain; for example, 3M Corporation goes from mining raw materials to delivering finished products.
Technology networks. Alliances with technology sources that allow a firm to maintain technological superiority,

such as the CISCO Systems network. • Development networks. Alliances fo- cused on developing new products or processes, such as the multimedia entertainment venture DreamWorks SKG.

Ownership networks. Networks in which a dominant firm owns part or all of its suppliers, as do the Japanese keiretsu.
Political networks. Those focused on political or regulatory gains for its members, for example, the National Association of Manufacturers.

Hybrids of the five are possible, and in some cultures such as in the Middle East and Far East, families can be the basis for a type of hybrid business network.

Financial Networks

Financial networks tend to feature links among organizations, though individuals can be important nodes, as in the Abacha family funds-laundering case. These networks focus on topics such as credit relationships, financial exposures between banks, liquidity flows in the interbank payment system, and funds-laundering transactions. The relationships among financial institutions, and the relationships of financial institutions with other organizations and individuals, are best captured and analyzed with network modeling.

Global financial markets are interconnected and therefore amenable to large-scale modeling. Analysis of financial system networks helps economists to understand systemic risk and is key to preventing future financial crises.

Threat Networks

Military and law enforcement organizations define a specific type of network, called a threat network. These are networks that are opposed to friendly networks.

Such net- works have been defined as being “comprised of people, processes, places, and material—components that are identifiable, targetable, and exploitable.”

A premise of threat network modeling is that all such networks have vulnerabilities that can be exploited. Intelligence must provide an understanding of how the network operates so that customers can identify actions to exploit the vulnerabilities.

Threat networks, no matter their type, can access political, military, economic, social, infrastructure, and information resources. They may connect to social structures in multiple ways (kinship, religion, former association, and history)—providing them with resources and support. They may make use of the global information networks, especially social media, to obtain recruits and funding and to conduct information operations to gain recognition and international support.

Other Network Views

Target networks can be a composite of the types described so far. That is, they can have social, organizational, commercial, and financial elements, and they can be threat net- works. But target networks can be labeled another way. They generally take one of the following relationship forms:

Functional networks. These are formed for a specific purpose. Individuals and organizations in this net- work come together to undertake activities based primarily on the skills, expertise, or particular capabilities they offer. Commercial net- works, crime syndicates, and insurgent groups all fall under this label.
Family and cultural networks. Some members or associates have familial bonds that may span generations. Or the network shares bonds due to a shared culture, language, religion, ideology, country of origin, and/or sense of identity. Friendship net- works fall into this category as do proximity networks—where the network has bonds due to geographic or proximity ties (such as time spent together in correctional institutions).
Virtual network. This is a relatively new phenomenon. In these networks, participants seldom (possibly never) physically meet, but work together through the Internet or some other means of communication. Networks involved in online fraud, theft, or funds laundering are usually virtual networks. Social media often are used to operate virtual networks.

Modeling the Network

Target networks can be modeled manually, or by using computer algorithms to automate the process. Using open-source and classified HUMINT or COMINT, an analyst typically goes through the following steps in manually creating a network model:

Understand the environment.

You should start by understanding the setting in which the network operates. That may require looking at all six of the PMESII factors that constitute the environment, and almost certainly at more than one of these factors. This approach applies to most networks of intelligence interest, again recognizing that “military” refers to that part of the network that applies force (usually physical force) to serve network interests. Street gangs and narcotics traffickers, for example, typically have enforcement arms.

Select or create a network template.

Pattern analysis, link analysis, and social network analysis are the foundational analytic methods that enable intelligence analysts to begin templating the target network. To begin with, are the networks centralized or decentralized? Are they regional or transnational? Are they virtual, familial, or functional? Are they a combination? This information provides a rough idea of their structure, their adaptability, and their resistance to disruption.

Populate the network.

If you don’t have a good idea what the network template looks like, you can apply a technique that is sometimes called “snowballing.” You begin with a few key members of the target network. Then add nodes and linkages based on the information these key members provide about others. Over time, COMINT and other collection sources (open source, HUMINT) al- low the network to be fleshed out. You identify the nodes, name them, and determine the linkages among them. You also typically need to determine the nature of the link. For example, is it a familial link, a trans- actional link, or a hostile link

Computer-Assisted and Automated Modeling

Although manual modeling is still used, commercially available network tools such as Analyst’s Notebook and Palantir are now available to help. One option for using these tools is to enter the data manually but to rely on the tool to create and manipulate the network model electronically.

Analyzing the Network

Analyzing a network involves answering the classic questions—who-what-where-when- how-why—and placing the answers in a format that the customer can understand and act upon, what is known as “actionable intelligence.” Analysis of the network pattern can help identify the what, when, and where. Social network analysis typically identifies who. And nodal analysis can tell how and why.

Nodal Analysis

As noted throughout this book, nodes in a target network can include persons, places, objects, and organizations (which also could be treated as separate networks). Where the node is an organization, it may be appropriate to assess the role of the organization in the larger network—that is, to simply treat it as a node.

The usual purpose of nodal analysis is to identify the most critical nodes in a target network. This requires analyzing the properties of individual nodes, and how they affect or are affected by other nodes in the network. So the analyst must understand the behavior of many nodes and, where the nodes are organizations, the activities taking place within the nodes.

Social Network Analysis

Social network analysis, in which all of the network nodes are persons or groups, is widely used in the social sciences, especially in studies of organizational behavior. In intelligence, as noted earlier, we more frequently use target network analysis, in which almost anything can be a node.

To understand a social network, we need a full description of the social relationships in the network. Ideally, we would know about every relationship between each pair of actors in the network.

In summary, SNA is a tool for understanding the internal dynamics of a target network and how best to attack, exploit, or influence it. Instead of assuming that taking out the leader will disrupt the network, SNA helps to identify the distribution of power in the net- work and the influential nodes—those that can be removed or influenced to achieve a desired result. SNA also is used to describe how a network behaves and how its connectivity shapes its behavior.

Several analytic concepts that come along with SNA also apply to target network ana- lysis. The most useful concepts are centrality and equivalence. These are used today in the analysis of intelligence problems related to terrorism, arms networks, and illegal narcotics organizations.

the extent to which an actor can reach others in the network is a major factor in determining the power that the actor wields. Three basic sources of this advantage are high degree, high closeness, and high betweenness.

Actors who have many network ties have greater opportunities because they have choices. Their rich set of choices makes them less dependent than those with fewer ties and hence more powerful.

The network centrality of the individuals removed will determine the extent to which the removal impedes continued operation of the activity. Thus centrality is an important ingredient (but by no means the only one) in considering the identification of net- work vulnerabilities.

A second analytic concept that accompanies SNA is equivalence. The disruptive effectiveness of removing one individual or a set of individuals from a network (such as by making an arrest or hiring a key executive away from a business competitor) depends not only on the individual’s centrality but also on some notion of his uniqueness, that is, on whether or not he has equivalents.

The notion of equivalence is useful for strategic targeting and is tied closely to the concept of centrality. If nodes in the social network have a unique role (no equivalents), they will be harder to replace.

Network analysis literature offers a variety of concepts of equivalence. Three in particular are quite distinct and, between them, seem to capture most of the important ideas on the subject. The three concepts are substitutability, stochastic equivalence, and role equivalence. Each can be important in specific analysis and targeting applications.

Substitutability is easiest to understand; it can best be described as interchangeability. Two objects or persons in a category are substitutable if they have identical relationships with every other object in the category.

Individuals who have no network substitutes usually make the most worthwhile targets for removal.

Substitutability also has relevance to detecting the use of aliases. The use of an alias by a criminal will often show up in a network analysis as the presence of two or more substitutable individuals (who are in reality the same person with an alias). The interchangeability of the nodes actually indicates the interchangeability of the names.

Stochastic equivalence is a slightly more sophisticated idea. Two network nodes are stochastically equivalent if the probabilities of their being linked to any other particular node are the same. Narcotics dealers working for one distribution organization could be seen as stochastically equivalent if they, as a group, all knew roughly 70 percent of the group, did not mix with dealers from any other organizations, and all received their narcotics from one source.

Role equivalence means that two individuals play the same role in different organizations, even if they have no common acquaintances at all. Substitutability implies role equivalence, but not the converse.

Stochastic equivalence and role equivalence are useful in creating generic models of target organizations and in targeting by analogy—for example, the explosives expert is analogous to the biological expert in planning collection, analyzing terrorist groups, or attacking them.

Organizational Network Analysis

Organizational network analysis is a well-developed discipline for analyzing organizational structure. The traditional hierarchical description of an organizational structure does not sufficiently portray entities and their relationships.

the typical organization also is a system that can be viewed (and analyzed) from the same three perspectives previously discussed:

structure, function, and process.

Structure here refers to the components of the organization, especially people and their relation- ships; this chapter deals with that.

Function refers to the outcome or results produced and tends to focus on decision making.

Process describes the sequences of activities and the expertise needed to produce the results or outcome. Fahey, in his assessment of organizational infrastructure, described four perspectives: structure, systems, people, and decision-making processes. Whatever their names, all three (or four, following Fahey’s example) perspectives must be considered.

Depending on the goal, an analyst may need to assess the network’s mission, its power distribution, its human resources, and its decision- making processes. The analyst might ask questions such as, Where is control exercised? Which elements provide support ser- vices? Are their roles changing? Network analysis tools are valuable for this sort of analysis.

Threat Network Analysis

We want to develop a detailed understanding of how a threat network functions by identifying its constituent elements, learning how its internal processes work to carry out operations, and seeing how all of the network components interact.

assessing threat networks requires, among other things, looking at the

Command-and-control structure. Threat networks can be decentralized, or flat. They can be centralized, or hierarchical. The structures will vary, but they are all designed to facilitate the attainment of the net- work’s goals and continued survival.
Closeness. This is a measure of the members’ shared objectives, kinship, ideology, religion, and personal relations that bond the network and facilitate recruiting new members.
• Expertise. This includes the know- ledge, skills, and abilities of group leaders and members.
• Resources. These include weapons, money, social connections, and public support.
Adaptability. This is a measure of the network’s ability to learn and adjust behaviors and modify operations in response to opposing actions.
Sanctuary. These are locations where the network can safely conduct planning, training, and resupply.

Primary is the ability to adapt over time, specifically to blend into the local population and to quickly replace losses of key personnel and recruit new members. The networks also tend to be difficult to penetrate because of their insular nature and the bonds that hold them together. They typically are organized into cells in a loose network where the loss of one cell does not seriously degrade the entire network.

To carry out the network’s functions, they must engage in activities that expose parts of the network to countermeasures.

They must communicate between cells and with their leadership, exposing the network to discovery and mapping of links.

Target Network Analysis

As we have said, in intelligence work we usually apply an extension of social network analysis that retains its basic concepts. So the techniques described earlier for SNA work for almost all target networks. But whereas all of the entities in SNA are people, again, in target network analysis they can be anything.

Automating the Analysis

Target network analysis has become one of the principal tools for dealing with complex systems, thanks to new, computer-based analytic methods. One tool that has been useful in assessing threat networks is the Organization Risk Analyzer (called *ORA) developed by the Computational Analysis of Social and Organizational Systems (CASOS) at Carnegie Mellon University. *ORA is able to group nodes and identify patterns of ana- lytic significance. It has been used to identify key players, groups, and vulnerabilities, and to model network changes over space and time.

Intelligence analysis relies heavily on graphical techniques to represent the descriptions of target networks compactly. The underlying mathematical techniques allow us to use computers to store and manipulate the information quickly and more accurately than we could by hand.

Summary

One of the most powerful tools in the analyst’s toolkit is network modeling and analysis. It is widely used in analysis disciplines. It is derived from link modeling, which organizes and presents raw intelligence in a visual form such that relationships among nodes (which can be people, places, things, organizations, or events) can be analyzed to extract finished intelligence.

We prefer to have network models created and updated automatically from raw intelligence data by software algorithms. Although some software tools exist for doing that, the analyst still must evaluate the sources and validate the results.

11 Geospatial and Temporal Modeling and Analysis

GEOINT is the professional practice of integrating and interpreting all forms of geospatial data to create historical and anticipatory intelligence products used for planning or that answer questions posed by decision-makers.

This definition incorporates the key ideas of an intelligence mission: all-source analysis and modeling in both space and time (from “historical and anticipatory”). These models are frequently used in analysis; insights about networks are often obtained by examining them in spatial and temporal ways.

During World War II, although the Germans maintained censorship as effectively as anyone else, they did publish their freight tariffs on all goods, including petroleum products. Working from those tariffs, a young U.S. Office of Strategic Services analyst, Walter Levy, conducted geospatial modeling based on the German railroad network to pinpoint the ex- act location of the refineries, which were subsequently targeted by allied bombers.

Static Geospatial Models

In the most general case, geospatial modeling is done in both space and time. But sometimes only a snapshot in time is needed.

Human Terrain Modeling

U.S. ground forces in Iraq and Afghanistan in the past few years have rediscovered and refined a type of static geospatial model that was used in the Vietnam War, though its use dates far back in history. Military forces now generally consider what they call “human terrain mapping” as an essential part of planning and conducting operations in populated areas.

In combating an insurgency, military forces have to develop a detailed model of the local situations that includes political, economic, and sociological inform- ation as well as military force information.

It involves acquiring the following details about each village and town:

The boundaries of each tribal area (with specific attention to where they adjoin or overlap)
Location and contact information for each sheik or village mukhtar and for government officials
Locations of mosques, schools, and markets
Patterns of activity such as movement into and out of the area; waking, sleeping, and shopping habits
Nearest locations and checkpoints of security forces
Economic driving forces including occupation and livelihood of inhabit- ants; employment and unemployment levels
Anti-coalition presence and activities

Access to essential services such as fuel, water, emergency care, and fire response
Particular local population concerns and issues

Human terrain mapping, or more correctly human terrain modeling, is an old intelligence technique.

Though Moses’s HUMINT mission failed because of poor analysis by the spies, it remains an excellent example of specific collection tasking as well as of the history of human terrain mapping.

1919 Paris Peace Conference

In 1917 President Woodrow Wilson established a study group to prepare materials for peace negotiations that would conclude World War I. He eventually tapped geographer Isaiah Bowman to head a group of 150 academics to prepare the study. It covered the languages, ethnicities, resources, and historical boundaries of Europe. With support from the American Geological Society, Bowman directed the production of over three hundred maps per week during January 1919.

The Tools of Human Terrain Modeling

Today, human terrain modeling is used extensively to support military operations in Syria, Iraq, and Afghanistan. Many tools have been developed to create and analyze such models. The ability to do human terrain mapping and other types of geospatial modeling has been greatly expanded and popularized by Google Earth and by Microsoft’s Virtual Earth. These geospatial modeling tools provide multiple layers of information.

This unclassified online material has a number of intelligence applications. For intelligence analysts, it permits planning HUMINT and COMINT operations. For military forces, it supports precise targeting. For terrorists, it facilitates planning of attacks.

Temporal Models

Pure temporal models are used less frequently than the dynamic geospatial models discussed next, because we typically want to observe activity in both space and time—sometimes over very short times. Timing shapes the consequences of planned events.

There are a number of different temporal model types; this chapter touches on two of them—timelines and pattern-of-life modeling and analysis.

Timelines

An opponent’s strategy often becomes apparent only when seemingly disparate events are placed on a timeline.

Event-time patterns tell analysts a great deal; they allow analysts to infer relationships among events and to examine trends. Activity patterns of a target network, for example, are useful in determining the best time to collect intelligence. An example is a plot of total telephone use over twenty-four hours—the plot peaks about 11 a.m., which is the most likely time for a per- son to be on the telephone.

Pattern-of-Life Modeling and Analysis

Pattern-of-life (POL) analysis is a method of modeling and understanding the behavior of a single person or group by establishing a re- current pattern of actions over time in a given situation. It has similarities to the concept of activity-based intelligence

Dynamic Geospatial Models

A dynamic variant of the geospatial model is the space-time model. Many activities, such as the movement of a satellite, a vehicle, a ship, or an aircraft, can best be shown spatially—as can population movements. A com- bination of geographic and time synthesis and analysis can show movement patterns, such as those of people or of ships at sea.

Dynamic geospatial modeling and analysis has been described using a number of terms. Three that are commonly used in intelligence are described in this section: movement intelligence, activity-based intelligence, and geographic profiling. Though they are similar, each has a somewhat different meaning. Dynamic modeling is also applied in understanding intelligence enigmas.

Movement Intelligence

Intelligence practitioners sometimes describe space-time models as movement intelligence, or “MOVINT” as if it were a collection “INT” instead of a target model. The name “movement intelligence” for a specialized intelligence product dates roughly to the wide use of two sensors for area surveillance.

One was the moving target indicator (MTI) capability for synthetic aperture radars. The other was the deployment of video cameras on intelligence collection platforms. MOVINT has been defined as “an intelligence gathering method by which images (IMINT), non-imaging products (MASINT), and signals (SIGINT) produce a movement history of objects of interest.”

Activity-Based Intelligence

Activity-based intelligence, or ABI, has been defined as “a discipline of intelligence where the analysis and subsequent collection is focused on the activity and transactions associated with an entity, population, or area of interest.”

ABI is a form of situational awareness that focuses on interactions over time. It has three characteristics:

Raw intelligence information is constantly collected on activities in a given region and stored in a database for later metadata searches.
It employs the concept of “sequence neutrality,” meaning that material is collected without advance knowledge of whether it will be useful for any intelligence purpose.
It also relies on “data neutrality,” meaning that any source of intelligence may contribute; in fact, open source may be the most valuable.

ABI therefore is a variant of the target-centric approach, focused on the activity of a target (person, object, or group) within a specified target area. So it includes both spatial and temporal dimensions. At a higher level of complexity, it can include network relationships as well.

Though the term ABI is of recent origin and is tied to the development of surveillance methods for collecting intelligence, the concept of solving intelligence problems by monitoring activity over time has been ap- plied for decades. It has been the primary tool for dealing with geographic profiling and intelligence enigmas.

Geographic Profiling

Geographic profiling is a term used in law enforcement for geospatial modeling, specifically a space-time model, that supports serial violent crime or sexual crime investigations. Such crimes, when committed by strangers, are difficult to solve. Their investigation can produce hundreds of tips and suspects, resulting in the problem of information overload

Intelligence Enigmas

Geospatial modeling and analysis frequently must deal with unidentified facilities, objects, and activities. These are often referred to by the term intelligence enigmas. For such targets, a single image—a snapshot in time—is insufficient.

Summary

One of the most powerful combination models is the geospatial model, which combines all sources of intelligence into a visual picture (often on a map) of a situation. One of the oldest of analytic products, geospatial modeling today is the product of all-source analysis that can incorporate OSINT, IMINT, HUMINT, COMINT, and advanced technical collection methods.

Many GEOINT models are dynamic; they show temporal changes. This combination of geospatial and temporal models is perhaps the single most important trend in GEOINT. Dynamic GEOINT models are used to observe how a situation develops over time and to extrapolate future developments

Part II

The Estimative Process

12 Predictive Analysis

“Your problem is that you are not able to see things before they happen.”

Wotan to Fricka, in Wagner’s opera Die Walküre

Describing a past event is not intelligence analysis; it is reciting history. The highest form of intelligence analysis requires structured thinking that results in an estimate of what is likely to happen.

True intelligence analysis is always predictive.

The value of a model of possible futures is in the insights that it produces. Those insights prepare customers to deal with the future as it unfolds. The analyst’s contribution lies in the assessment of the forces that will shape future events and the state of the target mod- el. If an analyst accurately assesses the forces, she has served the intelligence customer well, even if the prediction derived from that assessment turns out to be wrong.

policymaking customers tend to be skeptical of predictive analysis unless they do it themselves. They believe that their own opinions about the future are at least as good as those of intelligence analysts. So when an analyst offers an estimate without a compelling supporting argument, he or she should not be surprised if the policymaker ignores it.

By contrast, policymakers and executives will accept and make use of predictive analysis if it is well reasoned, and if they can follow the analyst’s logical development. This implies that we apply a formal methodology, one that the customer can understand, so that he or she can see the basis for the conclusions drawn.

Former national security adviser Brent Scowcroft observed, “What intelligence estimates do for the policymaker is to remind him what forces are at work, what the trends are, and what are some of the possibilities that he has to consider.” Any intelligence assessment that does these things will be readily accepted.

Introduction to Predictive Analysis

Intelligence can usually deal with near-term developments. Extrapolation—the act of making predictions based solely on past observations—serves us reasonably well in the short term for situations that involve established trends and normal individual or organizational behaviors.

Adding to the difficulty, intelligence estimates can also affect the future that they predict. Often, the estimates are acted on by policymakers—sometimes on both sides.

The first step in making any estimate is to consider the phenomena that are involved, in order to determine whether prediction is even possible.

Convergent and Divergent Phenomena

In examining trends and possible future events, we use the same terminology: Convergent phenomena make prediction possible; divergent phenomena frustrate it.

a basic question to ask at the outset of any predictive attempt is, Does the principle of causation apply? That is, are the phenomena we are to examine and prepare estimates about governed by the laws of cause and effect?

A good example of a divergent phenomenon in intelligence is the coup d’état. Policy- makers often complain that their intelligence organizations have failed to warn of coups. But a coup event is conspiratorial in nature, limited to a handful of people, and dependent on the preservation of secrecy for its success.

If a foreign intelligence service knows of the event, then secrecy has been com- promised and the coup is almost certain to fail—the country’s internal security services will probably forestall it. The conditions that encourage a coup attempt can be assessed and the coup likelihood estimated by using probability theory, but the timing and likelihood of success are not “predictable.”

The Estimative Approach

The target-centric approach to prediction follows an analytic pattern long established in the sciences, in organizational planning, and in systems synthesis and analysis.

The synthesis and analysis process discussed in this chapter and the next is derived from an estimative approach that has been formalized in several professional disciplines. In management theory, the approach has several names, one of which is the Kepner-Tregoe Rational Management Process. In engineering, the formalization is called the Kalman Filter. In the social sciences, it is called the Box-Jenkins method. Although there are differences among them, all are techniques for combining complex data to create estimates. They all require combining data to estimate an entity’s present state and evaluating the forces acting on the entity to predict its future state.

This concept—to identify the forces acting on an entity, to identify likely future forces, and to predict the likely changes in old and new forces over time, along with some indicator of confidence in these judgments—is the key to successful estimation. It takes into ac- count redundant and conflicting data as well as the analyst’s confidence in these data.

The key is to start from the present target model (and preferably, also with a past target model) and move to one of the future models, using an analysis of the forces involved as a basis. Other texts on estimative analysis describe these forces as issues, trends, factors, or drivers. All those terms have the same meaning: They are the entities that shape the future.

The methodology relies on three predictive mechanisms: extrapolation, projection, and forecasting. Those components and the general approach are defined here; later in the chapter, we delve deeper into “how-to” details of each mechanism.

An extrapolation assumes that these forces do not change between the present and future states, a projection assumes they do change, and a forecast assumes they change and that new forces are added.

The analysis follows these steps:

Determine at least one past state and the present state of the entity. In intelligence, this entity is the target model, and it can be a model of almost anything—a terrorist organization, a government, a clandestine trade network, an industry, a technology, or a ballistic missile.
Determine the forces that acted on the entity to bring it to its present state.

These same forces, acting unchanged, would result in the future state shown as an extrapolation (Scenario 1).

To make a projection, estimate the changes in existing forces that are likely to occur. In the figure, a decrease in one of the existing forces (Force 1) is shown as causing a projected future state that is different from the extrapolation (Scenario 2).
To make a forecast, start from either the extrapolation or the projection and then identify the new forces that may act on the entity, and incorporate their effect. In the figure, one new force is shown as coming to bear, resulting in a forecast future state that differs from both the extrapolated and the projected future states (Scenario 3).
Determine the likely future state of the entity based on an assessment of the forces. Strong and certain forces are weighed most heavily in this pre- diction. Weak forces, and those in which the analyst lacks confidence (high uncertainty about the nature or effect of the force), are weighed least.

The process is iterative.

In this figure, we are concerned with a target (technology, system, person, organization, country, situation, industry, or some combination) that changes over time. We want to describe or characterize the entity at some future point.

the basic analytic paradigm is to create a model of the past and present state of the target, followed by alternative models of its possible future states, usually created in scenario form.

A CIA assessment of Mikhail Gorbachev’s economic reforms in 1985–1987 correctly estimated that his proposed reforms risked “confusion, economic disruption, and worker discontent” that could embolden potential rivals to his power.17 This projection was based on assessing the changing forces in Soviet society along with the inertial forces that would resist change.

The process we’ve illustrated in these examples has many names—force field analysis and system dynamics are two.

for forecasting, the analyst must identify new forces that are likely to come into play. Most of the chapters that follow focus on identifying and measuring these forces.

An analyst can (wrongly) shape the outcome by concentrating on some forces and ignoring or downplaying the significance of others.

Force Analysis According to Sun Tzu

Factor or force analysis is an ancient predictive technique. Successful generals have practiced it in warfare for thousands of years, and one of its earliest known pro- ponents was Sun Tzu. He described the art of war as being controlled by five factors, or forces, all of which must be taken into ac- count in predicting the outcome of an engagement. He called the five factors Moral Law, Heaven, Earth, the Commander, and Method and Discipline. In modern terms, the five would be called social, environmental, geospatial, leadership, and organizational factors.

The simplest approach to both projection and forecasting is to do it qualitatively. That is, an analyst who is an expert in the subject area begins the process by answering the following questions:

What forces have affected this entity (organization, situation, industry, technical area) over the past several years?19
Which five or six forces had more im- pact than others?
What forces are expected to affect this entity over the next several years?
Which five or six forces are likely to have more impact than others?
What are the fundamental differ- ences between the answers to ques- tions two and four?
What are the implications of these differences for the entity being analyzed?

The answers to those questions shape the changes in direction of the extrapolation… At more sophisticated levels of qualitative synthesis and analysis, the analyst might examine adaptive forces (feedback forces) and their changes over time.

High-Impact/Low-Probability Analysis

Projections and forecasts focus on the most likely outcomes. But customers also need to be aware of the unlikely outcomes that could have severe adverse effects on their interests.

The CIA’s tradecraft manual describes the analytic process as follows:

Define the high-impact outcome clearly. This definition will justify examining what most analysts believe to be a very unlikely development.
Devise one or more plausible explanations for or “pathways” to the low-probability outcome. This should be as precise as possible, as it can help identify possible indicators for later monitoring.
Insert possible triggers or changes in momentum if appropriate. These can be natural disasters, sudden health problems of key leaders, or new eco- nomic or political shocks that might have occurred historically or in other parts of the world.
Brainstorm with analysts having a broad set of experiences to aid the development of plausible but unpredictable triggers of sudden change.
Identify for each pathway a set of indicators or “observables” that would help you anticipate that events were beginning to play out this way.
Identify factors that would deflect a bad outcome or encourage a positive outcome.

The product of high-impact/low-probability analysis is a type of scenario called a demonstration scenario…

Two important types of bias can exist in predictive analysis: pattern, or confirmation, bias—looking for evidence that confirms rather than rejects a hypothesis; and heuristic bias—using inappropriate guidelines or rules to make predictions.

Two points are worth noting at the beginning of the discussion:

One must make careful use of the tools in synthesizing the model, as some will fail when applied to prediction. Expert opinion, for example, is often used in creating a target model; but experts’ biases, egos, and narrow focuses can interfere with their pre- dictions. (A useful exercise for the skeptic is to look at trade press or technical journal predictions that were made more than ten years ago that turned out to be way off base. Stock market predictions and popular science magazine predictions of automobile designs are particularly entertaining.)
Time constraints work against the analyst’s ability to consistently employ the most elaborate predictive techniques. Veteran analysts tend to use analytic techniques that are relatively fast and intuitive. They can view scenario development, red teams (teams formed to take the opponent’s perspective in planning or assessments), competing hypotheses, and alternative analysis as being too time-consuming to use in ordinary circumstances. An analyst has to guard against using just extrapolation because it is the fastest and easiest to do. But it is possible to use shortcut versions of many predictive techniques and sometimes the situation calls for that. This chapter and the following one contain some examples of shortcuts.

Extrapolation

An extrapolation is a statement, based only on past observations, of what is expected to happen. Extrapolation is the most conservative method of prediction. In its simplest form, an extrapolation, using historical performance as the basis, extends a linear curve on a graph to show future direction.

Extrapolation also makes use of correlation and regression techniques. Correlation is a measure of the degree of association between two or more sets of data, or a measure of the degree to which two variables are related. Regression is a technique for predicting the value of some unknown variable based only on information about the current values of other variables. Regression makes use of both the degree of association among variables and the mathematical function that is determined to best describe the relationships among variables.

the more bureaucracy and red tape involved in doing business, the more corruption is likely in the country.

Projection

Before moving on to projection and forecasting, let’s reinforce the differentiation from extrapolation. An extrapolation is a simple assertion about what a future scenario will look like. In contrast, a projection or a forecast is a probabilistic statement about some future scenario.

Projection is more reliable than extrapolation. It predicts a range of likely futures based on the assumption that forces that have operated in the past will change, whereas extrapolation assumes the forces do not change.

Projection makes use of two major analytic techniques. One technique, force analysis, was discussed earlier in this chapter. After a qualitative force analysis has been completed, the next technique is to apply probabilistic reasoning to it. Probabilistic reasoning is a systematic attempt to make subjective estimates of probabilities more explicit and consistent. It can be used at any of several levels of complexity (each successive level of sophistication adds new capability and completeness). But even the simplest level of generating alternatives, discussed next, helps to prevent premature closure and adds structure to complicated problems.

Generating Alternatives

The first step to probabilistic reasoning is no more complicated than stating formally that more than one outcome is possible. One can generate alternatives simply by listing all possible outcomes to the issue under consideration. One can generate alternatives simply by listing all possible outcomes to the issue under consideration. Remember that the possible outcomes can be defined as alternative scenarios.

The mere act of generating a complete, detailed list often provides a useful perspective on a problem.

Influence Trees or Diagrams

A list of alternative outcomes is the first step. A simple projection might not go beyond this level. But for more rigorous analysis, the next step typically is to identify the things that influence the possible outcomes and indicate the interrelationship of these influences. This process is frequently done by using an influence tree.

let’s assume that an analyst wants to assess the outcome of an ongoing African insurgency movement. There are three obvious possible outcomes: The insur- gency will be crushed, the insurgency will succeed, or there will be a continuing stale- mate. Other outcomes may be possible, but we can assume that they are so unlikely as not to be worth including. The three outcomes for the influence diagram are as follows:

Regime wins
Insurgency wins
Stalemate

The analyst now describes those forces that will influence the assessment of the relative likelihoods of each outcome. For instance, the insurgency’s success may depend on whether economic conditions improve, remain the same, or become worse during the next year. It also may depend on the success of a new government poverty relief program. The assumptions about these “driver” events are often described as linchpin premises in U.S. intelligence practice, and these assumptions need to be made explicit.

Having established the uncertain events that influence the outcome, the analyst proceeds to the first stage of an influence tree.

The thought process that is invoked when generating the list of influencing events and their outcomes can be useful in several ways. It helps identify and document factors that are relevant to judging whether an alternative outcome is likely to occur.

The audit trail is particularly useful in showing colleagues what the analyst’s thinking has been, especially if he desires help in upgrading the diagram with things that may have been overlooked. Software packages for creating influence trees allow the inclusion of notes that create an audit trail.

In the process of generating the alternative lists, the analyst must address the issue of whether the event (or outcome) being listed actually will make a difference in his assessment of the relative likelihood of the outcomes of any of the events being listed.

For instance, in the economics example, if the analyst knew that it would make no difference to the success of the insurgency whether economic conditions improved or remained the same, then there would be no need to differentiate these as two separate outcomes. The analyst should instead simplify the diagram.

The second question, having to do with additional influences not yet shown on the diagram, allows the analyst to extend this pictorial representation of influences to whatever level of detail is considered necessary. Note, however, that the analyst should avoid adding unneeded layers of detail.

Probabilistic reasoning is used to evaluate outcome scenarios.

This influence tree approach to evaluating possible outcomes is more convincing to customers than would be an unsupported ana- lytic judgment about the prospects for the insurgency. Human beings tend to do poorly at such complex assessments when they are approached in a totally unaided, subjective manner; that is, by the analyst mentally combining the force assessments in an un- structured way.

Influence Nets

Influence net modeling is an alternative to the influence tree.

To create an influence net, the analyst defines influence nodes, which depict events that are part of cause-effect relationships within the target model. The analyst also creates “influence links” between cause and effect that graphically illustrate the causal relation between the connected pair of events.

The influence can be either positive (sup- porting a given decision) or negative (decreasing the likelihood of the decision), as identified by the link “terminator.” The terminator is either an arrowhead (positive influence) or a filled circle (negative influence). The resulting graphical illustration is called the “influence net topology.”

Making Probability Estimates

Probabilistic projection is used to predict the probability of future events for some time- dependent random process… A number of these probabilistic techniques are used in industry for projection.

Two techniques that we use in intelligence analysis are as follows:

Point and interval estimation. This method attempts to describe the probability of outcomes for a single event. An example would be a country’s economic growth rate, and the event of concern might be an eco- nomic depression (the point where the growth rate drops below a certain level).
Monte Carlo simulation. This method simulates all or part of a process by running a sequence of events repeatedly, with random combinations of values, until sufficient statistical material is accumulated to determine the probability distribution of the outcome.

Most of the predictive problems we deal with in intelligence use subjective probability estimates. We routinely use subjective estimates of probabilities in dealing with broad issues for which no objective estimate is feasible.

Sensitivity Analysis

When a probability estimate is made, it is usually worthwhile to conduct a sensitivity analysis on the result. For example, the occurrence of false alarms in a security system can be evaluated as a probabilistic process.

Forecasting

Projections often work out better than extrapolations over the medium term. But even the best-prepared projections often seem very conservative when compared to reality years later. New political, economic, social, technological, or military developments will create results that were not foreseen even by experts in a field.

Forecasting uses many of the same tools that projection relies on—force analysis and probabilistic reasoning, for example. But it presents a stressing intellectual challenge, because of the difficulty in identifying and assessing the effect of new forces.

The development of alternative futures is essential for effective strategic decision-making. Since there is no single predictable future, customers need to formulate strategy within the context of alternative future states of the target. To this end, it is necessary to develop a model that will make it possible to show systematically the interrelationships of the individually forecast trends and events.

A forecast is not a blueprint of the future, and it typically starts from extrapolations or projections. Forecasters then must expand their scope to admit and juggle many additional forces or factors. They must examine key technologies and developments that are far afield but that nevertheless affect the subject of the forecast.

The Nonlinear Approach to Forecasting

Obviously, a forecasting methodology requires analytic tools or principles. But for any forecasting methodology to be successful, analysts who have significant understanding of many PMESII factors and the ability to think about issues in a nonlinear fashion are also required.

Futuristic thinking examines deeper forces and flows across many disciplines that have their own order and pattern. In predictive analysis, we may seem to wander about, making only halting progress toward the solution. This nonlinear process is not a flaw; rather it is the mark of a natural learning process when dealing with complex and nonlinear matters.

The sort of person who can do such multidisciplinary analysis of what is likely to happen in the future has a broad under- standing of the principles that cause a physical phenomenon, a chemical reaction, or a social reaction to occur. People who are multidisciplinary in their knowledge and thinking can pull together concepts from several fields and assess political, economic, and social, as well as technical, factors. Such breadth of understanding recognizes the similarity of principles and the underlying forces that make them work. It might also be called “applied common sense,” but unfortunately it is not very common. Analysts instead tend to specialize, because in-depth expertise is highly valued by both intelligence management and the intelligence customer.

The failure to do multidisciplinary analysis is often tied closely to mindset.

Techniques and Analytic Tools of Forecasting

Forecasting is based on a number of assumptions, among them the following:

The future cannot be predicted, but by taking explicit account of uncertainty, one can make probabilistic forecasts.
Forecasts must take into account possible future developments in such areas as organizational changes, demography, lifestyles, technology, economics, and regulation.

For policymakers and executives, the aim of defining alternative futures is to try to determine how to create a better future than the one that would materialize if we merely keep doing what we’re currently doing. Intelligence analysis contributes to this definition of alternative futures, with emphasis on the likely actions of others—allies, neutrals, and opponents.

Forecasting starts through examination of the changing political, military, economic, and social environments.

We first select issues or concerns that require attention. These issues and concerns have component forces that can be identified using a variant of the strategies-to-task methodology.

If the forecast is done well, these scenarios stimulate the customer of intelligence—the executive—to make decisions that are appropriate for each scenario. The purpose is to help the customer make a set of decisions that will work in as many scenarios as possible.

Evaluating Forecasts

Forecasts are judged on the following criteria:

Clarity. Can the customer under- stand the forecast and the forces involved? Is it clear enough to be useful?
Credibility. Do the results make sense to the customer? Do they appear valid on the basis of common sense?
Plausibility. Are the results consistent with what the customer knows about the world outside the scenario and how this world really works or is likely to work in the future?
Relevance. To what extent will the forecasts affect the successful achievement of the customer’s mission?
Urgency. To what extent do the forecasts indicate that, if action is required, time is of the essence in developing and implementing the necessary changes?
Comparative advantage. To what extent do the results provide a basis for customer decision-making, com- pared with other sources available to the customer?
Technical quality. Was the process that produced the forecasts technically sound? Are the alternative forecasts internally consistent?

A “good” forecast is one that meets all or most of these criteria. A “bad” forecast is one that does not. The analyst has to make clear to customers that forecasts are transitory and need constant adjustment to be helpful in guiding thought and action.

Customers typically have a number of complaints about forecasts. Common complaints are that the forecast is obvious; it states nothing new; it is too optimistic, pessimistic, or naïve; or it is not credible because it overlooks obvious trends, events, causes, or consequences. Such objections are actually desirable; they help to improve the product. There are a number of appropriate responses to these objections: If something important is missing, add it. If something unimportant is included, get rid of it. If the forecast seems either obvious or counterintuitive, probe the underlying logic and revise the forecast as necessary.

Summary

Intelligence analysis, to be useful, must be predictive. Some events or future states of a target are predictable because they are driven by convergent phenomena. Some are not predictable because they are driven by divergent phenomena.

The analysis product—a demonstration scenario—describes how such a development might plausibly start and identifies its consequences. This provides indicators that can be monitored to warn that the improbable event is actually happening.

For analysts predicting systems developments as many as five years into the future, extrapolations work reasonably well; for those looking five to fifteen years into the future, projections usually fare better.

13 Estimative Forces

Estimating is what you do when you don’t know.

The factors or forces that have to be considered in estimation—primarily PMESII factors—vary from one intelligence problem to another. I do not attempt to catalog them in this book; there are too many. But an important aspect of critical thinking, discussed earlier, is thinking about the underlying forces that shape the future. This chapter deals with some of those forces.

The CIA’s tradecraft manual describes an analytic methodology that is appropriate for identifying and assessing forces. Called “outside in” thinking, it has the objective of identifying the critical external factors that could influence how a given situation will develop. According to the tradecraft manual, analysts should develop a generic description of the problem or the phenomenon under study. Then, analysts should:

List all the key forces (social, technological, economic, environmental, and political) that could have an impact on the topic, but over which one can exert little influence (e.g., globalization, social stress, the Internet, or the global economy).
Focus next on key factors over which an actor or policymaker can exert some influence. In the business world this might be the market size, customers, the competition, suppliers or partners; in the government do- main it might include the policy actions or the behavior of allies or adversaries.
Assess how each of these forces could affect the analytic problem.
Determine whether these forces actually do have an impact on the particular issue based on the available evidence.

Political and military factors are often the focus of attention in assessing the likely out- come of conflicts. But the other factors can turn out to be dominant. In the developing conflict between the United States and Japan in 1941, Japan had a military edge in the Pacific. But the United States had a substantial edge in these factors:

Political. The United States could call on a substantial set of allies. Japan had Germany and Italy.
Economy. Japan lacked the natural resources that the United States and its allies controlled.
Social. The United States had almost twice the population of Japan. Japan initially had an edge in the solidarity of its population in support of the government, but that edge was matched within the United States after Pearl Harbor.
Infrastructure. The U.S. manufacturing capability far exceeded that of Japan and would be decisive in a prolonged conflict (as many Japanese military leaders foresaw).
Information. The prewar information edge favored Japan, which had more control of its news media, while a segment of the U.S. media strongly opposed involvement in war. That edge also evaporated after December 7, 1941.

Inertia

One force that has broad implications is inertia, the tendency to stay on course and resist change.

It has been observed that: “Historical inertia is easily underrated . . . the historical forces molding the outlook of Americans, Russians, and Chinese for centuries before the words capitalism and communism were invented are easy still to overlook.”

Opposition to change is a common reason for organizations’ coming to rest. Opposition to technology in general, for example, is an inertial matter; it results from a desire of both workers and managers to preserve society as it is, including its institutions and traditions.

A common manifestation of the law of inertia is the “not-invented-here,” or NIH, factor, in which the organization opposes pressures for change from the outside.

But all societies resist change to a certain extent. The societies that succeed seem able to adapt while preserving that part of their heritage that is useful or relevant.

From an analyst’s point of view, inertia is an important force in prediction. Established factories will continue to produce what they know how to produce. In the automobile industry, it is no great challenge to predict that next year’s autos will look much like this year’s. A naval power will continue to build ships for some time even if a large navy ceases to be useful.

Countervailing Forces

All forces are likely to have countervailing or resistive forces that must be considered.

The principle is summarized well by another of Newton’s laws of physics: For every action there is an equal and opposite reaction.

Applications of this principle are found in all organizations and groups, commercial, national, and civilizational. As Samuel P. Huntington noted, “[W]e know who we are . . . often only when we know who we are against.”

A predictive analysis will always be incomplete unless it identifies and assesses opposing forces. All forces eventually meet counterforces. An effort to expand free trade inevitably arouses protectionist reactions. One country’s expansion of its military strength always causes its neighbors to react in some fashion.

Counterforces need not be of the same nature as the force they are countering. A prudent organization is not likely to play to its opponent’s strengths. Today’s threats to U.S. national security are asymmetric; that is, there is little threat of a conventional force-on-force engagement by an opposing military, but there is a threat of an unconventional yet lethal attack by a loosely organized terrorist group, as the events of September 11, 2001, and more recently the Boston Marathon bombing, demonstrated. Asymmetric counterforces are common in industry as well. Industrial organizations try to achieve cost asymmetry by using defensive tactics that have a large favorable cost differential between their organization and that of an opponent.

Contamination

Contamination is the degradation of any of the six factors—political, military, economic, social, infrastructure, or information (PMESII factors)—through an infection-like process. Corruption is a form of political and social contamination. Funds laundering and counterfeiting are forms of economic contamination. The result of propaganda is information contamination.

Contamination phenomena can be found throughout organizations as well as in the scientific and technical disciplines. Once such an infection starts, it is almost impossible to eradicate.

Contamination phenomena have analogies in the social sciences, organization theory, and folklore.

At some point in organizations, contamination can become so thorough that only drastic measures will help—such as shutting down the glycerin plant or rebuilding the microwave tube plant. Predictive intelligence has to consider the extent of such social contamination in organizations, because contamination is a strong restraining force on an organization’s ability to deal with change.

The effects of social contamination are hard to measure, but they are often highly visible.

The contamination phenomenon has an interesting analogy in the use of euphemism in language. It is well known that if a word has or develops negative associations, it will be replaced by a succession of euphemisms. Such words have a half-life, or decay rate, that is shorter as the word association be- comes more negative. In older English, the word stink meant “to smell.” The problem is that most of the strong impressions we get from scents are unpleasant ones; so each word for olfactory senses becomes contaminated over time and must be replaced. Smell has a generally unpleasant connotation now

The renaming of a program or project is a good signal that the program or project is in trouble—especially in Washington, D.C., but the same rule holds in any culture.

Synergy

predictive intelligence analysis almost always requires multidisciplinary understanding. Therefore, it is essential that the analysis organization’s professional development program cultivate a professional staff that can understand a broad range of concepts and function in a multidisciplinary environment. One of the most basic concepts is that of synergy: The whole can be more than the sum of its parts due to interactions among the parts. Synergy is therefore, in some respects, the opposite of the countervailing forces discussed earlier.

Synergy is not really a force or factor as much as a way of thinking about how forces or factors interact. Synergy can result from cooperative efforts and alliances among organizations (synergy on a large scale).

Netwar is an application of synergy.

In electronics warfare, it is now well known that a weapons system may be unaffected by a single countermeasure; however, it may be degraded by a combination of countermeasures, each of which fail individually to defeat it. The same principle applies in a wide range of systems and technology developments: The combination may be much greater than the sum of the components taken individually.

Synergy is the foundation of the “swarm” approach that military forces have applied for centuries—the coordinated application of overwhelming force.

In planning a business strategy against a competitive threat, a company will often put in place several actions that, each taken alone, would not succeed. But the combination can be very effective. As a simple example, a company might use sever- al tactics to cut sales of a competitor’s new product: start rumors of its own improved product release, circulate reports on the defects or expected obsolescence of the competitor’s product, raise buyers’ costs of switching from its own to the competitor’s product, and tie up suppliers by using exclusive contracts. Each action, taken separately, might have little impact, but the synergy—the “swarm” effect of the actions taken in combination—might shatter the competitor’s market.

Feedback

In examining any complex system, it is important for the analyst to evaluate the system’s feedback mechanism. Feedback is the mechanism whereby the system adapts—that is, learns and changes itself. The following discussion provides more detail about how feedback works to change a system.

Many of the techniques for prediction de- pend on the assumption that the process being analyzed can be described, using systems theory, as a closed-loop system. Under the mathematical theory of such systems, feedback is a controlling force in which the out- put is compared with the objective or standard, and the input process is corrected as necessary to bring the output toward a desired state

The feedback function therefore determines the behavior of the total system over time. Only one feedback loop is shown in the figure, but many feedback loops can exist, and usually do in a complex system.

Care Guides for Plant Life

Temperature, Precipitation, Sunshine, Humidity, and Rain Averages for Jerico, Colombia

Notes from Transnational Organized Crime, Terrorism, and Criminalized States in Latin America – An Emerging Tier-One National Security Priority

Douglas Farah is an American journalist, national security consultant, a Senior Fellow of Financial Investigations and Transparency at the International Assessment of Strategy Center and also an adjunct fellow at the Center for Strategic and International Studies.

Farah served as United Press International bureau chief in El Salvador from 1985 to 1987, and a freelance journalist for The Washington Post, Newsweek, and other publications until being hired as a staff correspondent for The Washington Post in 1992.

These are notes from his monograph published by the Strategic Studies Institute Monograph Transnational Organized Crime, Terrorism, and Criminalized States in Latin America – An Emerging Tier-One National Security Priority in August of 2012.

NOTES

The emergence of new hybrid (state and nonstate) transnational criminal and terrorist franchises in Latin America poses a tier-one security threat for the United States. These organizations operate under broad state protection and undermine democratic governance, sovereignty, growth, trade, and stability.

Leaders of these organizations share a publicly articulated doctrine to employ asymmetric warfare against the United States and its allies that explicitly endorses the use of WMD as a legitimate tactic.

illicit forces in Latin America within criminalized states have begun using tactical operations centers as a means of pursuing their view of statecraft. That brings new elements to the “dangerous spaces” where nonstate actors intersect with regions characterized by weak sovereignty and alternative governance systems. This new dynamic fundamentally alters the structure underpinning global order.

Being capable of understanding and mitigating this threat requires a whole-of-government approach, including collection, analysis, law enforcement, policy, and programming. The traditional state/nonstate dichotomy is no longer useful for an adequate illumination of these problems. Similarly, the historical divide between transnational organized crime and terrorism is becoming increasingly irrelevant.

TRANSNATIONAL ORGANIZED CRIME, TERRORISM, AND CRIMINALIZED STATES IN LATIN AMERICA: AN EMERGING TIER-ONE NATIONAL SECURITY PRIORITY

INTRODUCTION AND GENERAL FRAMEWORK

The Changing Nature of the Threat.

The purpose of this monograph is to identify and discuss the role played by transnational organized crime groups (TOCs) in Latin America, and the inter- play of these groups with criminalizing state structures, “stateless” regions, extra-regional actors, and the multiple networks that exploit them. It particularly focuses on those areas that pose, or potentially pose, a threat to U.S. interests at home and abroad; and, it can be used as a model for understanding similar threats in other parts of the world.

This emerging combination of threats comprises a hybrid of criminal-terrorist, and state and nonstate franchises, combining multiple nations acting in concert, and traditional TOCs and terrorist groups acting as proxies for the nation-states that sponsor them. These hybrid franchises should now be viewed as a tier-one security threat for the United States. Under- standing and mitigating the threat requires a whole- of-government approach, including collection, analysis, law enforcement, policy, and programming. No longer is the state/nonstate dichotomy useful in illuminating these problems, just as the TOC/terrorism divide is increasingly disappearing.

These franchises operate in, and control, specific geographic territories which allow them to function in a relatively safe environment. These pipelines, or recombinant chains of networks, are highly adaptive and able to move a multiplicity of illicit products (cocaine, weapons, humans, and bulk cash) that ultimately cross U.S. borders undetected thousands of times each day. The actors along the pipeline form and dis- solve alliances quickly, occupy both physical and cyber space, and use both highly developed and modern institutions, including the global financial system, as well as ancient smuggling routes and methods.

This totals to some $6.2 trillion— fully 10 percent of the world’s GDP, placing it behind only the United States and the European Union (EU), but well ahead of China, in terms of global GDP ranking.1 Other estimates of global criminal proceeds range from a low of about 4 percent to a high of 15 percent of global GDP.

Latin American networks now extend not only to the United States and Canada, but outward to Sub-Saharan Africa, Europe, and Asia, where they have begun to form alliances with other networks. A clear understanding of how these rela- tionships evolve, and the relative benefits derived from the relationships among and between state and nonstate actors, will greatly enhance the understand- ing of this new hybrid threat.

There is no universally accepted definition of “transnational organized crime.” Here it is defined as, at a minimum, serious crimes or offenses spanning at least one border, undertaken by self-perpetuating associations of individuals who cooperate transnationally, motivated primarily by the desire to obtain a financial or other material benefit and/or power and influence.3 This definition can encompass a number of vitally important phenomena not usually addressed by studies of TOC:

A spectrum or continuum of state participation in TOC, ranging from strong but “criminalized” states to weak and “captured” states, with various intermediate stages of state criminal behavior.

A nexus between TOCs on the one hand, and terrorist and insurgent groups on the other, with a shifting balance between terrorist and criminal activity on both sides of the divide.
Recombinant networks of criminal agents, potentially including not only multiple TOCs, but also terrorist groups as well as states and proxies.
Enduring geographical “pipelines” for moving various kinds of commodities and illicit profits in multiple directions, to and from a major destination.
We have also crafted this definition to be broadly inclusive: It can potentially encompass the virtual world of TOC, e.g., cybercrime;
It can be applied to other regions; the recombinant pipelines and networks model offers an analytical framework which can be applied to multiple regions and circumstances.

The term “criminalized state” used in this mono- graph refers to states where the senior leadership is aware of and involved—either actively or through passive acquiescence—on behalf of the state in trans- national criminal enterprises, where TOC is used as an instrument of statecraft, and where levers of state power are incorporated into the operational structure of one or more TOC groups.

New Actors in Latin American TOC-State Relations.

Significant TOC organizations, principally drug trafficking groups, have posed serious challenges for U.S. security since the rise of the Medellín cartel in the early 1980s, and the growth of the Mexican drug trafficking organizations in the 1990s. In addition, Latin America has a long history of revolutionary movements, from the earliest days of independence, to the Marxist movements that sprouted up across the region in the 1960s to 1980s. Within this context, these groups often served as elements of governance, primarily to advance or defeat the spread of Marxism in the region. These Marxist revolutions were victorious in Cuba and Nicaragua, which, in turn, became state sponsors of external revolutionary movements, themselves relying on significant economic and military support from the Soviet Union and its network of aligned states’ intelligence and security services.

With the end of the Cold War, the negotiated end to numerous armed conflicts (the Farabund Marti National Liberation Front [FMLN] in El Salvador; the Contra rebels in Nicaragua; the Popular Liberation Army [EPL], M-19, and other small groups in Colom- bia), and the collapse of Marxism, most of the armed groups moved into the democratic process. However, this was not true for all groups, and armed nonstate groups are again being sponsored in Latin America under the banner of the “Bolivarian Revolution.”4

Other states that traditionally have had little inter- est or influence in Latin America have emerged over the past decade, primarily at the invitation of the self- described Bolivarian states seeking to establish 21st- century socialism. This bloc of nations—led by Hugo Chávez of Venezuela, also including Rafael Correa of Ecuador, Evo Morales of Bolivia, and Daniel Ortega of Nicaragua—seeks to break the traditional ties of the region to the United States. To this end, the Bolivar- ian alliance has formed numerous organizations and military alliances—including a military academy in Bolivia to erase the vestiges of U.S. military training— which explicitly exclude the United States.

Over the past decade, China’s trade with Latin America has jumped from $10 billion to $179 billion.11 With the increased presence has come a significantly enhanced Chinese intelligence capacity and access across Latin America. At the same time, Chinese Triads—modern remnants of ancient Chinese secret societies that evolved into criminal organizations—are now operating extensive money laundering services for drug trafficking organizations via Chinese banks.

China also has shown a distinct willingness to bail out financially strapped authoritarian governments if the price is right. For example, China lent Venezuela $20 billion, in the form of a joint venture with a company to pump crude oil that China then locked up for a decade at an average price of about $18 a barrel. The money came as Chávez was facing a financial crisis, rolling blackouts, and a severe liquidity shortage across the economy.12 Since then, China has extended several other significant loans to Venezuela, Ecuador, and Bolivia.

The dynamics of the relationship between China and the Bolivarian bloc and its nonstate proxies will be one of the key determinants of the future of Latin America and the survival of the Bolivarian project. Without significant material support from China, the economic model of the Bolivarian alliance will likely collapse under its own weight of statist inefficiency and massive corruption, despite being richly endowed with natural resources.

Chinese leaders likely understand that any real replacement of the Bolivarian structure leadership by truly democratic forces could result in a significant loss of access to the region, and a cancellation of existing contracts. This, in turn, gives China an incentive to continue to support some form of the Bolivarian project going forward, even if ailing leaders such as Chávez and Fidel Castro are no longer on the scene.

While there have been criminalized states in the past (the García Meza regime of “cocaine colonels” in Bolivia in 1980, and Desi Bouterse in Suriname in the 1980s, for ex- ample), what is new with the Bolivarian structure is the simultaneous and mutually supporting merger of state with TOC activities across multiple state and nonstate platforms. While García Meza, Bouterse, and others were generally treated as international pariahs with little outside support, the new criminalized states offer each other economic, diplomatic, political, and military support that shields them from international isolation and allows for mutually reinforcing structures to be built.

Rather than operating in isolation, these groups have complex but significant interaction with each other, based primarily on the ability of each actor or set of actors to provide a critical service while profiting mutually from the transactions.

While not directly addressing the threat from criminalized states, the Strategy notes that:

TOC penetration of states is deepening and leading to co-option in some states and weakening of governance in many others. TOC net- works insinuate themselves into the political process through bribery and in some cases have become alternate providers of governance, security, and livelihoods to win popular support. The nexus in some states among TOC groups and elements of government—including intelligence services and personnel—and big business figures, threatens the rule of law.
TOC threatens U.S. economic interests and can cause significant damage to the world financial system by subverting legitimate markets. The World Bank estimates that about $1 trillion is spent each year to bribe public officials. TOC groups, through their state relationships, could gain influence over strategic markets.
Terrorists and insurgents increasingly are turn- ing to crime and criminal networks for funding and logistics. In fiscal year (FY) 2010, 29 of the 63 top drug trafficking organizations identified by the Department of Justice had links to terror- ist organizations. While many terrorist links to TOC are opportunistic, this nexus is dangerous, especially if it leads a TOC network to facilitate the transfer of WMD material to terrorists.17

Stewart Patrick and others correctly argue that, contrary to the predominant thinking that emerged immediately after September 11, 2001 (9/11) (i.e., failed states are a magnet for terrorist organizations), failed or nonfunctional states are actually less attractive to terrorist organizations and TOC groups than “weak but functional” states.18 But there is another category, perhaps the most attractive of all to TOC and terrorist groups they are allied with: strong and functional states that participate in TOC activities.

The Unrecognized Role of the Criminalized States.

While it is true that TOC penetration of the state threatens the rule of law, as the administration’s strategy notes, it also poses significant new threats to the homeland. Criminalized states frequently use TOCs as a form of statecraft, bringing new elements to the dangerous spaces where nonstate actors intersect with regions of weak sovereignty and alternative governance systems.19 This fundamentally alters the structure of global order.

As the state relationships consolidate, the recombinant criminal-terrorist pipelines become more rooted and thus more dangerous. Rather than being pursued by state law enforcement and intelligence services in an effort to impede their activities, TOC groups (and perhaps terrorist groups) are able to operate in a more stable, secure environment, something that most businesses, both licit and illicit, crave.

Rather than operating on the margins of the state or seeking to co-opt small pieces of the state machinery, the TOC groups in this construct operate in concert with the state on multiple levels. Within that stable environment, a host of new options open, from the sale of weapons, to the use of national aircraft and ship- ping registries, to easy use of banking structures, to the use of national airlines and shipping lines to move large quantities of unregistered goods, and the acquisition of diplomatic passports and other identification means.

Examples of the benefits of a criminal state can be seen across the globe. For example, the breakaway republic of Transnistria, near Moldova, known as “Europe’s Black Hole,” is a notorious weapons trafficking center from which dozens of surface-to-air missiles have disappeared; it is run by former Russian secret police (KGB) officials.

The FARC needs to move cocaine to U.S. and European markets in order to obtain the money necessary to maintain its army of some 9,000 troops. In order to do that, the FARC, with the help of tra- ditional drug trafficking organizations, must move its product through Central America and Mexico to the United States—the same route used by those who want to move illegal aliens to the United States, and those who want to move bulk cash shipments, stolen cars, and weapons from the United States southward. All of these goods traverse the same territory, pass through the same gatekeepers, and are often inter- changeable along the way. A kilo of cocaine can be traded for roughly one ton of AK-47 assault rifles before either of the goods reaches what would normally be its final destination.

Though the presence of a state government (as op- posed to its absence) is ordinarily considered to be a positive situation, the presence of the state is beneficial or positive only if it meets the needs of its people. If the state, as it is in many parts of Latin America and many other parts of the world, is present but is viewed, with good reason, as corrupt, incompetent, and/or predatory, then its presence is not beneficial in terms of creating state strength or state capacity. In fact, where the state is strongest but least accountable for abuses, people often prefer nonstate actors to exercise authority.25

This has led to an underlying conceptual problem in much of the current literature describing regions or territories as “governed” or “ungoverned,” a frame- work that presents a false dichotomy suggesting that the lack of state presence means a lack of a governing authority. “Ungoverned spaces” connotes a lawless region with no controlling authority. In reality, the stateless regions in question almost always fall under the control of nonstate actors who have sufficient force or popular support (or a mixture of both), to impose their decisions and norms, thus creating alternate power structures that directly challenge the state, or that take the role of the state in its absence.

The notion of ungoverned spaces can be more broadly applied to legal, functional, virtual, and social arenas that either are not regulated by states or are contested by non-state actors and spoilers.26

THE NATURE OF THE THREAT IN THE AMERICAS

Old Paradigms Are Not Enough.

Control of broad swaths of land by these nonstate groups in Latin America not only facilitates the movement of illegal products, both northward and south- ward, through transcontinental pipelines, but also undermines the stability of an entire region of great strategic interest to the United States.

The traditional threat is broadly understood to be posed by the illicit movement of goods (drugs, money, weapons, and stolen cars), people (human traffic, gang members, and drug cartel enforcers), and the billions of dollars these illicit activities generate in an area where states have few resources and little legal or law enforcement capacity .

As Moisés Naim wrote:

Ultimately, it is the fabric of society which is at stake. Global illicit trade is sinking entire industries while boosting others, ravaging countries and sparking booms, making and breaking political careers, desta- bilizing some governments and propping up others.27

The threat increases dramatically with the nesting of criminal/terrorist groups within governments that are closely aligned ideologically, such as Iran and the Bolivarian states in Latin America, and that are identified sponsors of designated terrorist groups, including those that actively participate in the cocaine trafficking trade.

While Robert Killebrew28 and Max Manwaring29 make compelling cases that specific parts of this dangerous cocktail could be defined as insurgencies (narco-insurgency in Mexico and gangs in Central America, respectively), the new combination of TOC, criminalized states, and terrorist organizations presents a new reality that breaks the traditional paradigms.

While Mexico is not the focus of this monograph, the regional convulsions from Mexico through Central America are not viewed as a narco-insurgency. Instead, this hybrid mixture of groups with a variety of motives, including those engaged in TOC, insurgencies, and criminalized states with a declared hatred for the United States, is something new and in many ways more dangerous than a traditional insurgency.

The New Geopolitical Alignment.

The visible TOC threats are only a part of the geo- strategic threats to the United States emerging from Latin America’s current geopolitical alignment. The criminalized states are already extending their grip on power through strengthened alliances with hostile outside state and quasi-state actors such as Iran and Hezbollah. The primary unifying theme among these groups is a deep hatred for the United States.

they have carried out a similar pattern of rewriting the constitution to concentrate powers in the executive and to allow for unlimited reelection; a systematic takeover of the judiciary by the executive and the subsequent criminalizing of the opposition through vaguely worded laws and constitutional amendments that make it illegal to oppose the revolution; systematic attacks on independent news media, and the use of criminal libel prosecutions to silence media critics; and, overall, the increasing criminalization of the state. These measures are officially justified as necessary to ensure the revolution can be carried out without U.S. “lackeys” sabotaging it.

The Model: Recombinant Networks and Geographical Pipelines.

To understand the full significance of the new geopolitical reality in Latin America, it is necessary to think in terms of the geopolitics of TOC. Because of the clandestine nature of the criminal and terrorist activities, designed to be as opaque as possible, one must start from the assumption that, whatever is known of specific operations along the criminal-terrorist pipeline, or whatever combinations of links are seen, represents merely a snapshot in time, not a video of continuing events. Moreover, it is often out of date by the time it is assessed.

Nonstate armed actors as treated in this mono- graph are defined as:

Terrorist groups, motivated by religion, politics, ethnic forces, or at times, even by financial considerations;
Transnational criminal organizations, both structured and disaggregated, including third generation gangs as defined by Manwaring;35
Militias that control “black hole” or “stateless” sectors of one or more national territories; Insurgencies, which have more well-defined and specific political aims within a particular national territory, but may operate from out- side of that national territory.

“In some cases, the terrorists simply imitate the criminal behavior they see around them, borrowing techniques such as credit card fraud and extortion in a phenomenon we refer to as activity appropriation. This is a shared approach rather than true interaction, but it often leads to more intimate connections within a short time.” This can evolve into a more symbiotic relationship, which in turn can (but many do not) turn into hybrid groups.38

While the groups that overlap in different networks are not necessarily allies, and in fact occasionally are enemies, they often can and do make alliances of convenience that are short-lived and shifting. Even violent drug cartels, which regularly engage in bloody turf battles, also frequently engage in truces and alliances, although most end when they are no longer mutually beneficial or the balance of power shifts among them.

Another indication of the scope of the emerging alliances is the dramatic rise of Latin American drug trafficking organizations operating in West Africa, for onward shipment to Western Europe. Among the drug trafficking organizations found to be working on the ground in West Africa are the FARC, Mexican drug cartels, Colombian organizations, and Italian organized crime. It is worth bearing in mind that al- most every major load of cocaine seized in West Africa in recent years has been traced to Venezuela as the point of origin.

This overlapping web of networks was described in a July 2010 federal indictment from the Southern District of New York, which showed that drug trafficking organizations in Colombia and Venezuela, including the FARC, had agreed to move several multi-ton loads of cocaine through Liberia en route to Europe.

The head of Liberian security forces, who is also the son of the president, negotiated the transshipment deals with a Colombian, a Russian, and three West Africans.

On December 8, 2011, it aired footage of the Iranian ambassador in Mexico urging a group of Mexican university students who were hackers to launch broad cyber attacks against U.S. defense and intelligence facilities, claiming such an attack would be “bigger than 9/11.”

Geographical “Pipelines.”

The central feature binding together these disparate organizations and networks which, in aggregate, make up the bulk of nonstate armed actors, is the in- formal (meaning outside legitimate state control and competence) “pipeline” or series of overlapping pipe- lines that these operations need to move products, money, weapons, personnel, and goods. The pipelines often form well-worn, customary, geographical routes and conduits developed during past conflicts, or traditionally used to smuggle goods without paying taxes to the state. Their exploitation by various communities, organizations, and networks yields recognizable patterns of activity.

The geography of the pipelines may be seen as both physical (i.e., terrain and topography), and human (i.e., historical and sociological patterns of local criminal activity).

These regions may develop their own cultures that accept what the state considers to be illicit activities as normal and desirable. This is especially true in areas where the state has been considered an enemy for generations.

The criminal pipeline itself is often a resource in dispute, and one of the primary sources of violence. Control of the pipeline can dramatically alter the relative power among different trafficking groups, as has been seen in the ongoing war between the Juarez and Sinaloa cartels in Mexico.47 Because of the lucrative nature of control of the actual physical space of the pipeline, these types of conflicts are increasingly carried out in gruesome fashion in Guatemala, Honduras, and El Salvador.

These states are not collapsing. They risk becoming shell-states: sovereign in name, but hollowed out from the inside by criminals in collusion with corrupt officials in the government and the security services. This not only jeopardizes their survival, it poses a serious threat to regional security because of the trans-national nature of the crimes.

CRIMINALIZING STATES AS NEW REGIONAL ACTORS

While nonstate actors make up the bulk of criminal agents engaged in illicit activities, state actors play an increasingly important yet under-reported role. That role pertains in part to the availability of pipeline territory, and in part to the sponsorship and even direction of criminal activity. TOC groups can certainly exploit the geographical vulnerabilities of weak or failing states, but they also thrive on the services provided by stronger states.

There are traditional categories for describing state performance as developed by Robert Rotberg and others in the wake of state failures at the end of the Cold War. The premise is that that “nation-states fail because they are convulsed by internal violence and can no longer deliver positive political goods to their inhabitants.”52 These categories are:

Strong, i.e., able to control its territory and offer quality political goods to its people;
Weak, i.e., filled with social tensions, the state has only a limited monopoly on the use of force;
Failed, i.e., in a state of conflict with a preda- tory ruler, with no state monopoly on the use of force;
Collapsed, i.e., no functioning state institutions and a vacuum of authority.

This conceptualization, while useful, is extremely limited, as is the underlying premise. It fails to make a critical distinction between countries where the state has little or no power in certain areas and may be fighting to assert that control, and countries where the government, in fact, has a virtual monopoly on power and the use of force, but turns the state into a functioning criminal enterprise for the benefit of a small elite.

The 4-tier categorization also suffers from a significant omission with regard to geographical areas of operation rather than criminal actors. The model pre- supposes that stateless regions are largely confined within the borders of a single state.

State absence can be the product of a successful bid for local dominance by TOC groups, but it can also result from a perception on the part of the local population that the state poses a threat to their communities, livelihoods, or interests.

A 2001 Naval War College report insightfully described some of the reasons in terms of “commercial” and “political” in- surgencies. These are applicable to organized criminal groups as well and have grown in importance since then:

The border zones offer obvious advantages for political and economic insurgencies. Political insurgents prefer to set up in adjacent territories that are poorly integrated, while the commercial insurgents favor active border areas, preferring to blend in amid business and government activity and corruption. The border offers a safe place to the political insurgent and easier access to communications, weapons, provisions, transport, and banks.

For the commercial insurgency, the frontier creates a fluid, trade-friendly environment. Border controls are perfunctory in ‘free trade’ areas, and there is a great demand for goods that are linked to smuggling, document fraud, illegal immigration, and money laundering.

For the political insurgency, terrain and topography often favor the narco-guerilla. Jungles permit him to hide massive bases and training camps, and also laboratories, plantations, and clandestine runways. The Amazon region, huge and impenetrable, is a clear example of the shelter that the jungle areas give. On all of Colombia’s borders—with Panama, Ecuador, Brazil, and Venezuela—jungles cloak illegal activity.

The Weak State-Criminal State Continuum.

One may array the degree of state control of, or par- ticipation in, criminal activity along a spectrum (see Figure 2). At one end are strong but criminal states, with the state acting as a TOC element or an important component of a TOC group.

In Latin America, the government of Suriname (formerly Dutch Guiana) in the 1980s and early 1990s under Desi Bouterse, a convicted drug trafficker with strong ties to the FARC, was (and perhaps still is) an operational player in an ongoing criminal enterprise and benefited from it.

Bouterse’s only public defender in the region is Hugo Chávez of Venezuela.

Again, the elements of TOC as statecraft can be seen. Chávez reportedly funded Bouterse’s improbable electoral comeback in Suriname, funneling money to his campaign and hosting him in Venezuela on several visits.60 While no other heads of state accepted Bouterse’s invitation to attend his inauguration, Chávez did, although he had to cancel at the last minute. In recompense, he promised to host Bouterse on a state visit to Venezuela.

One of the key differences between the Bolivarian alliance and earlier criminalized states in the region is the mutually reinforcing structure of the alliance. While other criminalized states have been widely viewed as international pariahs and broadly shunned, thus hastening their demise, the new Bolivarian structures unite several states in a joint, if loosely-knit, criminal enterprise. This ensures these mutually sup- porting regimes can endure for much longer.

At the other end are weak and captured states, where certain nodes of governmental authority, whether local or central, have been seized by TOCs, who in turn are the primary beneficiaries of the proceeds from the criminal activity. Penetration of the state usually centers on one or more of three functions: judiciary (to ensure impunity), border control and customs (to ensure the safe passage of persons and goods), and legislature (to codify the structures necessary to TOC organizations, such as a ban on extradition, weak asset forfeiture laws, etc.). It also is more local in its focus, rather than national.

Typically, TOC elements aim at dislodging the state from local territory, rather than assuming the role of the state in overall political authority across the country. As Shelley noted, “Older crime groups, often in long-established states, have developed along with their states and are dependent on existing institution- al and financial structures to move their products and invest their profits.”

By definition, insurgents aim to wrest political control from the state and transfer it to their own leadership.

“Captured states” are taken hostage by criminal organizations, often through intimidation and threats, giving the criminal enterprise access to some parts of the state apparatus. Guatemala would be an example: the government lacks control of roughly 60 percent of the national territory, with the cartels enjoying local power and free access to the border; but the central government itself is not under siege.

In the middle range between the extremes, more criminalized cases include participation in criminal activity by state leaders, some acting out of personal interest, others in the interest of financing the services or the ideology of the state. A variant of this category occurs when a functioning state essentially turns over, or “franchises out” part of its territory to non- state groups to carry out their own agenda with the blessing and protection of the central government or a regional power. Both state and nonstate actors share in the profits and proceeds from criminal activity thus generated. Venezuela under Hugo Chávez is perhaps the clearest example of this model in the region, given his relationship with the FARC.

Hugo Chávez and the FARC: The Franchising Model.

Chávez’s most active support for the FARC came after the FARC had already become primarily a drug trafficking organization vice political insurgency. The FARC has also traditionally earned considerable income (and wide international condemnation) from the kidnapping for ransom of hundreds of individuals, in violation of the Geneva Convention and other international conventions governing armed conflicts. It was impossible, by the early part of the 21st century, to separate support for the FARC from support for TOC, as these two activities were the insurgent group’s primary source of income.

Chávez had cultivated a relationship with the FARC long before becoming president. As one recent study of internal FARC documents noted:

When Chávez became president of Venezuela in February 1999, FARC had not only enjoyed a relationship with him for at least some of the previous seven years but had also penetrated and learned how to best use Venezuelan territory and politics, manipulating and building alliances with new and traditional Venezuelan political sectors, traversing the Colombia-Venezuela border in areas ranging from coastal desert to Amazonian jungle and building cooperative relation- ships with the Venezuelan armed forces. Once Chávez was inaugurated, Venezuelan border security and foreign policies shifted in the FARC’s favor.67

Perhaps the strongest public evidence of the importance of Venezuela to the FARC is the public fingering of three of Chávez’s closest advisers and senior government officials by the U.S Treasury Department’s Office of Foreign Assets Control (OFAC).

OFAC said the three—Hugo Armando Carvajál, director of Venezuelan Military Intelligence; Henry de Jesus Rangél, director of the Venezuelan Directorate of Intelligence and Prevention Services; and Ramón Emilio Rodriguez Chacín, former minister of justice and former minister of interior—were responsible for “materially supporting the FARC, a narco-terrorist organization.” It specifically accused Carvajál and Rangél of protecting FARC cocaine shipments moving through Venezuela, and said Rodriguez Chacín, who resigned his government position just a few days before the designations, was the “Venezuelan government’s main weapons contact for the FARC.”

According to the U.S. indictment against him, Makled exported at least 10 tons of cocaine a month to the United States by keeping more than 40 Venezuelan generals and senior government officials on his payroll. “All my business associates are generals. The highest,” Makled said. “I am telling you, we dis- patched 300,000 kilos of coke. I couldn’t have done it without the top of the government.”75 What added credibility to Makled’s claims were the documents he presented showing what appear to be the signatures of several generals and senior Ministry of Interior officials accepting payment from Makled. “I have enough evidence to justify the invasion of Venezuela” as a criminal state, he said.76

The FARC and Bolivia, Ecuador, and Nicaragua.

Since the electoral victories of Correa in Ecuador and Morales in Bolivia, and the re-election of Daniel Ortega in Nicaragua, their governments have actively supported FARC rebels in their war of more than 4 decades against the Colombian state, as well as significant drug trafficking activities.77 While Ecuador and Venezuela have allowed their territory to be used for years as rear guard and transshipment stations for the FARC and other drug trafficking organizations, Bolivia has become a recruitment hub and safe haven; and Nicaragua, a key safe haven and weapons procurement center. In addition, several senior members of both the Correa and Morales administrations have been directly implicated in drug trafficking incidents, showing the complicity of the state in the criminal enterprises.

In Bolivia, the Morales government, which has maintained cordial ties with the FARC at senior levels,78 has, as noted, faced an escalating series of drug trafficking scandals at the highest levels.79 It is worth noting that Alvaro García Linera, the nation’s vice president and a major power center in the Morales administration, was a member of the armed Tupac Katari Revolutionary Movement (Movimiento Revolucionario Tupak Katari [MRTK]), an ally of the FARC, and served several years in prison.

An analysis of the Reyes computer documents concluded that the FARC donated several hundred thousand dollars to Correa’s campaign,84 a conclusion drawn by other national and international investigations.85 The Reyes documents show senior Ecuadoran officials meeting with FARC commanders and offering to remove certain commanders in the border region so the FARC would not be under so much pressure on the Ecuadoran side.

A closer friend, at least for a time, was Hugo Mol- dis, who helped found the MAS and has been one of the movement’s intellectual guides, and was seriously considered for senior cabinet positions. Instead, he was given the job as leader of the government-backed confederation of unions and social groups called the “People’s High Command” (Estado Mayor del Pueblo [EMP]),93 and he maintains a fairly high profile as journalist and writer for several Marxist publications.

The EMP was one of the principal vehicles of the MAS and its supporters in forcing the 2003 resignation of the government of Gonzalo Sánchez de Lozada, and Morales, as president, named it the organization responsible for giving social movements a voice in the government.

Moldiz told the group that “our purpose is to defend the government, defend the political process of change, which we have conquered with blood, strikes, marches, sacrifice, and pain. Our main enemy is called United States imperialism and the Bolivian oligarchy.”95

The Regional Infrastructure.

Brazil and Peru, while not actively supporting the FARC, have serious drug trafficking issues to contend with on their own and exercise little real control over their border regions. Despite this geographic and geopolitical reality, Colombia has undertaken a costly and somewhat successful effort to reestablish state control in many long-abandoned regions of its own national territory. Yet the Colombian experience offers an object lesson in the limits of what can be done even if the political will exists and if significant national treasure is invested in reestablishing a positive state presence. Once nonstate actors have established uncontested authority over significant parts of the national territory, the cost of recouping control and establishing a functional state presence is enormous.

It becomes even more costly when criminal/terrorist groups such as the FARC become instruments of regional statecraft. The FARC has been using its ideological affinity with Correa, Morales, Chávez, and Nicaragua’s Ortega to press for a change in status to “belligerent group” in lieu of terrorist entity or simple insurgency. “Belligerent” status is a less pejorative term and brings certain international protections.

the FARC and its political arm, the Continental Bolivarian Movement (Movimiento Continental Bolivariano[MCB] discussed below), has become a vehicle for a broader-based alliance of nonstate armed groups seeking to end the traditional democratic representative government model and replace it with an ideology centered on Marxism, anti-globalization, and anti-United States.

…not all states are criminal, not all TOCs are engaged in terrorism or collude with terrorist groups, and not all terrorist groups conduct criminal activities. The overlap between all three groups constitutes a small but highly dangerous subset of cases, and ap- plies most particularly to the Bolivarian states.

The TOC-Terrorist State Alliance.

At the center of the nexus of the Bolivarian move- ment with TOC, terrorism, and armed revolution is the FARC, and its political wing, the Continental Boli- varian Coordinator (Coordinadora Continental Bolivari- ana [CCB]), a continental political movement founded in 2003, funded and directed by the FARC. In 2009, the CCB officially changed its name to the MCB to re- flect its growth across Latin America. For purposes of consistency, we refer to the organization as the CCB throughout this monograph.

In a November 24, 2004, letter from Raúl Reyes, the FARC’s second-in-command, to another member of the FARC General Secretariat, he laid out the FARC’s role in the CCB, as well as the Chávez government’s role, in the following unambiguous terms:

The CCB has the following structure: an executive, some chapters by region . . . and a “foreign legion.” Headquarters: Caracas. It has a newspaper called “Correo Bolivariano,” [Bolivarian Mail] and Internet site and an FM radio station heard throughout Caracas. . . . This is an example of coordinated struggle for the creation of the Bolivarian project. We do not exclude any forms of struggle. It was founded in Fuerte Tiuna in Caracas. [Author’s Note: Fuerte Tiuna is the main government military and intelligence center in Venezuela, and this is a clear indication that the Venezuelan government fully supported the founding of the organization.] The political ammunition and the leadership is provided by the FARC. 97

According to an internal FARC report dated March 11, 2005, on the CCB’s activities in 2004, there were already active groups in Mexico, Dominican Republic, Ecuador, Venezuela, and Chile. International brigades from the Basque region of Spain, Italy, France, and Denmark were operational. Work was underway in Argentina, Guatemala, and Brazil. The number of organizations that were being actively coordinated by the CCB was listed at 63, and there were “political relations” with 45 groups and 25 institutions. The CCB database contained 500 e-mails.

Numerous other documents show that different Bolivarian governments directly supported the CCB, whose president is always the FARC leader.

The government of Rafael Correa in Ecuador of- ficially hosted the second congress of the organization in Quito in late February 2008. The meeting was at- tended by members of Peru’s Tupac Amaru Revolu- tionary Movement (Movimiento Revolucionario Tupac Amaru [MRTA]); the Mapuches and MIR of Chile; Spain’s ETA, and other terrorist and insurgent groups.

The 2009 meeting at which the CCB became the MCB was held in Caracas and the keynote address was given Alfonso Cano, the current FARC leader. Past FARC leaders are honorary presidents of the organization.101 This places the FARC—a well-identified drug trafficking organization with significant ties to the major Mexican drug cartels102 and a designated terrorist entity with a broad-based alliance that spans the globe—directly in the center of a state-sponsored project to fundamentally reshape Latin America and its political structure and culture.

The importance of the cocaine transit increase through Venezuela was documented by the U.S. Government Accountability Office, which estimates that the product transit rose fourfold from 2004 to 2007, from 60 metric tons to 240 metric tons.

Finally, the CCB, as a revolutionary meeting house for “anti-imperialist” forces around the world, provides the political and ideological underpinning and justification for the growing alliance among the Bolivarian states, again led by Chávez, and Iran, led by Mahmoud Ahmadinejad.

Hezbollah’s influence extends to the nature of the war and diplomacy pursued by Chávez and his Bolivarian comrades. The franchising model strongly resembles the template pioneered by Hezbollah.

THE BOLIVARIAN AND IRANIAN REVOLUTIONS: THE TIES THAT BIND

The most common assumption among those who view the Iran-Bolivarian alliance as troublesome, and many do not view it as a significant threat at all, is that there are two points of convergence between the radical and reactionary theocratic Iranian government and the self-proclaimed socialist and progressive Bolivarian revolution.

These assumed points of convergence are: 1) an overt and often stated hatred for the United States and a shared belief in how to destroy a common enemy; and 2) a shared acceptance of authoritarian state structures that tolerate little dissent and encroach on all aspects of a citizen’s life.

While Iran’s revolutionary rulers view the 1979 revolution in theological terms as a miracle of divine intervention in which the United States, the Great Satan, was defeated, the Bolivarians view it from a secular point of view as a roadmap to defeat the United States as the Evil Empire. To both, it has strong political con- notations and serves as a model for how asymmetrical leverage, whether applied by Allah or humans, can conjure the equivalent of a David defeating a Goliath on the world stage.

Ortega has declared the Iranian and Nicaraguan revolutions to be “twin revolutions, with the same objectives of justice, liberty, sovereignty and peace . . . despite the aggressions of the imperialist policies.” Ahmadinejad couched the alliances as part of “a large anti-imperialist movement that has emerged in the region.”

Among the first to articulate the possible merging of radical Shite Islamic thought with Marxist aspirations of destroying capitalism and U.S. hegemony was Illich Sánchez Ramirez, better known as the terrorist leader, “Carlos the Jackal,” a Venezuelan citizen who was, until his arrest in 1994, one of the world’s most wanted terrorists.

The emerging military doctrine of the “Bolivarian Revolution,” officially adopted in Venezuela and rapidly spreading to Bolivia, Nicaragua, and Ecuador, explicitly embraces the radical Islamist model of asymmetrical or “fourth generation warfare,” and its heavy reliance on suicide bombings and different types of terrorism, including the use of nuclear weapons and other WMD.

Chávez has adopted as his military doctrine the concepts and strategies articulated in Peripheral Warfare and Revolutionary Is- lam: Origins, Rules and Ethics of Asymmetrical Warfare (Guerra Periférica y el Islam Revolucionario: Orígenes, Reglas y Ética de la Guerra Asimétrica ) by the Spanish politician and ideologue, Jorge Verstrynge (see Figure 4).110 The tract is a continuation of and exploration of Sánchez Ramirez’s thoughts, incorporating an explicit endorsement of the use of WMD to destroy the United States. Verstrynge argues for the destruction of the United States through a series of asymmetrical attacks like those of 9/11, in the belief that the United States will simply crumble when its vast military strength cannot be used to combat its enemies.

Central to Verstrynge’s idealized view of terrorists is the belief in the sacredness of fighters sacrificing their lives in pursuit of their goals.

An Alliance of Mutual Benefit.

This ideological framework of a combined Marxism and radical Islamic methodology for successfully attacking the United States is an important, though little examined, underpinning for the greatly enhanced relationships among the Bolivarian states and Iran. These relationships are being expanded, absorbing significant resources despite the fact that there is little economic rationale to the ties and little in terms of legitimate commerce.

One need only look at how rapidly Iran has in- creased its diplomatic, economic, and intelligence presence in Latin America to see the priority it places on this emerging axis, given that it is an area where it has virtually no trade, no historic or cultural ties, and no obvious strategic interests. The gains, in financial institutions, bilateral trade agreements, and state visits (eight state visits between Chávez and Ahmadinejad alone since 2006), are almost entirely within the Bolivarian orbit; and, as noted, the Bolivarian states have jointly declared their intention to help Iran break international sanctions.

The most recent salvo by Iran is the launching of a Spanish language satellite TV station, HispanTV, aimed at Latin America. Bolivia and Venezuela are collaborating in producing documentaries for the station. Mohammed Sarafraz, deputy di- rector of international affairs, said Iran was “launching a channel to act as a bridge between Iran and the countries of Latin America [there being] a need to help familiarize Spanish-speaking citizens with the Iranian nation.” He said that HispanTV was launched with the aim of reinforcing cultural ties with the Spanish- speaking nations and helping to introduce the traditions, customs, and beliefs of the Iranian people.

What is of particular concern is that many of the bilateral and multilateral agreements signed between Iran and Bolivarian nations, such as the creation of a dedicated shipping line between Iran and Ecuador, or the deposit of $120 million by an internationally sanctioned Iranian bank into the Central Bank of Ecuador, are based on no economic rationale.

Iran, whose banks, including its central bank, are largely barred from the Western financial systems, benefits from access to the international financial mar- ket through Venezuelan, Ecuadoran, and Bolivian financial institutions, which act as proxies by moving Iranian money as if it originated in their own legal financial systems.120 Venezuela also agreed to provide Iran with 20,000 barrels of gasoline per day, leading to U.S. sanctions against the state petroleum company.

CONCLUSIONS

Latin America, while not generally viewed as part of the stateless regions phenomenon, or part of the failed state discussion, presents multiple threats that center on criminalized states, their hybrid alliance with extra-regional sponsors of terrorism, and nonstate TOC actors. The groups within this hybrid threat—often rivals, but willing to work in temporary alliances—are part of the recombinant criminal/terrorist pipeline, and their violence is often aimed at gaining control of specific territory or parts of that pipeline, either from state forces or other nonstate groups.

pipelines are seldom disrupted for more than a minimal amount of time, in part because the critical human nodes in the chain, and key chokepoints in the pipelines, are not identified, and the relationships among the different actors and groups are not under- stood adequately. As noted, pipelines are adaptable and versatile as to product—the epitome of modern management systems—often intersecting with formal commercial institutions (banks, commodity exchanges, legitimate companies, etc.), both in a physical and virtual/cyber manner, in ways difficult to determine, collect intelligence on, or disaggregate from protected commercial activities which may be both domestic and international in nature, with built-in legal and secrecy protections.

While the situation is already critical, it is likely to get worse quickly. There is growing evidence of Russian and Chinese organized crime penetration of the region, particularly in Mexico and Central America, greatly strengthening the criminal organizations and allowing them to diversify their portfolios and sup- ply routes—a particular example being precursor chemicals for the manufacture of methamphetamines and cocaine. The Chinese efforts to acquire ports, re- sources, and intelligence-gathering capacity in the region demonstrate just how quickly the situation can develop, given that China was not a major player in the region 5 years ago.

This is a new type of alliance of secular (self-proclaimed socialist and Marxist) and radical Islamist organizations with a common goal directly aimed at challenging and undermining the security of the United States and its primary allies in the region (Colombia, Chile, Peru, Panama, and Guatemala). This represents a fundamental change because both primary state allies in the alliance (the governments of Venezuela and Iran) host and support nonstate actors, allowing the nonstate actors to thrive in ways that would be impossible without state protection.

Under- standing how these groups develop, and how they relate to each other and to groups from outside the region, is vital—particularly given the rapid pace with which they are expanding their control across the continent, across the hemisphere, and beyond. Developing a predictive capacity can be done based only on a more realistic understanding of the shifting networks of actors exploiting the pipelines; the nature and location of the geographic space in which they operate; the critical nodes where these groups are most vulnerable; and their behaviors in adapting to new political and economic developments, market opportunities and setbacks, internal competition, and the countering actions of governments.

In turn, an effective strategy for combating TOC must rest on a solid foundation of regional intelligence which, while cognizant of the overarching transnational connections, remains sensitive to unique local realities behind seemingly ubiquitous behaviors. A one-size-fits-all policy will not suffice.

It is not a problem that is only, or primarily, a matter of state or regional security, narcotics, money laundering, terrorism, human smuggling, weakening governance, democracy reversal, trade and energy, counterfeiting and contraband, immigration and refugees, hostile states seeking advantage, or alterations in the military balance and alliances. It is increasingly a combination of all of these. It is a comprehensive threat that requires analysis and management within a comprehensive, integrated whole-of-government approach. At the same time, however expansive in global terms, a strategy based on geopolitics—the fundamental understanding of how human behavior relates to geo- graphic space—must always be rooted in the local.

ENDNOTES

“Fact Sheet: Strategy to Combat Transnational Organized Crime,” Washington, DC: Office of the Press Secretary, the White House, July 25, 2011.
On the lower end, the United Nations (UN) Office of Drugs and Crime estimate transnational organized crime (TOC) earn- ings for 2009 at $2.1 trillion, or 3.6 percent of global gross domes- tic product (GDP). Of that, typical TOC activities such as drug trafficking, counterfeiting, human trafficking, weapons traffick- ing, and oil smuggling, account for about $1 trillion or 1.5 per- cent of global GDP. For details, see “Estimating Illicit Financial Flows Resulting from Drug Trafficking and other Transnational Organized Crimes,” Washington, DC: UN Office of Drugs and Crime, September 2011. On the higher end, in a speech to Interpol in Singapore in 2009, U.S. Deputy Attorney General Ogden cited 15 percent of world GDP as total annual turnover of TOC. See Josh Meyer, “U.S. attorney general calls for global effort to fight organized crime,” Los Angeles Times, October 13, 2009, available from articles.latimes.com/print/2009/oct/13/nation/na-crime13.
This definition is adapted from the 1998 UN Conven- tion on Transnational Organized Crime and Protocols Thereto, UNODC, Vienna, Austria; and the 2011 Strategy to Combat Trans- national Organized Crime, available from www.whitehouse.gov/ administration/eop/nsc/transnational-crime/definition.
The self-proclaimed “Bolivarian” states (Venezuela, Ecua- dor, Bolivia, and Nicaragua) take their name from Simón Bolivar, the revered 19th-century leader of South American independence from Spain. They espouse 21st-century socialism, a vague notion that is deeply hostile to free market reforms, to the United States as an imperial power, and toward traditional liberal democratic concepts, as will be described in detail.
One of the most detailed cases involved the 2001 weapons transfers among Hezbollah operatives in Liberia, a retired Israeli officer in Panama, and a Russian weapons merchant in Guatema- la. A portion of the weapons, mostly AK-47 assault rifles, ended up with the United Self Defense Forces of Colombia (Autodefensas Unidads de Colombia [AUC]), a designated terrorist organization heavily involved in cocaine trafficking. The rest of the weapons, including anti-tank systems and anti-aircraft weapons, likely end- ed up with Hezbollah. For details, see Douglas Farah, Blood From Stones: The Secret Financial Network of Terror, New York: Broadway Books, 2004.
For a detailed look at this development, see Antonio L. Mazzitelli, “The New Transatlantic Bonanza: Cocaine on High- way 10,” North Miami, FL: Western Hemisphere Security Analy- sis Center, Florida International University, March 2011.
The FARC is the oldest insurgency in the Western hemi- sphere, launched in 1964 by Colombia’s Liberal Party militias, and enduring to the present as a self-described Marxist revolu- tionary movement. For a more detailed look at the history of the FARC, see Douglas Farah, “The FARC in Transition: The Fatal Weakening of the Western Hemisphere’s Oldest Guerrilla Move- ment,” NEFA Foundation, July 2, 2008, available from www.nefa- foundation.org/miscellaneous/nefafarc0708.pdf.
These include recently founded Community of Latin Amer- ican and Caribbean States (Comunidad de Estados Latinoamericanos y Caribeños [CELAC]), and the Bolivarian Alliance for the Peoples of Our America (Alianza Bolivariana para los Pueblos de Nuestra América [ALBA]).
James R. Clapper, Director of National Intelligence, “Un- classified Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community for the Senate Select Committee on Intelligence,” January 31, 2012, p. 6.
For the most comprehensive look at Russian Organized Crime in Latin America, see Bruce Bagley, “Globalization, Ungov- erned Spaces and Transnational Organized Crime in the Western Hemisphere: The Russian Mafia,” paper prepared for Internation- al Studies Association, Honolulu, HI, March 2, 2005.
Ruth Morris, “China: Latin America Trade Jumps,” Latin American Business Chronicle, May 9, 2011, available from www. latinbusinesschronicle.com/app/article.aspx?id=4893.
Daniel Cancel, “China Lends Venezuela $20 Billion, Se- cures Oil Supply,” Bloomberg News Service, April 18, 2010. By the end of August 2011, Venezuela’s publicly acknowledged debt to China stood at some $36 billion, equal to the rest of its out- standing international debt. See Benedict Mander, “More Chinese Loans for Venezuela,” FT Blog, September 16, 2011, available from blogs.ft.com/beyond-brics/2011/09/16/more-chinese-loans-4bn- worth-for-venezuela/#axzz1Z3km4bdg.
“Quito y Buenos Aires, Ciudades preferidas para narcos nigerianos” (“Quito and Buenos Aires, Favorite Cities of Narco Nigerians”), El Universo Guayaquil, Ecuador, January 3, 2011.
Louise Shelley, “The Unholy Trinity: Transnational Crime, Corruption and Terrorism,” Brown Journal of World Affairs, Vol. XI, Issue 2, Winter/Spring 2005.
National Security Council, “Strategy to Combat Trans- national Organized Crime: Addressing Converging Threats to National Security,” Washington, DC: Office of the President, July 2011. The Strategy grew out of a National Intelligence Estimate inititated by the Bush administration and completed in December 2008, and is a comprehensive government review of transnational organized crime, the first since 1995.
“Fact Sheet: Strategy to Combat Transnational Organized Crime,” Washington, DC: Office of the Press Secretary, the White House, July 25, 2011.
Ibid.
Stewart Patrick, Weak Links: Fragile States, Global Threats and International Security, Oxford, UK: Oxford University Press, 2011.
The phrase “dangerous spaces” was used by Phil Williams to describe 21st-century security challenges in terms of spaces and gaps, including geographical, functional, social, economic, legal, and regulatory holes. See Phil Williams, “Here Be Dragons: Dan- gerous Spaces and International Security,” Anne L. Clunan and Harold A. Trinkunas eds., Ungoverned Spaces: Alternatives to State Authority in an Era of Softened Sovereignty, Stanford, CA: Stanford University Press, 2010, pp. 34-37.
For a more complete look at Transnistria and an excellent overview of the global illicit trade, see Misha Glenny, McMafia: A Journey Through the Global Criminal Underworld, New York: Alfred A. Knopf, 2008.
For a complete look at the operations of Taylor, recently convicted in the Special Court for Sierra Leone in the Hague for crimes against humanity, see Douglas Farah, Blood From Stones: The Secret Financial Network of Terror, New York: Broadway Books, 2004.
For a look at the weapons transfers, see “Los ‘rockets’ Venezolanos” Semana, Colombia, July 28, 2009. For a look at doc- umented financial and logistical support of Chávez and Correa for the FARC, see “The FARC Files: Venezuela, Ecuador, and the Secret Archives of ‘Raúl Reyes,’” An IISS Strategic Dossier, Wash- ington, DC: International Institute for Strategic Studies, May 2011. To see FARC connections to Evo Morales, see Douglas Farah, “Into the Abyss: Bolivia Under Evo Morales and the MAS,” Alex- andria, VA: International Assessment and Strategy Center, 2009.
Douglas Farah, “Iran in Latin America: Strategic Security Issues,” Alexandria, VA: International Assessment and Strategy Center, Defense Threat Reduction Agency Advanced Systems and Concept Office, May 2011.
Rem Korteweg and David Ehrhardt, “Terrorist Black Holes: A Study into Terrorist Sanctuaries and Governmental Weakness,” The Hague, The Netherlands: Clingendael Centre for Strategic Studies, November 2005, p. 22.
Robert H. Jackson, Quasi-states: Sovereignty, International Relations and the Third World, Cambridge, UK: Cambridge Univer- sity Press, 1990. Jackson defines negative sovereignty as freedom from outside interference, the ability of a sovereign state to act in- dependently, both in its external relations and internally, towards its people. Positive sovereignty is the acquisition and enjoyment of capacities, not merely immunities. In Jackson’s definition, it presupposes “capabilities which enable governments to be their own masters” (p. 29). The absence of either type of sovereignty can lead to the collapse of or absence of state control.
Anne L. Clunan and Harold A. Trinkunas eds., Ungov- erned Spaces: Alternatives to State Authority in an Era of Softened Sovereignty, Stanford, CA: Stanford University Press, 2010, p. 19.
Moises Naim, Illicit: How Smugglers, Traffickers, and Copy- cats are Hijacking the Global Economy, New York: Anchor Books, 2006, p. 33.
Robert Killebrew and Jennifer Bernal, “Crime Wars: Gangs, Cartels and U.S. National Security,” Washington, DC: Center for New American Security, September 2010, available from www.cnas.org/files/documents/publications/CNAS_CrimeWars_ KillebrewBernal_3.pdf.
Max G. Manwaring, Street Gangs: The New Urban Insurgency, Carlisle, PA: Strategic Studies Institute, U.S. Army War College, March 2005.
As is true in much of Central America and Colombia, in Mexico there are centuries-old sanctuaries used by outlaws where the state had little authority. For a more complete explanation, see Gary Moore, “Mexico, the Un-failed State: A Geography Lesson,” InsightCrime, November 9, 2011, available from insight- crime.com/insight-latest-news/item/1820-mexico-the-un-failed-state-a- geography-lesson.
For a look at the factors that led to the rise of the Bolivarian leaders, see Eduardo Gamarra, “Bolivia on the Brink: Center for Preventative Action, Council on Foreign Relations, February 2007; Cynthia J. Arnson et al., La Nueva Izquierda en América Latina: Derechos Humanos, Participación Política y Sociedad Civil (The New Left in Latin America: Human Rights, Political Participation and Civil Society), Washington, DC: The Woodrow Wilson International Center for Scholars, January 2009; Farah, “Into the Abyss: Bolivia Under Evo Morales and the MAS”; Farah and Simpson.
See “Iran to Help Bolivia Build Peaceful Nuclear Power Plant,” Xinhua, October 31, 2010; Russia Izvestia Information, September 30, 2008; and Agence France Presse, “Venezuela Wants to Work With Russia on Nuclear Energy: Chávez,” September 29, 2008.
Author interview with IAEA member in November, 2011. The official said the agency had found that Iran possessed enough uranium stockpiled to last a decade. Moreover, he said the evidence pointed to acquisition of minerals useful in missile production. He also stressed that dual-use technologies or items specifically used in the nuclear program had often been shipped to Iran as automotive or tractor parts. Some of the principal investments Iran has made in the Bolivarian states have been in a tractor fac- tory that is barely operational, a bicycle factory that does not seem to produce bicycles, and automotive factories that have yet to be built.
“Venezuela/Iran ALBA Resolved to Continue Economic Ties with Iran,” Financial Times Information Service, July 15, 2010.
Manwaring.
These typologies were developed and discussed more completely, including the national security implications of their growth, in Richard Shultz, Douglas Farah, and Itamara V. Lo- chard, “Armed Groups: A Tier-One Security Priority,” USAF Academy, CO: USAF Institute for National Security Studies, Occasional Paper 57, September 2004.
Louise I. Shelley, John T. Picarelli et al., Methods and Mo- tives: Exploring Links between Transnational Organized Crime and International Terrorism, Washington, DC: Department of Justice, September 2005.
Ibid., p. 5.
While much of Operation TITAN remains classified, there has been significant open source reporting, in part because the Colombian government announced the most important arrests. For the most complete look at the case, see Jo Becker, “Investi- gation into bank reveals links to major South American cartels,” International Herald Tribune, December 15, 2011. See also Chris Kraul and Sebastian Rotella, “Colombian Cocaine Ring Linked to Hezbollah,” Los Angeles Times, October 22, 2008; and “Por Lavar Activos de Narcos y Paramilitares, Capturados Integrantes de Or- ganización Internatcional” (“Members of an International Orga- nization Captured for Laundering Money for Narcos and Parami- litaries”), Fiscalía General de la Republica (Colombia) (Attorney General’s Office of Colombia), October 21, 2008.
Among the reasons for the increase in cocaine trafficking to Western Europe is the price. While the cost of a kilo of cocaine averages about $17,000 in the United States, it is $37,000 in the EU. Shipping via Africa is relatively inexpensive and relatively attractive, given the enhanced interdiction efforts in Mexico and the Caribbean. See Antonio Mazzitelli, “The Drug Trade: Africa’s Expanding Role,” United Nations Office on Drugs and Crime, presentation at the Woodrow Wilson Center for International Scholars, May 28, 2009.
Benjamin Weiser and William K. Rashbaum, “Liberian Of- ficials Worked with U.S. Agency to Block Drug Traffic,” New York Times, June 2, 2010.
For a history of AQIM, see “Algerian Group Backs al Qaeda,” BBC News, October 23, 2003, available from news.bbc. co.uk/2/hi/africa/3207363.stm. For an understanding of the relation- ship among the different ethnic groups, particularly the Tuareg, and AQIM, see Terrorism Monitor, “Tuareg Rebels Joining Fight Against AQIM?” Jamestown Foundation, Vol. 8, Issue 40, November 4, 2010.
Evan Perez, “U.S. Accuses Iran in Plot: Two Charged in Alleged Conspiracy to Enlist Drug Cartel to Kill Saudi Ambas- sador,” The Wall Street Journal, October 12, 2011.
“La Amenaza Iraní” (“The Iranian Threat”), Univision Documentales, aired December 8, 2011.
Sebastian Rotella, “Government says Hezbollah Profits From U.S. Cocaine Market via Link to Mexican Cartel,” ProPubli- ca, December 11, 2011.
For an examination of the “cultures of contraband” and their implications in the region, see Rebecca B. Galemba, “Cultures of Contraband: Contesting the Illegality at the Mexico-Guatemala Border,” Ph.D. dissertation, Brown University Department of An- thropology, May 2009. For a look at the use of traditional smug- gling routes in TOC structures in Central America, see Doug- las Farah, “Mapping Transnational Crime in El Salvador: New Trends and Lessons From Colombia,” North Miami, FL: Western Hemisphere Security Analysis Center, Florida International Uni- versity, August 2011.
For a more complete look at that conflict and other con- flicts over plazas, see Samuel Logan and John P. Sullivan, “The Gulf-Zeta Split and the Praetroian Revolt,” International Relations and Security Network, April 7, 2010, available from www.isn.ethz. ch/isn/Security-Watch/Articles/Detail/?ots591=4888caa0-b3db-1461- 98b9-e20e7b9c13d4&lng=en&id=114551.
Mazzitelli.
“Drug Trafficking as a Security Threat in West Africa,” New York: UN Office on Drugs and Crime, October 2008.
For a look at the chaos in Guinea Bissau, see “Guinea- Bissau president shot dead,” BBC News, March 2, 2009, available from news.bbc.co.uk/2/hi/7918061.stm.
Patrick.
52. See, for example, Robert I. Rotberg, “Failed States, Collapsed States, Weak States: Causes and Indicators,” Failure and State Weakness in a Time of Terror, Washington, DC: Brookings In- stitution, January 2003.
Rotberg.
Rem Korteweg and David Ehrhardt, “Terrorist Black Holes: A Study into Terrorist Sanctuaries and Governmental Weakness,” The Hague, The Netherlands: Clingendael Centre for Strategic Studies, November 2005, p. 26.
“The Failed States Index 2009,” Foreign Policy Magazine, July/August 2009, pp. 80-93, available from www.foreignpolicy.com/ articles/2009/06/22/2009_failed_states_index_interactive_map_and_ rankings.
Julio A. Cirino et al., “Latin America’s Lawless Areas and Failed States,” in Paul D. Taylor, ed., Latin American Security Chal- lenges: A Collaborative Inquiry from North and South, Newport, RI: Naval War College, Newport Papers 21, 2004. Commercial insur- gencies are defined as engaging in “for-profit organized crime without a predominate political agenda,” leaving unclear how that differs from groups defined as organized criminal organiza- tions.
For details of Taylor’s activities, see Douglas Farah, Blood From Stones: The Secret Financial Network of Terror, New York: Broadway Books, 2004.
Hannah Stone, “The Comeback of Suriname’s ‘Narco- President’,” Insightcrime.org, Mar 4, 2011, available from insight- crime.org/insight-latest-news/item/865-the-comeback-of-surinames- narco-president.
Simon Romero, “Returned to Power, a Leader Celebrates a Checkered Past,” The New York Times, May 2, 2011.
“Wikileaks: Chávez funded Bouterse,” The Nation (Barba- dos), February 2, 2011.
Harmen Boerboom, “Absence of Chávez a blessing for Su- riname,” Radio Netherlands Worldwide, August 12, 2010.
For a look at the Zetas in Guatemala, see Steven Dudley, “The Zetas in Guatemala,” InSight Crime, September 8, 2011. For a look at Los Perrones in El Salvador, see Douglas Farah, “Organized Crime in El Salvador: Homegrown and Transnational Dimen- sions,” Organized Crime in Central America: The Northern Triangle, Woodrow Wilson Center Reports on the Americas #29, Wash- ington, DC: Woodrow Wilson International Center for Scholars, November 2011, pp. 104-139, available from www.wilsoncenter.org/ sites/default/files/LAP_single_page.pdf.
Louise Shelley, “The Unholy Trinity: Transnational Crime, Corruption and Terrorism,” Brown Journal of World Affairs, Vol. XI, Issue 2, Winter/Spring 2005, p. 101.
See Bill Lahneman and Matt Lewis, “Summary of Proceed- ings: Organized Crime and the Corruption of State Institutions,” College Park, MD: University of Maryland, November 18, 2002, available from www.cissm.umd.edu/papers/files/organizedcrime.pdf.
Author interviews with Drug Enforcement Administra- tion and National Security Council officials; for example, two aircraft carrying more than 500 kgs of cocaine were stopped in Guinea Bissau after arriving from Venezuela. See “Bissau Police Seize Venezuelan cocaine smuggling planes,” Agence France Presse, July 19, 2008.
“FARC Terrorist Indicted for 2003 Grenade Attack on Americans in Colombia,” Department of Justice Press Re- lease, September 7, 2004. available from www.usdoj.gov/opa/ pr/2004/September/04_crm_599.htm; and Official Journal of the European Union, Council Decision of December 21, 2005, available from eur-lex.europa.eu/LexUriServ/site/en/oj/2005/l_340/l_ 34020051223en00640066.pdf.
“The FARC Files: Venezuela, Ecuador and the Secret Ar- chives of ‘Raúl Reyes’,” Washington, DC: International Institute for Strategic Studies,” May 2011.
The strongest documentary evidence of Chávez’s support for the FARC comes from the Reyes documents, which contained the internal communications of senior FARC commanders with senior Venezuelan officials. These documents discuss everything from security arrangements in hostage exchanges to the possibil- ity of joint training exercises and the purchasing of weapons. For full details of these documents and their interpretation, see Ibid.
“Treasury Targets Venezuelan Government Officials Sup- port of the FARC,” Washington, DC: U.S. Treasury Department, Office of Public Affairs, September 12, 2008. The designations came on the heels of the decision of the Bolivian government of Evo Morales to expel the U.S. ambassador, allegedly for support- ing armed movements against the Morales government. In soli- darity, Chávez then expelled the U.S. ambassador to Venezuela. In addition to the citations of the Venezuelan officials, the United States also expelled the Venezuelan and Bolivian ambassadors to Washington.
“Chávez Shores up Military Support,” Stratfor, November 12, 2010.
“Venezuela: Asume Nuevo Ministro De Defensa Acusado de Narco por EEUU” (“Venezuela: New Minister Accused by the United States of Drug Trafficking Takes Office”), Agence France Presse, January 17, 2012.
Robert M. Morgenthau, “The Link Between Iran and Ven- ezuela: A Crisis in the Making,” speech at the Brookings Institu- tion, Washington, DC, September 8, 2009.
Colombia, Venezuela: Another Round of Diplomatic Fu- ror,” Strafor, July 29, 2010.
The FARC Files: Venezuela, Ecuador and the Secret Ar- chives of ‘Raúl Reyes’.”
The Colombian decision to extradite Makled to Venezu- ela rather than the United States caused significant tension be- tween the two countries and probably means that the bulk of the evidence he claims to possess will never see the light of day. Among the documents he presented in prison were his checks cashed by senior generals and government officials and videos of what appear to be senior government officials in his home dis- cussing cash transactions. For details of the case, see José de Cór- doba and Darcy Crowe, “U.S. Losing Big Drug Catch,” The Wall Street Journal, April 1, 2011; “Manhattan U.S. Attorney Announces Indictment of one of World’s Most Significant Narcotics Kingpins,” United States Attorney, Southern District of New York, November 4, 2010.
“Makled: Tengo suficientes pruebas sobre corrupción y narcotráfico para que intervengan a Venezuela” (“Makled: I have Enough Evidence of Corruption and Drug Trafficking to justify an invasion of Venezuela”), NTN24 TV (Colombia), April 11, 2011.
For a more comprehensive look at the history of the FARC; its relations with Bolivia, Venezuela, and Ecuador; and its involvement in drug trafficking, see “The FARC Files: Ven- ezuela, Ecuador and the Secret Archives of ‘Raúl Reyes’”; Doug- las Farah, “Into the Abyss: Bolivia Under Evo Morales and the MAS,” Alexandria, VA: International Assessment and Strategy Center, June 2009; Douglas Farah and Glenn Simpson, “Ecuador at Risk: Drugs, Thugs, Guerrillas and the ‘Citizens’ Revolution,” Alexandria, VA: International Assessment and Strategy Center, January 2010.
Farah, “Into the Abyss: Bolivia Under Evo Morales and the MAS.”
Martin Arostegui, “Smuggling Scandal Shakes Bolivia,” The Wall Street Journal, March 3, 2011.
Farah, “Into the Abyss: Bolivia Under Evo Morales and the MAS.”
“The FARC Files: Venezuela, Ecuador, and the Secret Ar- chives of ‘Raul Reyes’’’; Farah and Simpson; and Francisco Huer- ta Montalvo et al., “Informe Comisión de Transparencia y Verdad: Caso Angostura” (“Report of the Commission on Transparency and Truth: The Angostura Case”), December 10, 2009, available from www.scribd.com/doc/24329223/informe-angostura.
Farah and Simpson.
For details of the relationships among these officials the president’s sister, and the Ostaiza brothers, see Farah and Simpson.
“The FARC Files: Venezuela, Ecuador and the Secret Ar- chives of ‘Raúl Reyes’.”
See, for example, Farah and Simpson; Huerta Montalvo; Arturo Torres, Juego del Camaleón: Los secretos de Angostura (The Chameleon’s Game: The Secrets of Angostura), 2009.
“The FARC Files: Venezuela, Ecuador and the Secret Ar- chives of ‘Raúl Reyes’.”
Farah, “Into the Abyss.”
Eugene Roxas, “Spiritual Guide who gave Evo Baton caught with 350 kilos of liquid cocaine,” The Achacachi Post (Bo- livia), July 28, 2010.
“Panama arrests Bolivia ex-drugs police chief Sanabria,” BBC News, February 26, 2011.
“Las FARC Buscaron el Respaldo de Boliva Para Lograr Su Expansión” (“The FARC Looked for Bolivian Support in Order to Expand”).
The MAS is the coalition of indigenous and coca growing organizations that propelled Morales to his electoral victory. The movement, closely aligned with Chávez and funded by the Ven- ezuelan government, has defined itself as Marxist, socialist, and anti-imperilist.
It is interesting to note that Peredo’s brothers Roberto (aka Coco) and Guido (aka Inti) were the Bolivian contacts of Che Gue- vara, and died in combat with him. The two are buried with Gue- vara in Santa Clara, Cuba.
A copy of the founding manifesto of the EMP and its adherents is available from bibliotecavirtual.clacso.org.ar/ar/libros/osal/ osal10/documentos.pdf.
Prensa Latina, “President Boliviano Anunica Creación de Estado Mayor Popular” (“Bolivian President Announces the For- mation of a People’s High Command”), February 2, 2006.
“Estado Mayor del Pueblo Convoca a Defender Al Gobi- erno de Evo” (“People’s High Command Calls for the Defense of Evo’s Government”), Agencia Boliviana de Informacion, April 17, 2006, available from www.bolpress.com/art.php?Cod=2006041721.
The situation has changed dramatically with the election of Juan Manuel Santos as President of Colombia in 2010. Despite serving as Uribe’s defense minister during the most successful operations against the FARC and developing a deeply antagonis- tic relationship with Chávez in that capacity, relations between Santos and the Bolivarian heads of state have been surprisingly cordial since he took office. This is due in part to Santos’ agreeing to turn over copies of the Reyes hard drives to Correa, and his ex- pressed desire to normalize relations with Chávez. A particularly sensitive concession was allowing the extradition of Walid Mak- led, a designated drug kingpin by the United States, to be extra- dited to Venezuela rather than to stand trial in the United States.
“The FARC Files: Venezuela, Ecuador and the Secret Ar- chives of ‘Raúl Reyes’.”
March 11, 2005, e-mail from Iván Ríos to Raúl Reyes, pro- vided by Colombia officials, in possession of the author.
April 1, 2006, e-mail from Raúl Reyes to Aleyda, provided by Colombia officials, in possession of the author.
Following Ortega’s disputed electoral triumph in No- vember 2011, the FARC published a congratulatory communiqué lauding Ortega and recalling their historically close relationship. “In this moment of triumph how can we fail to recall that memo- rable scene in Caguán when you gave the Augusto Cesar San- dino medal to our unforgettable leader Manuel Marulanda. We have always carried pride in our chests for that deep honor which speaks to us of the broad vision of a man who considers himself to be a spiritual son of Bolivar.” Available from anncol.info/index. php?option=com_content&view=article&id=695:saludo-a-daniel-orteg a&catid=71:movies&Itemid=589.
Reyes was killed a few days after the CCB assembly when the Colombian military bombed his camp, which was in Ec- uadoran territory. The bombing of La Angostura caused a severe diplomatic rift between Colombia and Ecuador, but the raid also yielded several hundred gigabytes of data from the computers Reyes kept in the camp, where he lived in a hardened structure and had been stationary for several months.
Farah and Simpson.
“U.S. Counternarcotics Cooperation with Venezuela Has Declined,” Washington, DC: Government Accountability Office, July 2009, GAO-09-806.
Ibid., p. 12.
For a more detailed look at this debate, see Iran in Latin America: Threat or Axis of Annoyance? in which the author has a chapter arguing for the view that Iran is a significant threat.
“‘Jackal’ book praises bin Laden,” BBC News, June 26, 2003.
See, for example, Associated Press, “Chávez: ‘Carlos the Jackal’ a ‘Good Friend’,” June 3, 2006.
Raúl Reyes (trans.) and Hugo Chávez, “My Struggle,” from a March 23, 1999, letter to Illich Ramirez Sánchez, the Venezuelan terrorist known as “Carlos the Jackal,” from Ven- ezuelan president Hugo Chávez, in response to a previous let- ter from Ramirez, who is serving a life sentence in France for murder. Harper’s, October 1999, available from harpers.org/ archive/1999/10/0060674.
In addition to Operation TITAN, there have been numer- ous incidents in the past 18 months in which operatives being directly linked to Hezbollah have been identified or arrested in Venezuela, Colombia, Guatemala, Aruba, and elsewhere in Latin America.
Verstrynge, born in Morocco to Belgian and Spanish parents, began his political career on the far right of the Spanish political spectrum as a disciple of Manuel Fraga, and served in a national and several senior party posts with the Alianza Popular. By his own admission he then migrated to the Socialist Party, but never rose through the ranks. He is widely associated with radical anti-globalization views and anti-U.S. rhetoric, repeatedly stating that the United States is creating a new global empire and must be defeated. Although he has no military training or experience, he has written extensively on asymmetrical warfare.
Verstrynge., pp. 56-57.
Bartolomé. See also John Sweeny, “Jorge Verstrynge: The Guru of Bolivarian Asymmetric Warfare,” September 9, 2005 available from www.vcrisis.com; and “Troops Get Provocative Book,” Miami Herald, November 11, 2005.
“Turkey holds suspicious Iran-Venezuela shipment,” Associated Press, June 1, 2009, available from www.ynetnews.com/ articles/0,7340,L-3651706,00.html.
For a fuller examination of the use of websites, see Doug- las Farah, “Islamist Cyber Networks in Spanish-Speaking Latin America,” North Miami, FL: Western Hemisphere Security Anal- ysis Center, Florida International University, September 2011.
“Hispan TV begins with ‘Saint Mary’,” Tehran Times, December 23, 2011, available from www.tehrantimes.com/arts-and- culture/93793-hispan-tv-begins-with-saint-mary.
For a more complete look at Iran’s presence in Latin America, see Douglas Farah, “Iran in Latin America: An Over- view,” Washington, DC: Woodrow Wilson International Center for Scholars, Summer 2009 (to be published as a chapter in Iran in Latin America: Threat or Axis of Annoyance? Cynthia J. Arnson et al., eds., 2010. For a look at the anomalies in the economic relations, see also Farah and Simpson.
“Treasury Targets Hizbullah in Venezuela,” Washing- ton, DC: United States Department of Treasury Press Center, June 18, 2008, available from www.treasury.gov/press-center/press-releas- es/Pages/hp1036.aspx.
Orlando Cuales, “17 arrested in Curacao on suspicion of drug trafficking links with Hezbollah,” Associated Press, April 29, 2009.
United States District Court, Southern District of New York, The United States of America v Jamal Yousef, Indictment, July 6, 2009.
For a look at how the Ecuadoran and Venezuelan banks function as proxies for Iran, particularly the Economic Devel- opment Bank of Iran, sanctioned for its illegal support of Iran’s nuclear program, and the Banco Internacional de Desarrollo, see Farah and Simpson.
Office of the Spokesman, “Seven Companies Sanctioned Under Amended Iran Sanctions Act,” Washington, DC: U.S. De- partment of State, May 24, 2011, available from www.state.gov/r/ pa/prs/ps/2011/05/164132.htm.
Russia Izvestia Information, September 30, 2008, and Agence France Presse, “Venezuela Wants to Work With Russia on Nuclear Energy: Chávez,” September 29, 2008.
Simon Romero, “Venezuela Says Iran is Helping it Look for Uranium,” New York Times, September 25, 2009.
Nikolai Spassky, “Russia, Ecuador strike deal on nuclear power cooperation,” RIA Novosti, August 21, 2009.
José R. Cárdenas, “Iran’s Man in Ecuador,” Foreign Pol- icy, February 15, 2011, available from shadow.foreignpolicy.com/ posts/2011/02/15/irans_man_in_ecuador.
The primary problem has been the inability of the Colom- bian government to deliver promised services and infrastructure after the military has cleared the area. See John Otis, “Decades of Work but No Land Titles to Show for It,” GlobalPost, Novem- ber 30, 2009. For a more complete look at the challenges posed by the reemergence and adaptability of armed groups, see Fundación Arco Iris, Informe 2009: El Declive de la Seguridad Democratica? (Re- port 2009: The Decline of Democratic Security?), available from www. nuevoarcoiris.org.co/sac/?q=node/605.

Notes on Methods and Motives: Exploring Links between Transnational Organized Crime & International Terrorism

Notes from Methods and Motives: Exploring Links between Transnational Organized Crime & International Terrorism

In preparation for the work on this report, we reviewed a significant body of academic research on the structure and behavior of organized crime and terrorist groups. By examining how other scholars have approached the issues of organized crime or terrorism, we were able to refine our methodology. This novel approach combines a framework drawn from intelligence analysis with the tenets of a methodological approach devised by the criminologist Donald Cressey, who uses the metaphor of an archeological dig to systematize a search for information on organized crime. All the data and examples used to populate the model have been verified, and our findings have been validated through the rigorous application of case study methods.

While experts broadly accept no single definition of organized crime, a review of the numerous definitions offered identifies several central themes.8 There is consensus that at least two perpetrators are in- volved, but there is a variety of views about the way organized crime is typically organized as a hierarchy or as a network.

Organized crime is a continuing enterprise, so does not include conspiracies that perpetrate single crimes and then go their separate ways. Furthermore, the overarching goals of organized crime groups are profit and power. Groups seek a balance between maximizing profits and minimizing their own risk, while striving for control by menacing certain businesses. Violence, or the threat of violence, is used to enforce obligations and maintain hegemony over rackets and enterprises such as extortion and narcotics smuggling. Corruption is a means of reducing the criminals’ own risk, maintaining control and making profits.

few definitions challenge the common view of organized crime as a ‘parallel government’ that seeks power at the expense of the state but retains patriotic or nationalistic ties to the state. This report takes up that challenge by illustrating the rise of a new class of criminal groups with little or no national allegiance. These criminals are ready to pro- vide services for terrorists as has been observed in European prisons.10

We prefer the definition offered by the UN Convention Against Transnational Organized Crime, which defines an organized crime group as “a structured group [that is not randomly formed for the im- mediate commission of an offense] of three or more persons, existing for a period of time and acting in concert with the aim of committing one or more serious crimes or offences [punishable by a deprivation of liberty of at least four years] established in accordance with this Convention, in order to obtain, directly or indirectly, a financial or other material benefit.”

we prefer the notion of a number of shadow economies, in the same way that macroeconomists use the global economy, comprising markets, sectors and national economies, as their basic unit of reference.

terrorism scholar Bruce Hoffman has offered a comprehensive and useful definition of terrorism as the deliberate creation and exploitation of fear through violence or the threat of violence in the pursuit of political change.15 Hoffman’s definition offers precise terms of reference while remaining comprehensive; he further notes that terrorism is ‘political in aims and motives,’ ‘violent,’ ‘designed to have far-reaching psychological repercussions beyond the immediate victim or target,’ and ‘conducted by an organization with an identifiable chain of command or conspiratorial cell structure.’ These elements include acts of terrorism by many different types of criminal groups, yet they clearly circumscribe the violent and other terrorist acts. Therefore, the Hoffman definition can be applied to both groups and activities, a crucial distinction for this methodology we propose in this report.

Early identification of terror-crime cooperation occurred in the 1980s and focused naturally on narcoterrorism, a phrase coined by Peru’s President Belaunde Terry to describe the terrorist attacks against anti-narcotics police in Peru.

the links between narcotics trafficking and terror groups exist in many regions of the world but that it is difficult to make generalizations about the terror- crime nexus.

International relations theorists have also produced a group of scholarly works that examine organized crime and terrorism (i.e., agents or processes) as objects of investigation for their paradigms. While in some cases, the frames of reference international relations scholars employed proved too general for the purposes of this report, the team found that these works demonstrated more environmental or behavioral aspects of the interaction.

2.3 Data collection

Much of the information in the report that follows was taken from open sources, including government reports, private and academic journal articles, court documents and media accounts.

To ensure accuracy in the collection of data, we adopted standards and methods to form criteria for accepting data from open sources. In order to improve accuracy and reduce bias, we attempted to corroborate every piece of data collected from one secondary source with data from a further source that was independent of the original source — that is, the second source did not quote the first source. Second, particularly when using media sources, we checked subsequent reporting by the same publication to find out whether the subject was described in the same way as before. Third, we sought a more heterogeneous data set by examining foreign-language documents from non-U.S. sources. We also obtained primary- source materials such as declassified intelligence reports from the Republic of Georgia, that helped to clarify and confirm the data found in secondary sources.

Since all these meetings were confidential, it was agreed in all cases that the information given was not for attribution by name.

For each of these studies, researchers traveled to the regions a number of times to collect information. Their work was combined with relevant secondary sources to produce detailed case studies presented later in the report. The format of the case studies followed the tenets outlined by Robert Yin, who proposes that case studies offer an advantage to researchers who present data illustrating complex relationships – such as the link between organized crime and terror.

2.4. Research goals

This project aimed to discover whether terrorist and organized crime groups would borrow one another’s methods, or cooperate, by what means, and how investigators and analysts could locate and assess crime-terror interactions. This led to an examination of why this overlap or interaction takes place. Are the benefits merely logistical or do both sides derive some long-term gains such as undermining the capacity of the state to detect and curtail their activities?

preparation of the investigative environment (PIE), by adapting a long-held military practice called intelligence preparation of the battlespace (IPB). The IPB method anticipates enemy locations and movements in order to obtain the best position for a commander’s limited battlefield resources and troops. The goal of PIE is similar to that of IPB—to provide investigators and analysts a strategic and discursive analytical method to identify areas ripe for locating terror and crime interactions, confirm their existence and then assess the ramifications of these collaborations. The PIE approach provides twelve watch points within which investigators and analysts can identify those areas most likely to contain crime-terror interactions.

The PIE methodology was designed with the investigator and analyst in mind, and thus PIE demonstrates how to establish investigations in a way that expend resources most fruitfully. The PIE methodology shows how insights can be gained from analysts to help practitioners identify problems and organize their investigations more effectively.

2.5. Research challenges

Our first challenge in investigating the links between organized crime and terrorism was to obtain enough data to provide an accurate portrayal of that relationship. Given the secrecy of all criminal organizations, many traditional methods of quantitative and qualitative research were not viable. Nonetheless we con- ducted numerous interviews, and obtained identified statements from investigators and policy officials. Records of legal proceedings, criminal records, and terrorist incident reports were also important data sources.

The strategy underlying the collection of data was to focus on the sources of interaction wherever they were located (e.g., developing countries and urban areas), rather than on instances of interaction in developed countries like the September 11th or the Madrid bombing investigations. In so doing, the project team hoped to avoid characterizing the problem “from out there.”

All three case studies highlight patterns of association that are particularly visible, frequent, and of lengthy duration. Because the conflict regions in the case studies also contribute to crime in the United States, our view was these models were needed to perceive patterns of association that are less visible in other environments. A further element in the selection of these regions was practical: in each one, researchers affiliated with the project had access to reliable sources with first-hand knowledge of the subject matter. Our hypothesis was that some of the most easy to detect relations would be in these societies that are so corrupted and with such limited enforcement that the phenomena might be more open for analysis and disclosure than in environments where this is more covert.

A new analytical approach: PIE

Investigators seeking to detect a terrorist activity before an incident takes place are overwhelmed by data.

A counterterrorist analyst at the Central Intelligence Agency took this further, noting that the discovery of crime-terror interactions was often the accidental result of analysis on a specific terror group, and thus rarely was connected to the criminal patterns of other terror groups.

IPB is an attractive basis for analyzing the behavior of criminal and terrorist groups because it focuses on evidence about their operational behavior as well as the environment in which they operate. This evidence is plentiful: communications, financial transactions, organizational forms and behavioral patterns can all be analyzed using a form of IPB.

the project team has devised a methodology based on IPB, which we have termed preparation of the investigation environment, or PIE. We define PIE as a concept in which investigators and analysts organize existing data to identify areas of high potential for collaboration between terrorists and organized criminals in order to focus next on developing specific cases of crime-terror interaction—thereby generating further intelligence for the development of early warning on planned terrorist activity.

While IPB is chiefly a method of eliminating data that is not likely to be relevant, our PIE method also provides positive indicators about where relevant evidence should be sought.

3.1 The theoretical basis for the PIE Method

Donald Cressey’s famous study of organized crime in the U.S., with the analogy of an archeological dig, was the starting point for our model of crime-terror cooperation.35 As Cressey defines it, archeologists first examine documentary sources to collect what is known and develop a map based on what is known. That map allows the investigator to focus on those areas that are not known—that is, the archeologist uses the map to focus on where to dig. The map also serves as a context within which artifacts discovered during the dig can be evaluated for their significance. For example, discovery of a bowl at a certain depth and location can provide information to the investigator concerning the date of an encampment and who established it.

The U.S. Department of Defense defines IPB as an analytical methodology employed to reduce un- certainties concerning the enemy, environment, and terrain for all types of operations. Intelligence preparation of the battlespace builds an extensive database for each potential area in which a unit may be re- quired to operate. The database is then analyzed in detail to determine the impact of the enemy, environment, and terrain on operations and presents it in graphic form.36 Alongside Cressey’s approach, IPB was selected as a second basis of our methodological approach.

Territory outside the control of the central state such as exists in failed or failing states, poorly regulated or border regions (especially those regions surrounding the intersection of multiple borders), and parts of otherwise viable states where law and order is absent or compromised, including urban quarters populated by diaspora communities or penal institutions, are favored locales for crime-terror interactions.

3.2 Implementing PIE as an investigative tool

Organized crime and terrorist groups have significant differences in their organizational form, culture, and goals. Bruce Hoffman notes that terrorist organizations can be further categorized based on their organizational ideology.

In converting IPB to PIE, we defined a series of watch points based on organizational form, goals, culture and other aspects to ensure PIE is flexible enough to compare a transnational criminal syndicate or a traditional crime hierarchy with an ethno-nationalist terrorist faction or an apocalyptic terror group.

The standard operating procedures and means by which military units are expected to achieve their battle plan are called doctrine, which is normally spelled out in great detail as manuals and training regimens. The doctrine of an opposing force thus is an important part of an IPB analysis. Such information is equally important to PIE, but is rarely found in manuals nor is it as highly developed as military doctrines.

Once the organizational forms, terrain and behavior of criminal and terrorist groups were defined at this level of detail, we settled on 12 watch points to cover the three components of PIE. For example, the watch point entitled organizational goals examines what the goals of organized crime and terror groups can tell investigators about potential collaboration or overlap between the two.

Investigators using PIE will collect evidence systematically through the investigation of watch points and analyze the data through its application to one or more indicators. That in turn will enable them to build a case for making timely predictions about crime-terror cooperation or overlap. Conversely, PIE also provides a mechanism for ruling out such links.

The indicators are designed to reduce the fundamental uncertainty associated with seemingly disparate or unrelated pieces of information. They also serve as a way of constructing probable cause, with evidence triggering indicators.

Although some watch points may generate ambiguous indicators of interaction between terror and crime, providing investigators and analysts with negative evidence of collusion between criminals and terrorists also has the practical benefit of steering scarce resources toward higher pay-off areas for detecting cooperation between the groups.

3.3. PIE composition: Watch points and indicators

The first step for PIE is to identify those areas where terror-crime collaborations are most likely to occur. To prepare this environment, PIE asks investigators and analysts to engage in three preliminary analyses. These are first to map where particular criminal and terrorist groups are likely to be operating, both in physical geographic terms and through information traditional and electronic media; secondly, to develop typologies for the behavior patterns of the groups and, when possible, their broader networks (often represented chronologically as a timeline); thirdly, to detail the organizations of specific crime and terror groups and, as feasible, their networks.

The geographical areas where terrorists and criminals are highly likely to be cooperating are known in IPB parlance as named areas of interest, or localities that are highly likely to support military operations. In PIE they are referred to as watch points.

A critical function of PIE is to set sensible priorities for analysts.

The second step of a PIE analysis concentrates on the watch points to identify named areas of inter- action where overlaps between crime and terror groups are most likely. The PIE method expresses areas of interest geographically but remains focused on the overlap between terrorism and organized crime.

the three preliminary analyses mentioned above are deconstructed into watch points, which are broad categories of potential crime-terror interactions.

the use of PIE leads to the early detection of named areas of interest through the analysis of watch points, providing investigators the means of concentrating their focus on terror-crime interactions and thereby enhancing their ability to detect possible terrorist planning.

The third and final step is for the collection and analysis of information that indicates organizational, operational or other nodes whereby criminals and terrorists appear to interact. While watch points are broad categories, they are composed of specific indicators of how organized criminals and terrorists might cooperate. These specific patterns of behavior help to confirm or deny that a watch point is applicable.

If several indicators are present, or if the indicators are particularly clear, this bolsters the evidence that a particular type of terror-crime interaction is present. No single indicator is likely to provide ‘smoking gun’ evidence of a link, although examples of this have occasionally arisen. Instead, PIE is a holistic approach that collects evidence systematically in order to make timely predictions of an affiliation, or not, between specific criminal and terrorist groups.

For policy analysts and planners, indicators reduce the sampling risk that is unavoidable for anyone collecting seemingly disparate and unrelated pieces of evidence. For investigators, indicators serve as a means of constructing probable cause. Indeed, even negative evidence of interaction has the practical benefit of helping investigators and analysts manage their scarce resources more efficiently.

3.4 The PIE approach in practice: Two Cases

the process began with the collection of relevant information (scanning) that was then placed into the larger context of watch points and indicators (codification) in order to produce the aforementioned analytical insights (abstraction).

Each case will describe how the TraCCC team shared (diffusion) its findings in or- der to obtain validation and to have an impact on practitioners fighting terrorism and/or organized crime.

3.4.1 The Georgia Case

In 2003-4, TraCCC used the PIE approach to identify one of the largest money laundering cases ever successfully prosecuted. The PIE method helped close down a major international vehicle for money laundering. The ability to organize the financial records from a major money launderer allowed the construction of a significant network that allowed understanding of the linkages among major criminal groups whose relationship has not previously been acknowledged.

Some of the information most pertinent to Georgia included but that was not limited to:

Corrupt Georgian officials held high law enforcement positions prior to the Rose Revolution and maintained ties to crime and terror groups that allowed them to operate with impunity;
Similar patterns of violence were found among organized crime and terrorist groups operating in Georgia;
Numerous banks, corrupt officials and other providers of illicit goods and services assisted both organized crime and terrorists
Regions of the country supported criminal infrastructures useful to organized crime and terrorists alike, including Abkhazia, Ajaria and Ossetia.

Combined with numerous other pieces of information and placed into the PIE watch point structure, the resulting analysis triggered a sufficient number of indicators to suggest that further analysis was warranted to try to locate a crime-terror interaction.

The second step of the PIE analysis was to examine information within the watch points for connections that would suggest patterns of interaction between specific crime and terror groups. These points of interaction are identified in the Black Sea case study but the most successful identification was found from an analysis of the watch point that specifically examined the financial environment that would facilitate the link between crime and terrorism.

The TraCCC team began its investigation within this watch point by identifying the sectors of the Georgian economy that were most conducive to economic crime and money laundering. This included such sectors as energy, railroads and banking. All of these sectors were found to be highly criminalized.

Only by having researchers with knowledge of the economic climate, the nature of the business community and the banking sector determined that investigative resources needed to be concentrated on the “G” bank. By knowing the terrain, investigative focus was focused on “G” bank by the newly established financial investigative unit of the Central Bank. A six-month analysis of the G bank and its transactions enabled the development of a massive network analysis that facilitated prosecution in Georgia and may lead to prosecutions in major financial centers that were previously unable to address some crime groups, at least one of which was linked to a terrorist group.

Using PIE allowed a major intelligence breakthrough.

First, it located a large facilitator of dirty money. Second, the approach was able to map fundamental connections between crime and terror groups. Third, the analysis highlighted the enormous role that purely “dirty banks” housed in countries with small economies can provide as a service for transnational crime and even terrorism.

While specific details must remain sealed due to deference to ongoing legal proceedings, to date the PIE analysis has grown into investigations in Switzerland, and others in the US and Georgia.

the PIE approach is one that favors the construction and prosecution of viable cases.

the PIE approach is a platform for starting and later focusing investigations. When coupled with investigative techniques like network analysis, the PIE approach supports the construction and eventual prosecution of cases against organized crime and terrorist suspects.

3.4.2 Russian Closed Cities

In early 2005, a US government agency asked TraCCC to identify how terrorists are potentially trying to take advantage of organized crime groups and corruption to obtain fissile material in a specific region of Russia—one that is home to a number of sensitive weapons facilities located in so-called “closed cities.” The project team assembled a wealth of information concerning the presence and activities of both criminal and terror groups in the region in question, but was left with the question of how best to organize the data and develop significant conclusions.

The project’s information supported connections in 11 watch points, including:

A vast increase in the prevalence of violence in the region, especially in economic sectors with close ties to organized crime;
Commercial ties in the drug trade between crime groups in the region and Islamic terror groups formerly located in Afghanistan;
Rampant corruption in all levels of the regional government and law enforcement mechanisms, rendering portions of the region nearly ungovernable;
The presence of numerous regional and transnational crime groups as well as recruiters for Islamic groups on terrorist watch lists;

employment of the watch points prompted creative leads to important connections that were not readily apparent until placed into the larger context of the PIE analytical framework. Specifically, the analysis might not have included evidence of trust links and cultural ties between crime and terror groups had the PIE approach not explained their utility.

When the TraCCC team applied the PIE to the closed cities case, the team found using the technologies reduced time analyzing data while improving the analytical rigor of the task. For example, structured queries of databases and online search engines provided information quickly. Likewise, network mapping improved analytical rigor by codifying the links between numerous actors (e.g., crime groups, terror groups, workers at weapons facilities and corrupt officials) in local, regional and transnational contexts.

3.5 Emergent behavior and automation

The dynamic nature of crime and terror groups complicates the IPB to PIE transition. The spectrum of cooperation demonstrates that crime-terror intersections are emergent phenomena.

PIE must have feedback loops to cope with the emergent behavior of crime and terror groups

when the project team spoke with analysts and investigators, the one deficiency they noted was the ability to conduct strategic intelligence given their operational tempo.

The terror-crime interaction spectrum

In formulating PIE, we recognized that crime and terrorist groups are more diverse in nature than military units. They may be networks or hierarchies, they have a variety of cultures rather than a disciplined code of behavior, and their goals are far less clear. Hoffman notes that terrorist groups can be further categorized based on their organizational ideology.

Other researchers have found significant evidence of interaction between terrorism and organized crime, often in support of the general observation that while their methods might converge, the basic motives of crime and terror groups would serve to keep them at arm’s length—thus the term “methods, not motives.”41 Indeed, the differences between the two are plentiful: terrorists pursue political or religious objectives through overt violence against civilians and military targets. They turn to crime for the money they need to survive and operate.

Criminal groups, on the other hand, are focused on making money. Any use of violence tends to be concealed, and is generally focused on tactical goals such as intimidating witnesses, eliminating competitors or obstructing investigators.

In a corrupt environment, the two groups find common cause.

Terrorists often find it expedient, even necessary, to deal with outsiders to get funding and logistical support for their operations. As such interactions are repeated over time, concerns arise that criminal and terrorist organizations will integrate and might even form new types of organizations.

Support for this point can be found in the seminal work of Sutherland, who has argued that the “in- tensity and duration” of an association with criminals makes an individual more likely to adopt criminal behavior. In conflict regions, where there is intensive interaction between criminals and terrorists, there is more shared behavior and a process of mutual learning that goes on.

The dynamic relationship between international terror and transnational crime has important strategic implications for the United States.

The result is a model known as the terror-crime interaction spectrum that depicts the relationship between terror and criminal groups and the different forms it takes.

Each form of interaction represents different, yet specific, threats, as well as opportunities for detection by law enforcement and intelligence agencies.

An interview with a retired member of the Chicago organized crime investigative unit revealed that it had investigated taxi companies and taxicab owners as cash-based money launderers. Logic suggests that terrorists may also be benefiting from the scheme. But this line of investigation was not pursued in the 9/11 investigations although two of the hijackers had worked as taxi drivers.

Within the spectrum, processes we refer to as activity appropriation, nexus, symbiotic relationship, hybrid, and transformation illustrate the different forms of interaction between a terrorist group and an organized crime group, as well as the behavior of a single group engaged in both terrorism and organized crime.

While activity appropriation does not represent organizational linkages between crime and terror groups, it does capture the merger of methods that were well-documented in section 2. Activity appropriation is one way that terrorists are exposed to organized crime activities and, as Chris Dishman has noted, can lead to a transformation of terror cells into organized crime groups.

Applying the Sutherland principle of differential association, these activities are likely to bring a terror group into regular contact with organized crime. As they attempt to acquire forged documents, launder money, or pay bribes, it is a natural step to draw on the support and expertise of the criminal group, which is likely to have more experience in these activities. It is referred to here as a nexus.

terrorists first engage in “do it yourself” organized crime and then turn to organized crime groups for specialized services like document forgery or money laundering.

In most cases a nexus involves the criminals providing goods and services to terrorists for payment although it can work in both directions. A typically short-term relation- ship, a nexus does not imply that the criminals share the ideological views of the terrorists, merely that the transaction offers benefits to both sides.

After all, they have many needs in common: safe havens, false documentation, evasive tactics, and other strategies to lower the risk of being detected. In Latin America, transnational criminal gangs have employed terrorist groups to guard their drug processing plants. In Northern Ireland, terrorists have provided protection for human smuggling operations by the Chinese Triads.

If the nexus continues to benefit both sides over a period of time, the relationship will deepen. More members of both groups will cooperate, and the groups will create structures and procedures for their business transactions, transfer skills and/or share best practices. We refer to this closer, more sustained cooperation as a symbiotic relationship, and define it as a relationship of mutual benefit or dependence.

In the next stage, the two groups continue to cooperate over a long period and members of the organized crime group begin to share the ideological goals of the terrorists. They grow increasingly alike and finally they merge. That process results in a hybrid or dark network49 that has been memorably described as terrorist by day and criminal by night.50 Such an organization engages in criminal acts but also has a political agenda. Both the criminal and political ends are forwarded by the use of violence and corruption.

These developments are not inevitable, but result from a series of opportunities that can lead to the next stage of cooperation. It is important to recognize, however, that even once the two groups have reached the point of hybrid, there is no reason per se to suspect that transformation will follow. Likewise, a group may persist with borrowed methods indefinitely without ever progressing to cooperation. In Italy and elsewhere, crime groups that also engaged in terrorism never found a terrorist partner and thus remained at the activity appropriation stage. Eventually they ended their terrorist activities and returned to the exclusive pursuit of organized crime.

Interestingly, the TraCCC team found no example where a terrorist group engaging in organized crime, either through activity appropriation or through an organizational linkage, came into conflict with a criminal group.51 Neither archival sources nor our interviews revealed such a conflict over “turf,” though logic would suggest that organized crime groups would react to such forms of competition.

The spectrum does not create exact models of the evolution of criminal-terrorist cooperation. In- deed, the evidence presented both here and in prior studies suggests that a single evolutionary path for crime-terror interactions does not exist. Environmental factors outside the control of either organization and the varied requirements of specific organized crime or terrorist groups are but two of the reasons that interactions appear more idiosyncratic than generalizable.

Using the PIE method, investigators and analysts can gain an understanding of the terror-crime intersection by analyzing evidence sourced from communications, financial transactions, organizational charts, and behavior. They can also apply the methodology to analyze watch points where the two entities may interact. Finally, using physical, electronic, and data surveillance, they can develop indicators showing where watch points translate into practice.

The significance of terror-crime interactions in geographic terms

Some shared characteristics arose from examining this case. First, both neighborhoods shared similar diaspora compositions and a lack of effective or interested policing. Second, both terror cells had strong connections to the shadow economy.

the case demonstrated that each cell shared three factors—poor governance, a sense of ethnic separation amongst the cell (supported by the nature of the larger diaspora neighborhoods), and a tradition of organized crime.

U.S. intelligence and law enforcement are naturally inclined to focus on manifestations of organized crime and terrorism in their own country, but they would benefit from studying and assessing patterns and behavior of crime in other countries as well as areas of potential relevance to terrorism.

When turning to the situation overseas, one can differentiate between longstanding crime groups and their more recently formed counterparts according to their relationship to the state. With the exception of Colombia, rarely do large, established (i.e., “traditional”) crime organizations link with terrorists. These groups possess long-held financial interests that would suffer should the structures of the state and the international financial community come to be undermined. Through corruption and movement into the lawful economy, these groups minimize the risk of prosecution and therefore do not fear the power of state institutions.

Developing countries with weak economies, a lack of social structures, many desperate, hungry people, and a history of unstable government are both relatively likely to provide ideological and economic foundations for both organized crime and terrorism within their borders and relatively unlikely to have much capacity to combat either of them. Conflict zones have traditionally provided tremendous opportunities for smuggling and corruption and reduced oversight capacities, as regulatory and enforcements be- come almost solely directed at military targets. They are therefore especially vulnerable to both serious organized crime and violent activity directed at civilian populations for political goals – as well as cooperation between those engaging in pure criminal activities and those engaging in politically-motivated violence.

Post-conflict zones are also likely to spawn such cooperation; as such areas often retain weak enforcement capacity for some time following an end to formal hostilities.

these patterns of criminal behavior and organization can arise from areas as diverse as conflict zones overseas (which then tend can replicate once they arrive in the U.S.) to neighborhoods in U.S. cities. The problematic combinations of poor governance, ethnic separation from larger society, and a tradition of criminal activity (frequently international) are the primary concerns behind this broad taxonomy of geographic locales for crime-terror interaction.

Watch points and indicators

Taking the evidence of cooperation between organized crime and terrorism, we have generated 12 specific areas of interaction, which we refer to as watch points. In turn these watch points are subdivided into a number of indicators that point out where interaction between terror and crime may be taking place.

These watch points cover a variety of habits and operating modes of organized crime and terrorist groups.

We have organized our watch points into three categories: environmental, organizational, and behavioral. Each of the following sections details one of the twelve watch points.

Watch Point 1: Open activities in the legitimate economy

Watch Point 2: Shared illicit nodes

Watch Point 3: Communications

Watch Point 4: Use of information technology (IT)

Watch Point 5: Violence

Watch Point 6: Use of corruption

Watch Point 7: Financial transactions & money laundering

Watch Point 8: Organizational structures

Watch Point 9: Organizational goals

Watch Point 10: Culture

Watch Point 11: Popular support

Watch Point 12: Trust

6.1. Watch Point 1: Open activities in the legitimate economy

The many indicators of possible links include habits of travel, the use of mail and courier services, and the operation of fronts.

Organized crime and terror may be associated with subterfuge and secrecy, but both criminal types engage legitimate society quite openly for particular political purposes. Yet in the first instance, criminal groups are likely to leave greater “traces,” especially when they operate in societies with functioning governments, than do terrorist groups.

Terrorist groups usually seek to make common cause with segments of society that will support their goals, particularly the very poor and the disadvantaged. Terrorists usually champion repressed or dis- enfranchised ethnic and religious minorities, describing their terrorist activities as mechanisms to pressure the government for greater autonomy and freedom, even independence, for these minorities… the openly take responsibility for their attacks, but their operational mechanisms are generally kept secret, and any ongoing contacts they may have with legitimate organizations are carefully hidden.

Criminal groups, like terrorists, may have political goals. For example, such groups may seek to strengthen their legitimacy through donating some of their profits to charity. Colombian drug traffickers are generous in their support of schools and local sports teams.5

criminals of all types could scarcely carry out criminal activities, maintain their cover, and manage their money flows without doing legal transactions with legitimate businesses.

Travel: Frequent use of passenger carriers and shipping companies are potential indicators of illicit activity. Clues can be gleaned from almost any pattern of travel that can be identified as such.

Mail and courier services: Indicators of interaction are present in the tracking information on international shipments of goods, which also generate customs records. Large shipments require bills-of-lading and other documentation. Analysis of such transactions, cross-referenced with in- formation on crime databases, can identify links between organized crime and terrorist groups.

Fronts: A shared front company or mutual connections to legitimate businesses are clearly also indicators of interaction.

Watch Point 2: Shared illicit nodes

The significance of overt operations by criminal groups should not be overstated. Transnational crime and terror groups alike carry out their operations for the most part with illegal and undercover methods. There are many similarities in these tactics. Both organized criminals and terrorists need forged pass- ports, driver’s licenses, and other fraudulent documents. Dishonest accountants and bankers help criminals launder money and commit fraud. Arms and explosives, training camps and safe houses are other goods and services that terrorists obtain illicitly.

Fraudulent Documents. Groups of both types may use the same sources of false documents,

or the same techniques, indicating cooperation or overlap. A criminal group often develops an expertise in false document production as a business, expanding production and building a customer base.

Some of the 9/11 hijackers fraudulently obtained legitimate driver’s licenses through a fraud ring based at an office of DMV in the Virginia suburbs of Washington, DC. Ac- cording to an INS investigator, this ring was under investigation well before the 9/11 attacks, but there was insufficient political will inside the INS to take the case further.

Arms Suppliers. Both terror and organized crime might use the same supplier, or the same distinctive method of doing business, such as bartering weapons or drugs. In 2001 the Basque terror group ETA contracted with factions of the Italian Camorra to obtain missile launchers and ammunition in return for narcotics.

Financial experts. Bankers and financial professionals who assist organized crime might also have terrorist affiliations. The methods of money laundering long used by narcotics traffickers and other organized crime have now been adopted by some terrorist groups.

Drug Traffickers. Drug trafficking is the single largest source of revenues for international organized crime. Substantial criminal groups often maintain well-established smuggling routes to distribute drugs. Such an infrastructure would be valuable to terrorists who purchased weapons of mass destruction and needed to transport them.

Other Criminal Enterprises. An increasing number of criminal enterprises outside of narcotics smuggling are serving the financial or logistical ends of terror groups and thus serve as nodes of interaction. For example, piracy on the high seas, a growing threat to maritime commerce, often depends on the collusion of port authorities, which are controlled in many cases by organized crime.

These relationships are particularly true of developed countries with effective law enforcement, since criminals obviously need to be more cautious and often restrict their operations to covert activity. In conflict zones, however, criminals of all types feel even less restraint about flaunting their illegal nature, since there is little chance of being detected or apprehended.

Watch Point 3: Communications

The Internet, mobile phones and satellite communications enable criminals and terrorists to communicate globally in a relatively secure fashion. FARC, in concert with Colombian drug cartels, offered training on how to set up narcotics trafficking businesses used secure websites and email to handle registration.

Such scenarios are neither hypothetical nor anecdotal. Interviews with an analyst at the US Drug Enforcement Administration revealed that narcotics cartels were increasingly using encryption in their digital communications. In turn, the agent interviewed stated that the same groups were frequently turning to information technology experts to provide them encryption to help secure their communications.

Nodes of interaction therefore include:

Technical overlap: Examples exist where organized crime groups opened their illegal communications systems to any paying customer, thus providing a service to other criminals and terrorists among others. For example, a recent investigation found clandestine telephone exchanges in the Tri-Border region of South America that were connected to Jihadist networks. Most were located in Brazil, since calls between Middle Eastern countries and Brazil would elicit less suspicion and thus less chance of electronic eavesdropping.
Personnel overlap: Crime and terror groups that recruit common high-tech specialists to their cause. Given their ability to encrypt messages, criminals of all kinds may rely on outsiders to carry the message. Smuggling networks all have operatives who can act as couriers, and terrorists have networks of sympathizers in ethnic diasporas who can also help.

Watch Point 4: Use of information technology (IT)

Organized crime has devised IT-based fraud schemes such as online gambling, securities fraud, and pirating of intellectual property. Such schemes appeal to terror groups, too, particularly given the relative anonymity that digital transactions offer. Investigators into the Bali disco bombing of 2002 found that the laptop computer of the ringleader, Imam Samudra, contained a primer he authored on how to use online fraud to finance operations. Evidence of terror groups’ involvement is a significant set of indicators of cooperation or overlap.

Indicators of possible cooperation or nodes of interaction include:

Fundraising: Online fraud schemes and other uses of IT for obtaining ill-gotten gains are already well-established by organized crime groups and terrorists are following suit. Such IT- assisted criminal activities serve as another node of overlap for crime and terror groups, and thus expand the area of observation beyond the brick-and-mortar realm into cyberspace (i.e., investigators now expect to find evidence of collaboration on the Internet or in email as much as through telephone calls or postal services).

Use of technical experts: While no evidence exists that criminals and terrorists have directly cooperated to conduct cybercrime or cyberterrorism, they are often served by the same technical experts.

Watch Point 5: Violence

Violence is not so much a tactic of terrorists as their defining characteristic. These acts of violence are designed to obtain publicity for the cause, to create a climate of fear, or to provoke political repression, which they hope will undermine the legitimacy of the authorities. Terrorist attacks are deliberately highly visible in order to enhance their impact on the public consciousness. Indiscriminate violence against innocent civilians is therefore more readily ascribed to terrorism.

no examples exist where terrorists have engaged criminal groups for violent acts.

A more significant challenge lies in trying to discern generalities about organized crime’s patterns of violence. Categorizing patterns of violence according to their scope or their promulgation is suspect. In the past, crime groups have used violence selectively and quietly to achieve their goals, but then have also used violence broadly and loudly to achieve other goals. Neither can one categorize organized crime’s violence according to goals as social, political and economic considerations often overlap in every attack or campaign.

Violence is therefore an important watch point that may not yield specific indicators of crime-terror interaction per se but can serve to frame the likelihood that an area might support terror-crime interaction.

Watch Point 6: Use of corruption

Both terrorists and organized criminals bribe government officials to undermine the work of law enforcement and regulation. Corrupt officials assist criminals by exerting pressure on businesses that refuse to cooperate with organized crime groups, or by providing passports for terrorists. The methods of corruption are diverse on both sides and include payments, the provision of illegal goods, the use of compromising information to extort cooperation, and outright infiltration of a government agency or other target.

Many studies have demonstrated that organized crime groups often evolve in places where the state cannot guarantee law or order, or provide basic health care, education, and social services. The absence of effective law enforcement combines with rampant corruption to make well-organized criminals nearly invulnerable.

Colombia may be the only example of a conflict zone where a major transnational crime group with very large profits is directly and openly connected to terrorists. The interaction between the FARC and ELN terror groups and the drug syndicates provides crucial important financial resources for the guerillas to operate against the Colombian state – and against each another. This is facilitated by universal corruption, from top government officials to local police. Corruption has served as the foundation for the growth of the narcotics cartels and insurgent/terrorist groups.

In the search for indicators, it would be simplistic to look for a high level of corruption, particularly in conflict zones. Instead, we should pose a series of questions:

Cooperation Are terrorist and criminal groups working together to minimize cost and maximize leverage from corrupt individuals and institutions?

Division of labor Are terrorist and criminal groups purposefully corrupting the areas they have most contact with? In the case of crime groups, that would be law enforcement and the judiciary; in the case of terrorists, the intelligence and security services.

Autonomy Are corruption campaigns carried out by one or both groups completely independent of the other?

These indicators can be applied to analyze a number of potential targets of corruption. Personnel that can provide protection or services are often mentioned as the target of corruption. Examples include law enforcement, the judiciary, border guards, politicians and elites, internal security agents and Consular officials. Economic aid and foreign direct investment are also targeted as sources of funds by criminals and terrorists that they can access by means of corruption.

Watch Point 7: Financial transactions & money laundering

despite the different purposes that may be involved in their respective uses of financial institutions (organized crime seeking to turn illicit funds into licit funds; terrorists seeking to move licit funds to use them for illicit means), the groups tend to share a common infrastructure for carrying out their financial activities. Both types of groups need reliable means of moving, and laundering money in many different jurisdictions, and as a result, both use similar methods to move money internationally. Both use charities and front groups as a cover for money flows.

Possible indicators include:

Shared methods of money laundering
Mutual use of known front companies and banks, as well as financial experts.

Watch Point 8: Organizational structures

The traditional model of organized crime used by U.S. law enforcement is that of the Sicilian Mafia – a hierarchical, conservative organization embedded in the traditional social structures of southern Italy… among today’s organized crime groups the Sicilian mafia is more of an exception than the rule.

Most organized crime now operates not as a hierarchy but as a decentralized, loose-knit network – which is a crucial similarity to terror groups. Networks offer better security, make intelligence-gathering more efficient, cover geographic distances and span diverse memberships more effectively.

Membership dynamics Both terror and organized crime groups – with the exception of the Sicilian Mafia and other traditional crime groups (i.e., Yakuza) – are made up of members with loose, relatively short-term affiliations to each other and even to the group itself. They can readily be recruited by other groups. By this route, criminals have become terrorists.

Scope of organization Terror groups need to make constant efforts to attract and recruit new members. Obvious attempts to attract individuals from crime groups are a clear indication of co- operation. An intercepted phone conversation in May 2004 by a suspected terrorist called Rabei Osman Sayed Ahmed revealed his recruitment tactics: “You should also know that I have met other brothers, that slowly I have created with a few things. First, they were drug pushers, criminals, I introduced them to the faith and now they are the first ones who ask when the moment of the jihad will be…”

Need to buy, wish to sell Often the business transactions between the two sides operate in both directions. Terrorist groups are not just customers for the services of organized crime, but often act as suppliers, too. Arms supply by terrorists is particularly marked in certain conflict zones. Thus, any criminal group found to be supplying outsiders with goods or services should be investigated for its client base too.

Investigators who discovered the money laundering in the above example were able to find out more about the terrorists’ activities too. The Islamic radical cell that planned the Madrid train bombings of 2004 was required to support itself financially through a business venture despite its initial funding by Al Qaeda.

Watch Point 9: Organizational goals

In theory, their different goals are what set terrorists apart from the perpetrators of organized crime. Terrorist groups are most often associated with political ends, such as change in leadership regimes or the establishment of an autonomous territory for a subnational group. Even millenarian and apocalyptic terrorist groups, such as the science-fiction mystics of Aum Shinrikyo, often include some political objectives. Organized crime, on the other hand, is almost always focused on personal enrichment.

By cataloging the different – and shifting – goals of terror and organized crime groups, we can develop indicators of convergence or divergence. This will help identify shared aspirations or areas where these aims might bring the two sides into conflict. On this basis, investigators can ask what conditions might prompt either side to adopt new goals or to fall back to basic goals, such as self-preservation.

Long view or short-termism

Affiliations of protagonists

Watch Point 10: Culture

Both terror and criminal groups use ideologies to maintain their internal identity and provide external justifications for their activities. Religious terror groups adopt and may alter the teachings of religious scholars to suggest divine support for their cause, while Italian, Chinese, Japanese, and other organized crime groups use religious and cultural themes to win public acceptance. Both types use ritual and tradition to construct and maintain their identity. Tattoos, songs, language, and codes of conduct are symbolic to both.

Religious affiliations, strong nationalist sentiments and strong roots in the local community are often characteristics that cause organized criminals to shun any affiliation with terrorists. Conversely, the absence of such affiliations means that criminals have fewer constraints keeping them from a link with terrorists.

In any organization, culture connects and strengthens ties between members. For networks, cultural features can also serve as a bridge to other networks.

Religion Many criminal and terrorist groups feature religion prominently.
Nationalism Ethno-nationalist insurgencies and criminal groups with deep historical roots are particularly likely to play the nationalist card.
Society Many criminal and terrorist networks adapt cultural aspects of the local and regional societies in which they operate to include local tacit knowledge, as contained in narrative traditions. Manuel Castells notes the attachment of drug traffickers to their country, and to their regions of origin. “They were/are deeply rooted in their cultures, traditions, and regional societies. …they have also revived local cultures, rebuilt rural life, strongly affirmed their religious feeling, and their beliefs in local saints and miracles, supported musical folklore (and were rewarded with laudatory songs from Colombian bards)…”

Watch Point 11: Popular support

Both organized crime and terrorist groups engage legitimate society in furtherance of their own agendas. In conflict zones, this may be done quite openly, while under the rule of law they are obliged to do so covertly. One way of doing so is to pay lip service to the interests of certain ethnic groups or social classes. Organized crime is particularly likely to make an appeal to disadvantaged people or people in certain professionals though paternalistic actions that make them a surrogate for the state. For instance, the Japanese Yakuza crime groups provided much-needed assistance to the citizens of Kobe after the serious earthquake there. Russian organized crime habitually supports cultural groups and sports troupes.

Both crime and terror derive crucial power and prestige through the support of their members and of some segment of the public at large. This may reflect enlightened self-interest, when people see that the criminals are acting on their behalf and improving their well-being and personal security. But it is equally likely to be that people are afraid to resist a violent criminal group in their neighborhood

This quest for popular support and common cause suggests various indicators:

Sources Terror groups seek and sometimes obtain the assistance of organized crime based on the perceived worthiness of the terrorist cause, or because of their common cause against state authorities or other sources of opposition. In testimony before the U.S. House Committee on International Relations, Interpol Secretary General Ronald Noble made this point. One of his examples was that Lebanese syndicates in South America send funds to Hezbollah.
Means Groups that cooperate may have shared activities for gaining popular support such as political parties, labor movements, and the provision of social services.
Places In conflict zones where the government has lost authority to criminal groups, social welfare and public order might be maintained by the criminal groups that hold power.

Watch Point 12: Trust

Like business corporations, terrorist and organized crime groups must attract and retain talented, dedicated, and loyal personnel. These skills are at an even greater premium than in the legitimate economy because criminals cannot recruit openly. A further challenge is that law enforcement and intelligence services are constantly trying to infiltrate and dismantle criminal networks. Members’ allegiance to any such group is constantly tested and demonstrated through rituals such as the initiation rites…

We propose three forms of trust in this context, using as a basis Newell and Swan’s model for inter- personal trust within commercial and academic groups.94

Companion trust based on goodwill or personal friendships… In this context, indicators of terror-crime interaction would be when members of the two groups use personal bonds based on family, tribe, and religion to cement their working relationship. Efforts to recruit known associates of the other group, or in common recruiting pools such as diasporas, would be another indicator.

Competence trust, which Newell and Swan define as the degree to which one person depends upon another to perform the expected task.

Commitment or contract trust, where all actors understand the practical importance of their role in completing the task at hand.

Case studies

7.1. The Tri-Border Area of Paraguay, Brazil, and Argentina

Chinese Triads such as the Fuk Ching, Big Circle Boys, and Flying Dragons are well established and believed to be the main force behind organized crime in CDE.

CDE is also a center of operations for several terrorist groups, including Al Qaeda, Hezbollah, Islamic Jihad, Gamaa Islamiya, and FARC.

Watch points

Crime and terrorism in the Tri-Border Area interact seamlessly, making it difficult to draw a clean line be- tween the types of persons and groups involved in each of these two activities. There is no doubt, however, that the social and economic conditions allow groups that are originally criminal in nature and groups whose primary purpose is terrorism to function and interact freely.

Organizational structure

Evidence from CDE suggests that some of the local structures used by both groups are highly likely to overlap. There is no indication, however, of any significant organizational overlap between the criminal and terrorist groups. Their cooperation, when it exists, is ad hoc and without any formal or lasting agreements, i.e., activity appropriation and nexus forms only.

Organizational goals

In this region, the short-term goals of criminals and terrorists converge. Both benefit from easy border crossings and the networks necessary to raise funds.

Culture Cultural affinities between criminal and terrorist groups in the Tri-Border Area include shared ethnicities, languages and religions.

It emerged that 400 to 1000 kilograms of cocaine may have been shipped on a monthly basis through the Tri-Border Area on its way to Sao Paulo and thence to the Middle East and Europe

Numerous arrests revealed the strong ties between entrepreneurs in CDE and criminal and potentially terrorist groups. From the evidence in CDE it seems that the two phenomena operate in rather separate cultural realities, focusing their operations within ethnic groups. But nor does culture serve as a major hindrance to cooperation between organized crime and terrorists.

Illicit activities and subterfuge

The evidence in CDE suggests that terrorists see it as logical and cost-effective to use the skills, contacts, communications and smuggling routes of established criminal networks rather than trying to gain the requisite experience and knowledge themselves. Likewise, terrorists appear to recognize that to strike out on their own risks potential turf conflicts with criminal groups.

There is a clear link between Hong Kong-based criminal groups that specialize in large-scale trafficking of counterfeit products such as music albums and software, and the Hezbollah cells active in the Tri-Border Area. Within their supplier-customer relationship, the Hong Kong crime groups smuggle contraband goods into the region and deliver them to Hezbollah operatives, who in turn profit from their sale. The proceeds are then used to fund the terrorist groups.

Open activities in the legitimate economy

The knowledge and skills potential of CDE is tremendous. While no specific examples exist to connect terrorist and criminal groups through the purchase of legal goods and services, it is obvious that the likelihood of this is high, given how the CDE economy is saturated with organized crime.

Support or sustaining activities

The Tri-Border Area has an usually large and efficient transport infrastructure, which naturally assists organized crime. In turn, the many criminals and terrorists using cover require a sophisticated and reliable document forgery industry. The ease with which these documents can be obtained in CDE is an indicator of cooperation between terrorists and criminals.

Brazilian intelligence services have evidence that Osama bin Laden visited CDE in 1995 and met with the members of the Arab community in the city’s mosque to talk about his experience as a mujahadeen fighter in the Afghan war against the Soviet Union.

Use of violence

Contract murder in CDE costs as little as one thousand dollars, and the frequent violence in CDE is directed at business people who refuse to bend to extortion by terror groups. Ussein Mohamed Taiyen, president of the CDE Chamber of Commerce, was one such victim—murdered because he refused to pay the tax.

Financial transactions and money laundering in 2000, money laundering in the Tri-Border Area was estimated at 12 billion U.S. dollars annually.

As many as 261 million U.S. dollars annually has been raised in Tri-Border Area and sent overseas to fund the terrorist activities of Hezbollah, Hamas, and Islamic Jihad.

Use of corruption

Most of the illegal activities in the Tri-Border Area bear the hallmark of corruption. In combination with the generally low effectiveness of state institutions, especially in Paraguay, and high level of corruption in that country, CDE appears to be a perfect environment for the logistical operations of both terrorists and organized criminals.

Even the few bona fide anti-corruption attempts made by the Paraguayan government have been under- mined because of the pervasive corruption, another example being the attempts to crack down on the Chinese criminal groups in CDE. The Consul General of Taiwan in CDE, Jorge Ho, stated that the Chinese groups were successful in bribing Paraguayan judges, effectively neutralizing law enforcement moves against the criminals.122

The other watch points described earlier – including fund raising and use of information technology – can also be illustrated with similar indicators of possible cooperation between terror and organized crime.

In sum, for the investigator or analyst seeking examples of perfect conditions for such cooperation, the Tri-Border Area is an obvious choice.

7.2. Crime and terrorism in the Black Sea region

Illicit or veiled operations Cigarette, drugs and arms smuggling have been major sources of financing of all the terrorist groups in the region.

Cigarette and alcohol smuggling has fueled the Kurdish-Turkish conflict as well as the terrorist violence in both the Abkhaz and Ossetian conflicts.

From the very beginning, the Chechen separatist movement had close ties with the Chechen crime rings in Russia, mainly operating in Moscow. These crime groups provided and some of them still provide financial sup- port for the insurgents.

Conclusion and recommendations

The many examples in this report of cooperation between terrorism and organized crime make clear that the links between these two potent threats to national and global security are widespread, dynamic, and dangerous. It is only rational to consider the possibility that an effective organized crime group may have a connection with terrorists that has gone unnoticed so far.

Our key conclusion is that crime is not a peripheral issue when it comes to investigating possible terrorist activity. Efforts to analyze the phenomenon of terrorism without considering the crime component undermine all counter-terrorist activities, including those aimed at protecting sites containing weapons of mass destruction.

Yet the staffs of intelligence and law enforcement agencies in the United States are already over- whelmed. Their common complaint is that they do not have the time to analyze the evidence they possess, or to eliminate unnecessary avenues of investigation. The problem is not so much a dearth of data, but the lack of suitable tools to evaluate that data and make optimal decisions about when, and how, to investigate further.

Scrutiny and analysis of the interaction between terrorism and organized crime will become a matter of routine best practice. Aware- ness of the different forms this interaction takes, and the dynamic relationship between them, will become the basis for crime investigations, particularly for terrorism cases.

In conclusion, our overarching recommendation is that crime analysis must be central to understanding the patterns of terrorist behavior and cannot be viewed as a peripheral issue.

For policy analysts:

More detailed analysis of the operation of illicit economies where criminals and terrorists interact would improve understanding of how organized crime operates, and how it cooperates with terrorists. Domestically, more detailed analysis of the businesses where illicit transactions are most common would help investigation of organized crime – and its affiliations. More focus on the illicit activities within closed ethnic communities in urban centers and in prisons in developed countries would prove useful in addressing potential threats.
Corruption overseas, which is so often linked to facilitating organized crime and terrorism, should be elevated to a U.S. national security concern with an operational focus. After all, many jihadists are recruited because they are disgusted with the corrupt governments in their home countries. Corruption has facilitated the commission of criminal acts such as the Chechen suicide bombers who bribed airport personnel to board aircraft in Moscow.
Analysts must study patterns of organized crime-terrorism interaction as guidance for what maybe observed subsequently in the United States.
Intelligence and law enforcement agencies need more analysts with the expertise to understand the motivations and methods of criminal and terrorist groups around the globe, and with the linguistic and other skills to collect and analyze sufficient data.

For investigators:

The separation of criminals and terrorists is not always as clear cut as many investigators believe. Crime and terrorists’ groups are often indistinguishable in conflict zones and in prisons.
The hierarchical structure and conservative habits of the Sicilian Mafia no longer serves as an appropriate model for organized crime investigations. Most organized crime groups now operate as loose networked affiliations. In this respect they have more in common with terrorist groups.
The PIE method provides a series of indicators that can result in superior profiles and higher- quality risk analysis for law enforcement agencies both in the United States and abroad. The approach can be refined with sensitive or classified information.
Greater cooperation between the military and the FBI would allow useful sharing of intelligence, such as the substantial knowledge on crime and illicit transactions gleaned by the counterintelligence branch of the U.S. military that is involved in conflict regions where terror-crime interaction is most profound.
Law enforcement personnel must develop stronger working relationships with the business sector. In the past, there has been too little cognizance of possible terrorist-organized crime interaction among the clients of private-sector business corporations and banks. Law enforcement must pursue evidence of criminal affiliations with high status individuals and business professionals who are often facilitators of terrorist financing and money laundering. In the spirit of public-private partnerships, corporations and banks should be placed under an obligation to watch for indications of organized crime or terrorist activity by their clients and business associates. Furthermore, they should attempt to analyze what they discover and to pass on their assessment to law enforcement.
Law enforcement personnel posted overseas by federal agencies such as the DEA, the Department of Justice, the Department of Homeland Security, and the State Department’s Bureau of International Narcotics and Law Enforcement should be tasked with helping to develop a better picture of the geography of organized crime and its most salient features (i.e., the watch points of the PIE approach). This should be used to assist analysts in studying patterns of crime behavior that put American interests at risk overseas and alert law enforcement to crime patterns that may shortly appear in the U.S.
Training for law enforcement officers at federal, state, and local level in identifying authentic and forged passports, visas, and other documents required for residency in the U.S. would eliminate a major shortcoming in investigations of criminal networks.

A.1 Defining the PIE Analytical Process

In order to begin identifying the tools to support the analytical process, the process of analysis itself first had to be captured. The TraCCC team adopted Max Boisot’s (2003) I-Space as a representation for de- scribing the analytical process. As Figure A-1 illustrates, I-Space provides a three-dimensional representation of the cognitive steps that constitute analysis in general and the utilization of the PIE methodology in particular. The analytical process is reduced to a series of logical steps, with one step feeding the next until the process starts anew. The steps are:

Scanning
2. Codification 3. Abstraction 4. Diffusion
5. Validation 6. Impacting

Over time, repeated iterations of these steps result in more and more PIE indicators being identified, more information being gathered, more analytical product being generated, and more recommendations being made. Boisot’s I-Space is described below in terms of law enforcement and intelligence analytical processes.

A.1.1. Scanning

The analytical process begins with scanning, which Boisot defines as the process of identifying threats and opportunities in generally available but often fuzzy data. For example, investigators often scan avail- able news sources, organizational data sources (e.g., intelligence reports) and other information feeds to identify patterns or pieces of information that are of interest. Sometimes this scanning is performed with a clear objective in mind (e.g., set up through profiles to identify key players). From a tools perspective, scanning with a focus on a specific entity like a person or a thing is called a subject-based query. At other times, an investigator is simply reviewing incoming sources for pieces of a puzzle that is not well under- stood at that moment. From a tools perspective, scanning with a focus on activities like money laundering or drug trafficking is called a pattern-based query. For this type of query, a specific subject is not the target, but a sequence of actors/activities that form a pattern of interest.

Many of the tools described herein focus on either:

o Helping an investigator build models for these patterns then comparing those models against the data to find ‘matches’, or

o Supporting automated knowledge discovery where general rules about interesting patterns are hypothesized and then an automated algorithm is employed to search through large amounts of data based on those rules.

The choice between subject-based and pattern-based queries is dependent on several factors including the availability of expertise, the size of the data source to be scanned, the amount of time available and, of course, how well the subject is understood and anticipated. For example, subject-based queries are by nature more tightly focused and thus are often best conducted through keyword or Boolean searches, such as a Google search containing the string “Bin Laden” or “Abu Mussab al-Zarqawi.” Pattern-based queries, on the other hand, support a relationship/discovery process, such as an iterative series of Google searches starting at ‘with all of the words’ terrorist, financing, charity, and hawala, proceeding through ‘without the words’ Hezbollah and Iran and culminating in ‘with the exact phrase’ Al Qaeda Wahabi charities. Regard- less of which is employed, the results provide new insights into the problem space. The construction, employment, evaluation, and validation of results from these various types of scanning techniques will pro- vide a focus for our tool exploration.

A.1.2. Codification

In order for the insights that result from scanning to be of use to the investigator, they must be placed into the context of the questions that the investigator is attempting to answer. This context provides structure through a codification process that turns disconnected patterns into coherent thoughts that can be more easily communicated to the community. The development of indicators is an example of this codification. Building up network maps from entities and their relationships is another example that could sup- port indicator development. Some important tools will be described that support this codification step.

A.1.3. Abstraction

During the abstraction phase, investigators generalize the application of newly codified insights to a wider range of situations, moving from the specific examples identified during scanning and codification towards a more abstract model of the discovery (e.g., one that explains a large pattern of behavior or predicts future activities). Indicators are placed into the larger context of the behaviors that are being monitored. Tools that support the generation and maintenance of models that support this abstraction process

will be key to making the analysis of an overwhelming number of possibilities and unlimited information manageable.

A.1.4. Diffusion

Many of the intelligence failures cited in the 9/11 Report were due to the fact that information and ideas were not shared. This was due to a variety of reasons, not the least of which were political. Technology also built barriers to cooperation, however. Information can only be shared if one of two conditions is met. Either the sender and receiver must share a context (a common language, background, understanding of the problem) or the information must be coded and abstracted (see steps 2 and 3 above) to extract it from the personal context of the sender to one that is generally understood by the larger community. Once this is done, the newly created insights of one investigator can be shared with investigators in sister groups.

The technology for the diffusion itself is available through any number of sources ranging from repositories where investigators can share information to real-time on-line cooperation. Tools that take advantage of this technology include distributed databases, peer-to-peer cooperation environments and real- time meeting software (e.g., shared whiteboards).

A.1.5. Validation

In this step of the process, the hypotheses that have been formed and shared are now validated over time, either by a direct match of the data against the hypotheses (i.e., through automation) or by working towards a consensus within the analytical community. Some hypotheses will be rejected, while others will be retained and ranked according to probability of occurrence. In either case, tools are needed to help make this match and form this consensus.

A.1.6. Impacting

Simply validating a set of hypotheses is not enough. If the intelligence gathering community stops at that point, the result is a classified CNN feed to the policy makers and practitioners. The results of steps 1 through 5 must be mapped against the opposing landscape of terrorism and transnational crime in order to understand how the information impacts the decisions that must be taken. In this final step, investigators work to articulate how the information/hypotheses they are building impact the overall environment and make recommendations on actions (e.g., probes) that might be taken to clarify that environment. The con- sequences of the actions taken as a result of the impacting phase are then identified during the scanning phase and the cycle begins again.

A.1.7. An Example of the PIE Analytical Approach

While section 4 provided some real-life examples of the PIE approach in action, a retrodictive analysis of terror-crime cooperation in the extraction, smuggling, and sale of conflict diamonds provides a grounding example of Boisot’s six step analytical process. Diamonds from West Africa were a source of funding for various factions in the Lebanese civil war since the 1980s. Beginning in the late 1990s intelligence, law enforcement, regulatory, non-governmental, and press reports suggested that individuals linked to transnational criminal smuggling and Middle Eastern terrorist groups were involved in Liberia’s illegal diamond trade. We would expect to see the following from an investigator assigned to track terrorist financing:

Scanning: During this step investigators could have assembled fragmentary reports to reveal crude patterns that indicated terror-crime interaction in a specific region (West Africa), involving two countries (Liberia and Sierra Leone) and trade in illegal diamonds.
Codification: Based on patterns derived from scanning, investigators could have codified the terror- crime interaction by developing explicit network maps that showed linkages between Russian arms dealers, Russian and South American organized crime groups, Sierra Leone insurgents, the government of Liberia, Al Qaeda, Hezbollah, Lebanese and Belgian diamond merchants, and banks in Cyprus, Switzerland, and the U.S.
Abstraction: The network map developed via codification is essentially static at this point. Utilizing social network analysis techniques, investigators could have abstracted this basic knowledge to gain a dynamic understanding of the conflict diamond network. A calculation of degree, betweenness, and closeness centrality of the conflict diamond network would have revealed those individuals with the most connections within the network, those who were the links between various subgroups within the network, and those with the shortest paths to reach all of the network participants. These calculations would have revealed that all the terrorist links in the conflict diamond network flowed through Ibra- him Bah, a Libyan-trained Senegalese who had fought with the mujahadeen in Afghanistan and whom Charles Taylor, then President of Liberia, had entrusted to handle the majority of his diamond deals. Bah arranged for terrorist operatives to buy all diamonds possible from the RUF, the Charles Taylor- supported rebel army that controlled much of neighboring civil-war-torn Sierra Leone. The same calculations would have delineated Taylor and his entourage as the key link to transnational criminals in the network, and the link between Bah and Taylor as the essential mode of terror-crime interaction for purchase and sale of conflict diamonds.
Diffusion: Disseminating the results of the first three analytical steps in this process could have alerted investigators in other domestic and foreign law enforcement and intelligence agencies to the emergent terror-crime nexus involving conflict diamonds in West Africa. Collaboration between various security services at this junction could have revealed Al Qaeda’s move into commodities such as diamonds, gold, tanzanite, emeralds, and sapphires in the wake of the Clinton Administration’s freezing of 240 million dollars belonging to Al Qaeda and the Taliban in Western banks in the aftermath of the August 1998 attacks on the U.S. embassies in Kenya and Tanzania. In particular, diffusion of the parameters of the conflict diamond network could have allowed investigators to tie Al Qaeda fund raising activities to a Belgian bank account that contained approximately 20 million dollars of profits from conflict diamonds.
Validation: Having linked Al Qaeda, Hezbollah, and multiple organized crime groups to the trade in conflict diamonds smuggled into Europe from Sierra Leone via Liberia, investigators would have been able to draw operational implications from the evidence amassed in the previous steps of the analytical process. For example, Al Qaeda diamond purchasing behavior changed markedly. Prior to July 2001 Al Qaeda operatives sought to buy low in Africa and sell high in Europe so as to maximize profit. Around July they shifted to a strategy of buying all the diamonds they could and offering the highest prices required to secure the stones. Investigators could have contrasted these buying patterns and hypothesized that Al Qaeda was anticipating events which would disrupt other stores of value, such as financial instruments, as well as bring more scrutiny of Al Qaeda financing in general.
Impacting: In the wake of the 9/11attacks, the hypothesis that Al Qaeda engaged in asset shifting prior to those strikes similar to that undertaken in 1999 has gained significant validity. During this final step in the analytical process, investigators could have created a watch point involving a terror-crime nexus associated with conflict diamonds in West Africa, and generated the following indicators for use in future investigations:

Financial movements and expenditures as attack precursors;
Money as a link between known and unknown nodes;
Changes in the predominant patterns of financial activity;
Criminal activities of a terrorist cell for direct or indirect operational support;
Surge in suspicious activity reports.

A.2. The tool space

The key to successful tool application is understanding what type of tool is needed for the task at hand. In order to better characterize the tools for this study, we have divided the tool space into three dimensions:

An abstraction dimension: This continuum focuses on tools that support the movement of concepts from the concrete to the abstract. Building models is an excellent example of moving concrete, narrow concepts to a level of abstraction that can be used by investigators to make sense of the past and predict the future.
A codification dimension: This continuum attaches labels to concepts that are recognized and accepted by the analytical community to provide a common context for grounding models. One end of the spectrum is the local labels that individual investigators assign and perhaps only that they understand. The other end of the spectrum is the community-accepted labels (e.g., commonly accepted definitions that will be understood by the broader analytical community). As we saw earlier, concepts must be defined in community-recognizable labels before the community can begin to cooperate on those concepts.
The number of actors: This last continuum talks in term of the number of actors who are involved with a given concept within a certain time frame. Actors could include individual people, groups, and even automated software agents. Understanding the number of actors involved with the analysis will play a key role in determining what type of tool needs to be employed.

Although they may appear to be performing the same function, abstraction and codification are not the same. An investigator could build a set of models (moving from concrete to abstract concepts) but not take the step of changing his or her local labels. The result would be an abstracted model of use to the single investigator, but not to a community working from a different context. For example, one investigator could model a credit card theft ring as a petty crime network under the loose control of a traditional organized crime family, while another investigator could model the same group as a terrorist logistic sup- port cell.

The analytical process described above can now be mapped into the three-dimensional tool space, represented graphically in Figure A-1. So, for example, scanning (step 1) is placed in the portion of the tool space that represents an individual working in concrete terms without those terms being highly codified (e.g., queries). Validation (step 5), on the other hand, requires the cooperation of a larger group working with abstract, highly codified concepts.

A.2.1. Scanning tools

Investigators responsible for constructing and monitoring a set of indicators could begin by scanning available data sources – including classified databases, unclassified archives, news archives, and internet sites – for information related to the indicators of interest. As can be seen from exhibit 6, all scanning tools will need to support requirements dictated by where these tools fall within the tool space. Scanning tools should focus on:

How to support an individual investigator as opposed to the collective analytical community. Investigators, for the most part, will not be performing these scanning functions as a collaborative effort;
Uncoded concepts, since the investigator is scanning for information that is directly related to a specific context (e.g., money laundering), then the investigator will need to be intimately familiar with the terms that are local (uncoded) to that context;
Concrete concepts or, in this case, specific examples of people, groups, and circumstances within the investigator’s local context. In other words, if the investigator attempts to generalize at this stage, much could be missed.

Using these criteria as a background, and leveraging state-of-the-art definitions for data mining, scanning tools fall into two basic categories:

Tools that support subject-based queries are used by investigators when they are searching for specific information about people, groups, places, events, etc.; and
Investigators who are not as interested in individuals as they are in identifying patterns of activities use tools that support pattern-based queries.

This section briefly describes the functionality in general, as well as providing specific tool examples, to support both of these critical types of scanning.

A.2.1.1. Subject-based queries

Subject-based queries are the easiest to perform and the most popular. Examples of tools that are used to support subject-based queries are Boolean search tools for databases and internet search engines.

Functionalities that should be evaluated when selecting subject-based query tools include that they are easy to use and intuitive to the investigator. Investigators should not be faced with a bewildering array of ‘ifs’, ‘ands’, and ‘ors’, but should be presented with a query interface that matches the investigator’s cognitive view of searching the data. The ideal is a natural language interface for constructing the queries. An- other benefit is that they provide a graphical interface whenever possible. One example might be a graphical interface that allows the investigator to define subjects of interest, then uses overlapping circles to indicate the interdependencies among the search terms. Furthermore, query interfaces should support synonyms, have an ability to ‘learn’ from the investigator based on specific interests, and create an archive of queries so that the investigator can return and repeat. Finally, they should provide a profiling capability that alerts the investigator when new information is found based on the subject.

Subject-based query tools fall into three categories: queries against databases, internet searches, and customized search tools. Examples of tools for each of these categories include:

Queries from news archives: All major news groups provide web-based interfaces that support queries against their on-line data sources. Most allow you to select the subject, enter keywords, specify date ranges, and so on. Examples include the New York Times (at http://www.nytimes.com/ref/membercenter/nytarchive.html) and the Washington Post (at http://pqasb.pqarchiver.com/washingtonpost/search.html). Most of these sources allow you to read through the current issue, but charge a subscription for retrieving articles from past issues.
Queries from on-line references: There are a host of on-line references now available for query that range from the Encyclopedia Britannica (at http://www.eb.com/) to the CIA’s World Factbook (at http://www.cia.gov/cia/publications/factbook/). A complete list of such references is impossible to include, but the search capabilities provided by each are clear examples of subject-based queries.
Search engines: Just as with queries against databases, there are a host of commercial search engines available for free-format internet searching. The most popular is Google, which combines a technique called citation indexing with web crawlers that constantly search out and index new web pages. Google broke the mold of free-format text searching by not focusing on exact matches between the search terms and the retrieved information. Rather, Google assumes that the most popular pages (the ones that are referenced the most often) that include your search terms will be the pages of greatest interest to you. The commercial version of Google is available free of charge on the internet, and organizations can also purchase a version of Google for indexing pages on an intranet. Google also works in many languages. More information about Google as a business solution can be found at http://www.google.com/services/. Although the current version of Google supports many of the requirements for subject-based queries, its focus is quick search and it does not support sophisticated query interfaces, natural language queries, synonyms, or a managed query environment where queries can be saved. There are now numerous software packages available that provide this level of support, many of them as add-on packages to existing applications.

o Name Search®: This software enables applications to find, identify and match information. Specifically, Name Search finds and matches records based on personal and corporate names, social security numbers, street addresses and phone numbers even when those records have variations due to phonetics, missing words, noise words, nicknames, prefixes, keyboard errors or sequence variations. Name Search claims that searches using their rule-based matching algorithms are faster and more accurate than those based only on Soundex or similar techniques. Soundex, developed by Odell and Russell, uses codes based on the sound of each letter to translate a string into a canonical form of at most four characters, preserving the first letter.

Name Search also supports foreign languages, technical data, medical information, and other specialized information. Other problem-specific packages take advantage of the Name Search functionality through an Application Programming Interface (API) (i.e., Name Search is bundled). An example is ISTwatch. See http://www.search-software.com/.

o ISTwatch©: ISTwatch is a software component suite that was designed specifically to search and match individuals against the Office of Foreign Assets Control’s (OFAC’s) Specially Designated Nationals list and other denied parties lists. These include the FBI’s Most Wanted, Canadian’s OSFI terrorist lists, the Bank of England’s consolidated lists and Financial Action Task Force data on money-laundering countries. See

http://www.intelligentsearch.com/ofac_software/index.html

All these tools are packages designed to be included in an application. A final set of subject-based query tools focus on customized search environments. These are tools that have been customized to per- form a particular task or operate within a particular context. One example is WebFountain.

o WebFountain: IBM’s WebFountain began as a research project focused on extending subject- based query techniques beyond free format text to target money-laundering activities identified through web sources. The WebFountain project, a product of IBM’s Almaden research facility in California, used advanced natural language processing technologies to analyze the entire internet – the search covered 256 terabytes of data in the process of matching a structured list of people who were indicted for money laundering activities in the past with unstructured in- formation on the internet. If a suspicious transaction is identified and the internet analysis finds a relationship between the person attempting the transaction and someone on the list, then an alert is issued. WebFountain has now been turned into a commercially available IBM product. Robert Carlson, IBM WebFountain vice president, describes the current content set as over 1 petabyte in storage with over three billion pages indexed, two billion stored, and the ability to mine 20 million pages a day. The commercial system also works across multiple languages. Carlson stated in 2003 that it would cover 21 languages by the end of 2004 [Quint, 2003]. See: http://www.almaden.ibm.com/webfountain

o Memex: Memex is a suite of tools that was created specifically for law enforcement and national security groups. The focus of these tools is to provide integrated search capabilities against both structured (i.e., databases) and unstructured (i.e., documents) data sources. Memex also provides a graphical representation of the process the investigator is following, structuring the subject-based queries. Memex’s marketing literature states that over 30 percent of the intelligence user population of the UK uses Memex. Customers include the Metropolitan Police Service (MPS), whose Memex network that includes over 90 dedicated intelligence servers pro- viding access to over 30,000 officers; the U.S. Department of Defense; numerous U.S. intelligence agencies, drug intelligence Groups and law enforcement agencies. See http://www.memex.com/index.shtml.

A.2.1.2. Pattern queries

Pattern-based queries focus on supporting automated knowledge discovery (1) where the exact subject of interest is not known in advance and (2) where what is of interest is a pattern of activity emerging over time. In order for pattern queries to be formed, the investigator must hypothesize about the patterns in advance and then use tools to confirm or deny these hypotheses. This approach is useful when there is expertise available to make reasonable guesses with respect to the potential patterns. Conversely, when that expertise is not available or the potential patterns are unknown due to extenuating circumstances (e.g., new patterns are emerging too quickly for investigators to formulate hypotheses), then investigators can auto- mate the construction of candidate patterns by formulating a set of rules that describe how potentially interesting, emerging patterns might appear. In either case, tools can help support the production and execution of the pattern queries. The degree of automation is dependent upon the expertise available and the dynamics of the situation being investigated.

As indicated earlier, pattern-based query tools fall into two general categories: those that support investigators in the construction of patterns based on their expertise, then run those patterns against large data sets, and those that allow the investigator to build rules about patterns of interest and, again, run those rules against large data sets.

Examples of tools for each of these categories include

Megaputer (PolyAnalyst 4.6): This tool falls into the first category of pattern-based query tools, helping the investigator hypothesize patterns and explore the data based on those hypotheses. PolyAnalyst is a tool that supports a particular type of pattern-based query called Online Analytical Processing (OLAP), a popular analytical approach for large amounts of quantitative data. Using PolyAnalyst, the investigator defines dimensions of interest to be considered in text exploration and then displays the results of the analysis across various combinations of these dimensions. For example, an investigator could search for mujahideen who had trained at the same Al Qaeda camp in the 1990s and who had links to Pakistani Intelligence as well as opium growers and smuggling networks into Europe. See http://www.megaputer.com/.
Autonomy Suite: Autonomy’s search capabilities fall into the second category of pattern-based query tools. Autonomy has combined technologies that employ adaptive pattern-matching techniques with Bayesian inference and Claude Shannon’s principles of information theory. Autonomy identifies the pat- terns that naturally occur in text, based on the usage and frequency of words or terms that correspond to specific ideas or concepts as defined by the investigator. Based on the preponderance of one pattern over another in a piece of unstructured information, Autonomy calculates the probability that a document in question is about a subject of interest [Autonomy, 2002]. See http://www.autonomy.com/content/home/
Fraud Investigator Enterprise: The Fraud Investigator Enterprise Similarity Search Engine (SSE) from InfoGlide Software is another example of the second category of pattern search tools. SSE uses ana- lytic techniques that dissect data values looking for and quantifying partial matches in addition to exact matches. SSE scores and orders search results based upon a user-defined data model. See http://www.infoglide.com/composite/ProductsF_2_1.htm

Although an evaluation of data sources available for scanning is beyond the scope of this paper, one will serve as an example of the information available. It is hypothesized in this report that tools could be developed to support the search and analysis of Short Message Service (SMS) traffic for confirmation of PIE indicators. Often referred to as ‘text messaging’ in the U.S., the SMS is an integrated message service that lets GSM cellular subscribers send and receive data using their handset. A single short message can be up to 160 characters of text in length – words, numbers, or punctuation symbols. SMS is a store and for- ward service; this means that messages are not sent directly to the recipient but via a network SMS Center. This enables messages to be delivered to the recipient if their phone is not switched on or if they are out of a coverage area at the time the message was sent. This process, called asynchronous messaging, operates in much the same way as email. Confirmation of message delivery is another feature and means the sender can receive a return message notifying them whether the short message has been delivered or not. SMS messages can be sent to and received from any GSM phone, providing the recipient’s network supports text messaging. Text messaging is available to all mobile users and provides both consumers and business people with a discreet way of sending and receiving information
Over 15 billion SMS text messages were sent around the globe in January 2001. Tools taking advantage of the stored messages in an SMS Center could:

Perform searches of the text messages for keywords or phrases,
Analyze SMS traffic patterns, and
Search for people of interest in the Home Location Register (HLR) database that maintains information about the subscription profile of the mobile phone and also about the routing information for the subscriber.

A.2.2. Codification tools

As can be seen from exhibit 6, all codification tools will need to support requirements dictated by where these tools fall within the tool space. Codification tools should focus on:

Supporting individual investigators (or at best a small group of investigators) in making sense of the information discovered during the scanning process.
Moving the terms with which the information is referenced from a localized organizational context (uncoded, e.g., hawala banking) to a more global context (codified, e.g., informal value storage and transfer operations).
Moving that information from specific, concrete examples towards more abstract terms that could support identification of concepts and patterns across multiple situations, thus providing a larger context for the concepts being explored.

Using these criteria as a background, the codification tools reviewed fall into two major categories:

Tools that help investigators label concepts and cluster different concepts into terms that are recognizable and used by the larger analytical community; and
Tools that use this information to build up network maps identifying entities, relationships, missions, etc.

This section briefly describes codification functionality in general, as well as providing specific tool examples, to support both of these types of codification.

A.2.2.1. Labeling and clustering

The first step to codification is to map the context-specific terms used by individual investigators to a taxonomy of terms that are commonly accepted in a wider analytical context. This process is performed through labeling individual terms, clustering other terms and renaming them according to a community- accepted taxonomy.

In general, labeling and clustering tools should:

Support the capture of taxonomies that are being developed by the broader analytical community; Allow the easy mapping of local terms to these broader terms;
Support the clustering process either by providing algorithms for calculating the similarity between concepts, or tools that enable collaborative consensus construction of clustered concepts;
Label and cluster functionality is typically embedded in applications support analytical processes, not provided separately as stand-alone tools.

Two examples of such products include:

COPLINK® – COPLINK began as a research project at the University of Arizona and has now grown into a commercially available application from Knowledge Computing Corporation (KCC). It is focused on providing tools for organizing vast quantities of structured and seemingly unrelated information in the law enforcement arena. See COPLINK’s commercial website at http://www.knowledgecc.com/index.htm and its academic website at the University of Arizona at http://ai.bpa.arizona.edu/COPLINK/.

Megaputer (PolyAnalyst 4.6) – In addition to supporting pattern queries, PolyAnalyst also pro- vides a means for creating, importing and managing taxonomies which could be useful in the codification step and carries out automated categorization of text records against existing taxonomies.

A.2.2.2. Network mapping

Terrorists have a vested interest in concealing their relationships, they often emit confusing or intentionally misleading information and they operate in self-contained and difficult to penetrate cells for much of the time. Criminal networks are also notoriously difficult to map, and the mapping often happens after a crime has been committed than before. What is needed are tools and approaches that support the map- ping of networks to represent agents (e.g., people, groups), environments, behaviors, and the relationships between all of these.

A large number of research efforts and some commercial products have been created to automate aspects of network mapping in general and link analysis specifically. In the past, however, these tools have provided only marginal utility in understanding either criminal or terrorist behavior (as opposed to espionage networks, for which this type of tool was initially developed). Often the linkages constructed by such tools are impossible to disentangle since all links have the same importance. PIE holds the potential to focus link analysis tools by clearly delineating watch points and allowing investigators to differentiate, characterize and prioritize links within an asymmetric threat network. This section focuses on the requirements dictated by PIE and some candidate tools that might be used in the PIE context.

In general, network mapping tools should:

Support the representation of people, groups, and the links between them within the PIE indicator framework;
Sustain flexibility for mapping different network structures;
Differentiate, characterize and prioritize links within an asymmetric threat network;
Focus on organizational structures to determine what kinds of network structures they use;
Provide a graphical interface that supports analysis;
Access and associate evidence with an investigator’s data sources.

Within the PIE context, investigators can use network mapping tools to identify the flows of information and authority within different types of network forms such as chains, hub and spoke, fully matrixed, and various hybrids of these three basic forms.
Examples of network mapping tools that are available commercially include:

Analyst Notebook®: A PC-based package from i2 that supports network mapping/link analysis via network, timeline and transaction analysis. Analyst Notebook allows an investigator to capture link information between people, groups, activities, and other entities of interest in a visual format convenient for identifying relationships, dependencies and trends. Analyst Notebook facilitates this capture by providing a variety of tools to review and integrate information from a number of data sources. It also allows the investigator to make a connection between the graphical icons representing entities and the original data sources, supporting a drill-down feature. Some of the other useful features included with Analyst Note- book are the ability to: 1) automatically order and depict sequences of events even when exact date and time data is unknown and 2) use background visuals such as maps, floor plans or watermarks to place chart information in context or label for security purposes. See http://www.i2.co.uk/Products/Analysts_Notebook/default.asp. Even though i2 Analyst Notebook is widely used by intelligence community, anti-terrorism and law enforcement investigators for constructing network maps, interviews with investigators indicate that it is more useful as a visual aid for briefing rather than in performing the analysis itself. Although some investigators indicated that they use it as an analytical tool, most seem to perform the analysis using either another tool or by hand, then entering the results into the Analyst Notebook in order to generate a graphic for a report or briefing. Finally, few tools are available within the Analyst Notebook to automatically differentiate, characterize and prioritize links within an asymmetric threat network.

Patterntracer TCA: Patterntracer Telephone Call Analysis (TCA) is an add-on tool for the Analyst Notebook intended to help identify patterns in telephone billing data. Patterntracer TCA automatically finds repeating call patterns in telephone billing data and graphically displays them using network and timeline charts. See http://www.i2.co.uk/Products/Analysts_Workstation/default.asp

Memex: Memex has already been discussed in the context of subject-based query tools. In addition to supporting such queries, however, Memex also provides a tool that supports automated link analysis on unstructured data and presents the results in graphical form.

Megaputer (PolyAnalyst 4.6): In addition to supporting pattern-based queries, PolyAnalyst was also designed to support a primitive form of link analysis, by providing a visual relationship of the results.

A.2.3. Abstraction tools

As can be seen from exhibit 6, all abstraction tools will need to support requirements dictated by where these tools fall within the tool space. Abstraction tools should focus on:

Functionalities that help individual investigators (or a small group of investigators) build abstract models;
Options to help share these models, and therefore the tools should be defined using terms that will be recognized by the larger community (i.e., codified as opposed to uncoded);
Highly abstract notions that encourage examination of concepts across networks, groups, and time.

The product of these tools should be hypotheses or models that can be shared with the community to support information exchange, encourage dialogue, and eventually be validated against both real-world data and by other experts. This section provides some examples of useful functionality that should be included in tools to support the abstraction process.

A.2.3.1. Structured argumentation tools

Structured argumentation is a methodology for capturing analytical reasoning processes designed to address a specific analytic task in a series of alternative constructs, or hypotheses, represented by a set of hierarchical indicators and associated evidence. Structured argumentation tools should:

Capture multiple, competing hypotheses of multi-dimensional indicators at both summary and/or detailed levels of granularity;
Develop and archive indicators and supporting evidence;
Monitor ongoing activities and assess the implications of new evidence;
Provide graphical visualizations of arguments and associated evidence;
Encourage a careful analysis by reminding the investigator of the full spectrum of indicators to be considered;
Ease argument comprehension by allowing the investigator to move along the component lines of reasoning to discover the basis and rationale of others’ arguments;
Invite and facilitate argument comparison by framing arguments within common structures; and
Support collaborative development and reuse of models among a community of investigators.
Within the PIE context, investigators can use structured argumentation tools to assess a terrorist group’s ability to weaponize biological materials, and determine the parameters of a transnational criminal organization’s money laundering methodology.

Examples of structured argumentation tools that are available commercially include:

Structured Evidential Argument System (SEAS) from SRI International was initially applied to the problem of early warning for project management, and more recently to the problem of early crisis warning for the U.S. intelligence and policy communities. SEAS is based on the concept of a structured argument, which is a hierarchically organized set of questions (i.e., a tree structure). These are multiple-choice questions, with the different answers corresponding to discrete points or subintervals along a continuous scale, with one end of the scale representing strong support for a particular type of opportunity or threat and the other end representing strong refutation. Leaf nodes represent primitive questions, and internal nodes represent derivative questions. The links represent support relationships among the questions. A derivative question is supported by all the derivative and primitive questions below it. SEAS arguments move concepts from their concrete, local representations into a global context that supports PIE indicator construction. See http://www.ai.sri.com/~seas/.

A.2.3.2. Modeling

By capturing information about a situation (e.g., the actors, possible actions, influences on those actions, etc.), in a model, users can define a set of initial conditions, match these against the model, and use the results to support analysis and prediction. This process can either be performed manually or, if the model is complex, using an automated tool or simulator.
Utilizing modeling tools, investigators can systematically examine aspects of terror-crime interaction. Process models in particular can reveal linkages between the two groups and allow investigators to map these linkages to locations on the terror-crime interaction spectrum. Process models capture the dynamics of networks in a series of functional and temporal steps. Depending on the process being modeled, these steps must be conducted either sequentially or simultaneously in order for the process to execute as de- signed. For example, delivery of cocaine from South America to the U.S. can be modeled as process that moves sequentially from the growth and harvesting of coca leaves through refinement into cocaine and then transshipment via intermediate countries into U.S. distribution points. Some of these steps are sequential (e.g., certain chemicals must be acquired and laboratories established before the coca leaves can be processed in bulk) and some can be conducted simultaneously (e.g., multiple smuggling routes can be utilized at the same time).

Corruption, modeled as a process, should reveal useful indicators of cooperation between organized crime and terrorism. For example, one way to generate and validate indicators of terror-crime interaction is to place cases of corrupt government officials or private sector individuals in an organizational network construct utilizing a process model and determine if they serve as a common link between terrorist and criminal networks via an intent model with attached evidence. An intent model is a type of process model constructed by reverse engineering a specific end-state, such as the ability to move goods and people into and out of a country without interference from law enforcement agencies.

This end-state is reached by bribing certain key officials in groups that supply border guards, provide legitimate import-export documents (e.g., end-user certificates), monitor immigration flows, etc.

Depending on organizational details, a bribery campaign can proceed sequentially or simultaneously through various offices and individuals. This type of model allows analysts to ‘follow the money’ through a corruption network and link payments to officials with illicit sources. The model can be set up to reveal payments to officials that can be linked to both criminal and terrorist involvement (perhaps via individuals or small groups with known links to both types of network).

Thus investigators can use a process model as a repository for numerous disparate data items that, taken together, reveal common patterns of corruption or sources of payments that can serve as indicators of cooperation between organized crime and terrorism. Using these tools, investigators can explore multiple data dimensions by dynamically manipulating several elements of analysis:

Criminal and/or terrorist priorities, intent and factor attributes;
Characterization and importance of direct evidence;
Graphical representations and other multi-dimensional data visualization approaches.

There have been a large number of models built over the last several years focusing on counter- terrorism and criminal activities. Some of the most promising are models that support agent-based execution of complex adaptive environments that are used for intelligence analysis and training. Some of the most sophisticated are now being developed to support the generation of more realistic environments and interactions for the commercial gaming market.

In general, modeling tools should:

Capture and present reasoning from evidence to conclusion;
Enable comparison of information across situation, time, and groups;
Provide a framework for challenging assumptions and exploring alternative hypotheses;
Facilitate information sharing and cooperation by representing hypotheses and analytical judgment, not just facts;
Incorporate the first principle of analysis—problem decomposition;
Track ongoing and evolving situations, collect analysis, and enable users to discover information and critical data relationships;
Make rigorous option space analysis possible in a distributed electronic context;
Warn users of potential cognitive bias inherent in analysis.

Although there are too many of these tools to list in this report, good examples of some that would be useful to support PIE include:

NETEST: This model estimates the size and shape of covert networks given multiple sources with omissions and errors. NETEST makes use of Bayesian updating techniques, communications theory and social network theory [Dombroski, 2002].

The Modeling, Virtual Environments and Simulation (MOVES) Institute at the Naval Postgraduate School in Monterey, California, is using a model of cognition formulated by Aaron T. Beck to build models capturing the characteristics of people willing to employ violence [Beck, 2002].

BIOWAR: This is a city scale multi-agent model of weaponized bioterrorist attacks for intelligence and training. At present the model is running with 100,000 agents (this number will be increased). All agents have real social networks and the model contains real city data (hospitals, schools, etc.). Agents are as realistic as possible and contain a cognitive model [Carley, 2003a].

All of the models reviewed had similar capabilities:

Capture the characteristics of entities – people, places, groups, etc.;
Capture the relationships between entities at a level of detail that supports programmatic construction of processes, situations, actions, etc. these are usually “is a” and “a part of” representations of object-oriented taxonomies, influence relationships, time relationships, etc.;
The ability to represent this information in a format that supports using the model in simulations. The next section provides information on simulation tools that are in common use for running these types of models.
User interfaces for defining the models, the best being graphical interfaces that allow the user to define the entities and their relationships through intuitive visual displays. For example, if the model involves defining networks or influences between entities, graphical displays with the ability to create connections and perform drag and drop actions become important.

A.2.4. Diffusion tools

As can be seen from exhibit 6, all diffusion tools will need to support requirements dictated by where these tools fall within the tool space. Diffusion tools should focus on:

Moving information from an individual or small group of investigators to the collective community;
Providing abstract concepts that are easily understood in a global context with little worry that the terms will be misinterpreted;
Supporting the representation of abstract concepts and encouraging dialogues about those concepts.

In general diffusion tools should:

Provide a shared environment that investigators can access on the internet;
Support the ability for everyone to upload abstract concepts and their supporting evidence (e.g., documents);
Contain the ability for the person uploading the information to be able to attach an annotation and keywords;
Possess the ability to search concept repositories;
Be simple to set up and use.

Within the PIE context, investigators could use diffusion tools to:

Employ a collaborative environment to exchange information, results of analysis, hypotheses, models, etc.;
Utilize collaborative environments that might be set up between law enforcement groups and counterterrorism groups to exchange information on a continual and near real-time basis. Examples of diffusion tools run from one end of the cooperation/dissemination spectrum to the other. One of the simplest to use is:

AskSam: The AskSam Web Publisher is an extension of the standalone AskSam capability that has been used by the analytical community for many years. The capabilities of AskSam Web Publisher include: 1) sharing documents with others who have access to the local net- work, 2) anyone who has access to the network has access to the AskSam archive without the need for an expensive license, and 3) advanced searching capabilities including adding keywords which supports a group’s codification process (see step 2 in exhibit 6 in our analytical process). See http://www.asksam.com/.

There are some significant disadvantages to using AskSam as a cooperation environment. For example, each document included has to be ‘published’. The assumption is that there are only one or two people primarily responsible for posting documents and these people control all documents that are made available, a poor assumption for an analytical community where all are potential publishers of concepts. The result is expensive licenses for publishers. Finally, there is no web-based service for AskSam, requiring each organization to host its own AskSam server.

There are two leading commercial tools for cooperation now available and widely used. Which tool is chosen for a task depends on the scope of the task and the number of users.

Groove: virtual office software that allows small teams of people to work together securely over a network on a constrained problem. Groove capabilities include: 1) the ability for investigators to set up a shared space, invite people to join and give them permission to post documents to a document repository (i.e., file sharing), 2) security including encryption that protects content (e.g., upload and download of documents) and communications (e.g., email and text messaging), investigators can work across firewalls without a Virtual Private Network (VPN) which improves speed and makes it accessible from outside of an intranet, 4) investigators are able to work off-line, then synchronize when they come back on line, 5) includes add- in tools to support cooperation such as calendars, email, text- and voice-based instant messaging, and project management.

Although Groove satisfies most of the basic requirements listed for this category, there are several drawbacks to using Groove for large projects. For example, there is no free format search for text documents and investigators cannot add on their own keyword categories or attributes to the stored documents. This limits Groove’s usefulness as an information exchange archive. In addition, Groove is a fat client, peer-to-peer architecture. This means that all participants are required to purchase a license, download and install Groove on their individual machines. It also means that Groove requires high bandwidth for the information exchange portion of the peer-to-peer updates. See http://www.groove.net/default.cfm?pagename=Workspace.

SharePoint: Allows teams of people to work together on documents, tasks, contacts, events, and other information. SharePoint capabilities include: 1) text document loading and sharing, 2) free format search capability, 3) cooperation tools to include instant messaging, email and a group calendar, and 4) security with individual and group level access control. The TraCCC

team employed SharePoint for this project to facilitate distributed research and document

generation. See http://www.microsoft.com/sharepoint/.
SharePoint has many of the same features as Groove, but there are fundamental underlying differences. Sharepoint’s architecture is server based with the client running in a web browser. One ad- vantage to this approach is that each investigator is not required to download a personal version on a machine (Groove requires 60-80MB of space on each machine). In fact, an investigator can access the SharePoint space from any machine (e.g., at an airport). The disadvantage of this approach is that the investigator does not have a local version of the SharePoint information and is unable to work offline. With Groove, an investigator can work offline, and then resynchronize with the remaining members of the group when the network once again becomes available. Finally, since peer-to-peer updates are not taking place, SharePoint does not necessarily require a high-speed internet access, except perhaps in the case where the investigator would like to upload large documents.

Another significant difference between SharePoint and Groove is linked to the search function. In Groove, the search capability is limited to information that is typed into Groove directly, not to documents that have been attached to Groove in an archive. A SharePoint support not only document searches, but also allows the community of investigators to set up their own keyword categories to help with the codification of the shared documents (again see step 2 from exhibit 6). It should be noted, however, that SharePoint only supports searches for Microsoft documents (e.g., Word, Power- Point, etc.) and not ‘foreign’ document formats such as PDF. This fact is not surprising given that SharePoint is a Microsoft tool.

SharePoint and Groove are commercially available cooperation solutions. There are also a wide variety of customized cooperation environments now appearing on the market. For example:

WAVE Enterprise Information Integration System– Modus Operandi’s Wide Area Virtual Environment (WAVE) provides tools to support real-time enterprise information integration, cooperation and performance management. WAVE capabilities include: 1) collaborative workspaces for team-based information sharing, 2) security for controlled sharing of information, 3) an extensible enterprise knowledge model that organizes and manages all enterprise knowledge assets, 4) dynamic integration of legacy data sources and commercial off-the-shelf (COtS) tools, 5) document version control, 6) cooperation tools, including discussions, issues, action items, search, and reports, and 7) performance metrics. WAVE is not a COtS solution, however. An organization must work with Modus Operandi services to set up a custom environment. The main disadvantage to this approach as opposed to Groove or SharePoint is cost and the sharing of information across groups. See http://www.modusoperandi.com/wave.htm.

Finally, many of the tools previously discussed have add-ons available for extending their functionality to a group. For example:

iBase4: i2’s Analyst Notebook can be integrated with iBase4, an application that allows investigators to create multi-user databases for developing, updating, and sharing the source information being used to create network maps. It even includes security to restrict access or functionality by user, user groups and data fields. It is not clear from the literature, but it appears that this functionality is restricted to the source data and not the sharing of network maps generated by the investigators. See http://www.i2.co.uk/Products/iBase/default.asp

The main disadvantage of iBase4 is its proprietary format. This limitation might be somewhat mitigated by coupling iBase4 with i2’s iBridge product which creates a live connection between legacy databases, but there is no evidence in the literature that i2 has made this integration.

A.2.5. Validation tools

As can be seen from exhibit 6, all validation tools will need to support requirements dictated by where these tools fall within the tool space. Validation tools should focus on:

Providing a community context for validating the concepts put forward by the individual participants in the community;
Continuing to work within a codified realm in order to facilitate communication between different groups articulating different perspectives;
Matching abstract concepts against real world data (or expert opinion) to determine the validity of the concepts being put forward.

Using these criteria as background, one of the most useful toolsets available for validation are simulation tools. This section briefly describes the functionality in general, as well as providing specific tool examples, to support simulations that ‘kick the tires’ of the abstract concepts.

Following are some key capabilities that any simulation tool must possess:

Ability to ingest the model information that has been constructed in the previous steps in the

analytical process;

Access to a data source for information that might be required by the model during execution;

Users need to be able to define the initial conditions against which the model will be run;
The more useful simulators allow the user to “step through” the model execution, examining

variables and resetting variable values in mid-execution;

Ability to print out step-by-step interim execution results and final results;
Change the initial conditions and compare the results against prior runs.

Although there are many simulation tools available, following are brief descriptions of some of the most promising:

Online iLink: An optional application for i2’s Analyst Notebook that supports dynamic up- date of Analyst Notebook information from online data sources. Once a connection is made with an on-line source (e.g., LexisNexistM, or D&B®) Analyst Notebook uses this connection to automatically check for any updated information and propagates those updates throughout to support validation of the network map information. See http://www.i2inc.com.

One apparent drawback with this plug-in is that Online iLink appears to require that the line data provider deploy i2’s visualization technology.

NETEST: A research project from Carnegie Mellon University, which is developing tools

that combine multi-agent technology with hierarchical Bayesian inference models and biased net models to produce accurate posterior representations of terrorist networks. Bayesian inference models produce representations of a network’s structure and informant accuracy by combining prior network and accuracy data with informant perceptions of a network. Biased net theory examines and captures the biases that may exist in a specific network or set of net- works. Using NETEST, an investigator can estimate a network’s size, determine its member- ship and structure, determine areas of the network where data is missing, perform cost/benefit analysis of additional information, assess group level capabilities embedded in the network, and pose “what if” scenarios to destabilize a network and predict its evolution over time [Dombroski, 2002].

REcursive Porous Agent Simulation toolkit (REPAST): A good example of the free, open-source toolkits available for creating agent-based simulations. Begun by the University of Chicago’s social sciences research community and later maintained by groups such as Argonne National Laboratory, Repast is now managed by the non-profit volunteer Repast Organization for Architecture and Development (ROAD). Some of Repast’s features include: 1) a variety of agent templates and examples (however, the toolkit gives users complete flexibility as to how they specify the properties and behaviors of agents), 2) a fully concurrent discrete event scheduler (this scheduler supports both sequential and parallel discrete event operations), 3) built-in simulation results logging and graphing tools, 4) an automated Monte Carlo simulation framework, 5) allows users to dynamically access and modify agent properties, agent behavioral equations, and model properties at run time, 6) includes libraries for genetic algorithms, neural networks, random number generation, and specialized mathematics, and 7) built-in systems dynamics modeling.

More to the point for this investigation, Repast has social network modeling support tools. The Repast website claims that “Repast is at the moment the most suitable simulation framework for the applied modeling of social interventions based on theories and data,” [Tobias, 2003]. See http://repast.sourceforge.net/.

A.2.6. Impacting tools

As can be seen from exhibit 6, all impacting tools will need to support requirements dictated by where these tools fall within the tool space. Impacting tools should focus on:

Helping law enforcement and intelligence practitioners understand the implications of their validated models. For example, what portions of the terror-crime interaction spectrum are relevant in various parts of the world, and what is the likely evolutionary path of this phenomenon in each specific geographic area?

Support for translating abstracted knowledge into more concrete local execution strategies. The information flows feeding the scanning process, for example, should be updated based on the results of mapping local events and individuals to the terror-crime interaction spectrum. Watch points and their associated indicators should be reviewed, updated and modified. Probes can be constructed to clarify remaining uncertainties in specific situations or locations.

The following general requirements have been identified for impacting tools:

Probe management software to help law enforcement investigators and intelligence community analysts plan probes against known and suspected transnational threat entities, monitor their execution, map their impact, and analyze the resultant changes to network structure and operations.
Situational assessment software that supports transnational threat monitoring and projection. Data fusion and visualization algorithms that portray investigators’ current understanding of the nature and extent of terror-crime interaction, and allow investigators to focus scarce collection and analytical resources on the most threatening regions and networks.

Impacting tools are only just beginning to exit the laboratory, and none of them can be considered ready for operational deployment. This type of functionality, however, is being actively pursued within the U.S. governmental and academic research communities. An example of an impacting tool currently under development is described below:

DyNet – A multi-agent network system designed specifically for assessing destabilization strategies on dynamic networks. A knowledge network (e.g., a hypothesized network resulting from Steps 1 through 5 of Boisot’s I-Space-driven analytical process) is given to DyNet as input. In this case, a knowledge network is defined as an individual’s knowledge about who they know, what resources they have, and what task(s) they are performing. The goal of an investigator using DyNet is to build stable, high performance, adaptive networks with and conduct what-if analysis to identify successful strategies for destabilizing those net- works. Investigators can run sensitivity tests examining how differences in the structure of the covert net- work would impact the overall ability of the network to respond to probe and attacks on constituent nodes. [Carley, 2003b]. See the DyNet website hosted by Carnegie Mellon University at http://www.casos.cs.cmu.edu/projects/DyNet/.

A.3. Overall tool requirements

This appendix provides a high-level overview of PIE tool requirements:

Easy to put information into the system and get information out of it. The key to the successful use of many of these tools is the quality of the information that is put into them. User interfaces have to be easy to use, context based, intuitive, and customizable. Otherwise, investigators soon determine that the “care and feeding” of the tool does not justify the end product.
Reasonable response time: The response time of the tool needs to match the context. If the tool is being used in an operational setting, then the ability to retrieve results can be time- critical–perhaps a matter of minutes. In other cases, results may not be time-critical and days can be taken to generate results.
Training: Some tools, especially those that have not been released as commercial products, may not have substantial training materials and classes available. When making a decision regarding tool selection, the availability and accessibility of training may be critical.

Ability to integrate with the enterprise resources: There are many cases where the utility of the tool will depend on its ability to access and integrate information from the overall enterprise in which the investigator is working. Special-purpose tools that require re-keying of information or labor-intensive conversions of formats should be carefully evaluated to determine the man- power required to support such functions.

Support for integration with other tools: Tools that have standard interfaces will act as force multipliers in the overall analytical toolbox. At a minimum, tools should have some sort of a developer’s kit that allows the creation of an API. In the best case, a tool would support some generally accepted integration standard such as web services.
Security: Different situations will dictate different security requirements, but in almost all cases some form of security is required. Examples of security include different access levels for different user populations. The ability to be able to track and audit transactions, linking them back to their sources, will also be necessary in many cases.
Customizable: Augmenting usability, most tools will need to support some level of customizability (e.g., customizable reporting templates).
Labeling of information: Information that is being gathered and stored will need to be labeled (e.g., for level of sensitivity or credibility).
Familiar to the current user base: One characteristic in favor of any tool selected is how well the current user base has accepted it. There could be a great deal of benefit to upgrading existing tools that are already familiar to the users.
Heavy emphasis on visualization: To the greatest extent possible, tools should provide the investigator with the ability to display different aspects of the results in a visual manner.
Support for cooperation: In many cases, the strength of the analysis is dependent on leveraging cross-disciplinary expertise. Most tools will need to support some sort of cooperation.

A.4. Bibliography and Further Reading

Autonomy technology White Paper, Ref: [WP tECH] 07.02. This and other information documents about Autonomy may be downloaded after registration from http://www.autonomy.com/content/downloads/

Beck, Aaron T., “Prisoners of Hate,” Behavior research and therapy, 40, 2002: 209-216. A copy of this article may be found at http://mail.med.upenn.edu/~abeck/prisoners.pdf. Also see Dr. Beck’s website at http://mail.med.upenn.edu/~abeck/ and the MOVES Institute at http://www.movesinstitute.org/.

Boisot, Max and Ron Sanchez, “the Codification-Diffusion-Abstraction Curve in the I-Space,” Economic Organization and Nexus of Rules: Emergence and the Theory of the Firm, a working paper, the Universitat Oberta de Catalunya, Barcelona, Spain, May 2003.

Carley, K. M., D. Fridsma, E. Casman, N. Altman, J. Chang, B. Kaminsky, D. Nave, & Yahja, “BioWar: Scalable Multi-Agent Social and Epidemiological Simulation of Bioterrorism Events” in Proceedings from the NAACSOS Conference, 2003. this document may be found at http://www.casos.ece.cmu.edu/casos_working_paper/carley_2003_biowar.pdf

Carley, Kathleen M., et. al., “Destabilizing Dynamic Covert Networks” in Proceedings of the 8th International Command and Control Research and technology Symposium, 2003. Conference held at the National Defense War College, Washington, DC. This document may be found at http://www.casos.ece.cmu.edu/resources_others/a2c2_carley_2003_destabilizing.pdf

Collier, N., Howe, T., and North, M., “Onward and Upward: the transition to Repast 2.0,” in Proceedings of the First Annual North American Association for Computational Social and Organizational Science Conference, Electronic Proceedings, Pittsburgh, PA, June 2003. Also, read about REPASt 3.0 at the REPASt website: http://repast.sourceforge.net/index.html

DeRosa, Mary, “Data Mining and Data Analysis for Counterterrorism,” CSIS Report, March 2004. this document may be purchased at http://csis.zoovy.com/product/0892064439

Dombroski, M. and K. Carley, “NETEST: Estimating a Terrorist Network’s Structure,” Journal of Computational and Mathematical Organization theory, 8(3), October 2002: 235-241.
http://www .casos.ece.cmu.edu/conference2003/student_paper/Dombroski.pdf

Farah, Douglas, Blood from Stones: The Secret Financial Network of Terror, New York: Broadway Books, 2004.

Hall, P. and G. Dowling, “Approximate string matching,” Computing Surveys, 12(4), 1980: 381-402. For more information on phonetic string matching see http://www.cs.rmit.edu.au/~jz/fulltext/sigir96.pdf. A good summary of the inherent limitations of Soundex may be found at http://www.las-inc.com/soundex/?source=gsx.

Lowrance, J.D., Harrison, I.W., and Rodriguez, A.C., “Structured Argumentation for Analysis,” Proceedings of the 12th Inter- national Conference on Systems Research, Informatics, and Cybernetics, (August 2000).

Quint, Barbara, “IBM’s WebFountain Launched – the Next Big Thing?” September 22, 2003 – from the Information today, Inc. website at http://www.infotoday.com/newsbreaks/nb030922-1.shtml Also see IBM’s WebFountain website at http://www.almaden.ibm.com/webfountain/ and the WebFountain Application Development Guide at
http://www .almaden.ibm.com/webfountain/resources/sg247029.pdf.

Shannon, Claude, “A mathematical theory of communication,” Bell System technical Journal, (27), July and October 1948: 379- 423 and 623-656.

Tobias, R. and C. Hofmann, “Evaluation of Free Java-libraries for Social-scientific Agent Based Simulation,” Journal of Artificial Societies and Social Simulation, University of Surrey, 7(1), January 2003 may be found at http://jasss.soc.surrey.ac.uk/7/1/6.html.

Notes from Networking Futures: The Movements against Corporate Globalization

Networking Futures: The Movements against Corporate Globalization by Jeffrey S. Juris

Barcelona has emerged as a critical node, as Catalans have played key roles within the anarchist inspired Peoples’ Global Action (PGA) and the World Social Forum (WSF) process, both of which unite diverse movements in opposition to corporate globalization. Anti–corporate globalization movements involve an increasing confluence among network technologies, organizational forms, and political norms, mediated by concrete networking practices and micropolitical struggles. Activists are thus not only responding to growing poverty, inequality, and environmental devastation; they are also generating social laboratories for the production of alternative democratic values, discourses, and practices.

Computer supported networks, including activist media projects, Listservs, and websites, were mobilizing hundreds of thousands of protesters, constituting “transnational counterpublics” (Olesen 2005) for the diffusion of alternative information. Indeed, media activism and digital networking more generally had become critical features of a transnational network of movements against corporate globalization, involving what Peter Waterman (1998) calls a “communications internationalism.” Moreover, emerging networking logics were changing how grassroots movements organize, and were inspiring new utopian imaginaries involving directly democratic models of social, economic, and political organization coordinated at local, regional, and global scales.

Jeff : How is PGA going?
Laurent: It’s the most interesting political process I’ve ever been a part of, but it’s kind of ambiguous.

Jeff : What do you mean?
Laurent: Well, you never really know who is involved.
Jeff : How can that be?
Laurent: It’s hard to pin down because no one can speak for PGA, and the ones who are most involved sometimes don’t even think they are part of it!

I really wanted to study the networks behind these demonstrations during their visible and “submerged” phases (Melucci 1989). It seemed that if activists wanted to create sustainable movements, it was important to learn how newly emerging digitally powered networks operate and how periodic mass actions might lead to long term social transformation. After several days, I finally realized what should have been apparent all along: my focus was not really a specific network, but rather the concrete practices through which such networks are constituted. Indeed, contemporary activist networks are fluid processes, not rigid structures. I would thus conduct an ethnographic study of transnational networking prac tices and the broader cultural logics, shaped by ongoing interactions with new digital technologies, that generate them.

To answer these questions, I turned to the traditional craft of the anthropologist: long term participant observation within and among activist networks themselves.

“Anti-globalization” is not a particularly apt label for a movement that is internationalist in perspective, organizes through global communication net works, and whose participants travel widely to attend protests and gatherings. Moreover, most activists do not oppose globalization per se, but rather corporate globalization, understood as the extension of corporate power around the world, undermining local communities, democracy, and the environment.

they [anti-globalization activists] are specifically challenging a concrete political and eco nomic project and a discourse that denies the possibility of an alternative (Weiss 1998). In examining anti–corporate globalization movements, it is thus important to consider how globalization operates along several distinct registers.

At the broadest level, globalization refers to a radical reconfiguration of time and space. It is thus a multidimensional process encompassing economic, social, cultural, and political domains.8 With respect to the economic sphere, the current phase of globalization features several defining characteristics.9 First, there has been an unprecedented rise in the scope and magnitude of global finance capital facilitated by digital technologies and market deregulation. Second, economic production and distribution are increasingly organized around decentralized global networks, leading to high volume, flexible, and custom commercialization. Finally, the global economy now has the capability to operate as a single unit in real time. More generally, contemporary globalization generates complex spatial patterns as flows of capital, goods, and people have come unbound, even as they are reinscribed within concrete locales.

globalization also provides a concrete enemy and symbolic framework, generating metonymic links among diverse struggles. In this sense, anti–corporate globalization networks such as PGA or the WSF help forge a global frame of reference. As the PGA slogan declares: “May the struggle be as transnational as capital!”

Neo liberal projects have facilitated the penetration of corporate capitalism across space, bringing new areas into global production, consumption, and labor circuits while commodifying healthcare, education, the environment, and even life itself.

At least since the Zapatista uprising against the Mexican government on January 1, 1994, the day the North American Free Trade Agreement (NAFTA) went into effect, activists have forged an alter native project of “grassroots globalization” (Appadurai 2000), combining placed based resistance and transnational networking (cf. Escobar 2001). Anti–corporate globalization movements have mounted a highly effective symbolic challenge to the legitimacy of neoliberalism. As the former World Bank chief economist Joseph Stiglitz (2002) suggests: “Until protesters came along there was little hope for change and no outlets for complaint. . . . It is the trade unionists, students, and environmentalists—ordinary citizens— marching in the streets of Prague, Seattle, Washington, and Genoa who have put the need for reform on the agenda of the developed world” (9).

Stiglitz is not alone among global elites in supporting activist demands. The international financier George Soros has consistently denounced “market fundamentalism” while the Harvard economist Jeffrey Sachs has been a vocal critic of the Bretton Woods institutions. Moreover, leftist political parties in France, Spain, Italy, Brazil, and elsewhere have embraced the popular slogan of the World Social Forum: “Another World Is Possible.”

this book is not about the politics of globalization. Rather, it explores emerging forms of organization among anti–corporate globalization movements, particularly in light of recent social, economic, and technological transformations. Although the activists explored in this book seek to influence contemporary political debates, they are also experimenting with new organizational and technological practices.

The rise of new digital technologies has profoundly altered the social movement landscape. Activists can now link up directly with one another, communicating through global communications networks without the need for a central bureaucracy. In what follows, I examine how activists are building local, regional, and global networks that are both instrumental and prefigurative, facilitating concrete political interventions while reflecting activists’ emerging utopian ideals.1

the world and regional social forums and other grassroots networking processes have increasingly come to the fore. Although not as spectacular as direct actions, these projects have provided relatively sustainable platforms for generating alternative ideas, discourses, and practices, allowing activists to pursue their strategic and prefigurative goals in more lasting ways.

Technology, Norm, and form

Shortly after the Bolshevik revolution, the Russian anarchist Voline outlined a bold vision for an alternative, directly democratic society: “Of course . . . society must be organized. . . . the new organization . . . must be established freely, socially, and, above all, from below. The principle of organization must not issue from a center created in advance to capture the whole and impose it self upon it but on the contrary, it must come from all sides to create nodes of coordination, natural centers to serve all these points.” What strikes today’s reader about this passage is its resonance with the contemporary discourse of activist networking. Although the top down Leninist model of organization won out in the Soviet Union, consolidating a revolutionary paradigm that would be exported around the world, the past few decades have witnessed a resurgence of decentralized, networked organization and utopian visions of autonomy and grassroots counterpower. As we will see, these emerging network forms and imaginaries have been greatly facilitated by the rise of new digital technologies. Shaped by the networking logic of the Internet and broader dynamics associated with late capitalism, social movements are increasingly organized around flexible, distributed network forms (Castells 1997; cf. Bennett 2003; Hardt and Negri 2004). Observers have pointed to the rise of “social netwars” (Arquilla and Ronfeldt 2001) or an “electronic fabric of struggle” (Cleaver 1995), but such abstract depictions tell us little about concrete networking practices.

This book outlines a practice based approach to the study of networks, linking structure and practice to larger social, economic, and technological forces.20 I employ the term “cultural logic of networking” as a way to conceive the broad guiding principles, shaped by the logic of informational capitalism, that are internalized by activists and generate concrete networking practices.21 Networking logics specifically entail an embedded and embodied set of social and cultural dispositions that orient actors toward (1) the building of horizontal ties and connections among diverse autonomous elements, (2) the free and open circulation of information, (3) collaboration through decentralized coordination and consensus based decision making, and (4) self-directed networking. At the same time, networking logics represent an ideal type. As we shall see, they are unevenly distributed in practice and always exist in dynamic tension with other competing logics, generating a complex “cultural politics of networking” within particular spheres.

In what follows, I argue that anti–corporate globalization movements involve a growing confluence among networks as computer supported infrastructure (technology), networks as organizational structure (form), and networks as political model (norm), mediated by concrete activist practice. Computer networks provide the technological infrastructure for the emergence of transnational social movements, constituting arenas for the production and dissemination of activist discourses and practices. These networks are in turn produced and transformed by the discourses and practices circulating through them.24 Such communication flows follow distinct trajectories, reproducing existing networks or generating new formations. Contemporary social movement networks are thus “self-reflexive” (Giddens 1991), constructed through communicative practice and struggle. Beyond social morphology, the network has also become a powerful cultural ideal, particularly among more radical activists, a guiding logic that provides a model of, and model for, emerging forms of directly democratic politics.

contemporary norms and forms are shaped by technological change and, further, how they reflect emerging utopian imaginaries.

Computer-Supported Social Movements

Although the wide spread proliferation of individualized, loosely bounded, and fragmentary social networks predates cyberspace, computer mediated communication has reinforced such trends, allowing communities to sustain interactions across vast distances. The Internet is also being incorporated into more routine aspects of daily social life as virtual and physical activities are increasingly integrated. The Internet thus facilitates global connectedness even as it strengthens local ties.

Building on the pioneering use of digital technologies by the Zapatistas, as well as early free trade campaigns, anti–corporate globalization activists have used computer networks to organize actions and mobilizations, share information and resources, and coordinate campaigns by communicating at a distance.

Computer mediated communication is thus most effective when it is moderated, clearly focused, and used together with traditional modes of communication. Accordingly, activists generally use email to stay informed about activities and perform concrete logistical tasks, while complex planning, political discussions, and relationship building occur within physical settings.

Network-Based organizational Forms

Beyond providing a technological medium, the Internet’s reticulate structure reinforces network-based organizational forms.

Networking logics have given rise to what many activists in Spain and Catalonia refer to as a “new way of doing politics.” By this they mean a mode of organizing involving horizontal coordination among autonomous groups, grassroots participation, consensus decision making, and the free and open exchange of information, although, as we shall see, this ideal is not always conformed to in practice. While the command-oriented logic of traditional parties and unions involves recruiting new members, developing unified strategies, pursuing political hegemony, and organizing through representative structures, network politics revolve around the creation of broad umbrella spaces, where diverse collectives, organizations, and networks converge around a few common principles while preserving their autonomy and identity based specificity. The objective becomes enhanced “connectivity” and horizontal expansion by articulating diverse movements within flexible, decentralized information structures that facilitate transnational coordination and communication. Key “activist hackers” (Nelson 1999) operate as relayers and exchangers, receiving, interpreting, and routing information to diverse net work nodes. Like computer hackers, activist hackers combine and recombine cultural codes—in this case political signifiers, sharing information about projects, mobilizations, strategies, and tactics within global communication networks.33

At the same time, discourses of open networking often conceal other forms of exclusion based on unequal access to information or technology. As a grassroots activist from India suggested to me at the 2002 WSF in Porto Alegre, “It’s not enough to talk about networks; we also have to talk about democracy and the distribution of power within them.”

what many observers view as a single, unified anti– corporate globalization movement is actually a congeries of competing yet sometimes overlapping social movement networks that differ according to is sue addressed, political subjectivity, ideological framework, political culture, and organizational logic.

Social movements are complex fields shot through with internal differentiation (Burdick 1995). Struggles within and among specific movement net works shape how they are produced, how they develop, and how they relate to one another within broader movement fields. Cultural struggles involving ideology (anti-globalization versus anticapitalism), strategies (summit hopping versus sustained organizing), tactics (violence versus nonviolence), organizational form (structure versus non-structure), and decision making (consensus versus voting), or what I refer to as the cultural politics of networking, are enduring features of anti–corporate globalization landscapes. In the following chapters, I thus emphasize culture, power, and internal conflict.34 As we shall see, discrepant organizational logics often lead to heated struggles within broad “convergence spaces” (Routledge 2003), including the “unitary” campaigns against the World Bank and EU in Barcelona or the World Social Forum process more generally.

Networks as Emerging Ideal

Expanding and diversifying networks is more than a concrete organizational objective; it is also a highly valued political goal. The self-produced, self-developed, and self-managed network becomes a widespread cultural ideal, providing not only an effective model of political organizing but also a model for reorganizing society as a whole.

The dominant spirit behind this emerging political praxis can broadly be defined as anarchist, or what activists in Barcelona refer to as libertarian.35 Classic anarchist principles such as autonomy, self management, federation, direct action, and direct democracy are among the most important values for today’s radicals, who increasingly identify as anticapitalist, antiauthoritarian, or left libertarian.

These emerging political subjectivities are not necessarily identical to anarchism in the strict ideological sense. Rather, they share specific cultural affinities revolving around the values associated with the network as an emerging political and cultural ideal: open access, the free circulation of information, self-management, and coordination based on diversity and autonomy.

In a similar vein, Arturo Escobar (2004) has drawn on complexity theory to argue that anti–corporate globalization movements are emergent in that “the actions of multiple agents interacting dynamically and following local rules rather than top down commands result in visible macrobehavior or structures” (222).36 This is a compelling depiction of how anti–corporate globalization networks operate from a distance, but a slightly different perspective emerges when we engage in activist networking firsthand. Transnational networking requires a great deal of communicative work and struggle. Complexity theory provides a useful metaphor, but given its emphasis on abstract self -organizing systems, it tends to obscure micropolitical practices.

activists increasingly express their emerging utopian imaginaries directly through concrete organizational and technological practice. As Geert Lovink (2002) suggests, “Ideas that matter are hardwired into software and network architectures” (34). This helps to explain why ideological debates are often coded as conflicts over organizational process and form.

Networks are not inherently democratic or egalitarian, and they may be used for divergent ends. The network technologies and forms explored in this book were initially developed as a strategy for enhancing coordination, scale, and efficiency in the context of post-Fordist capital accumulation. As we are reminded nearly every day, terror and crime outfits increasingly operate through global networks as well.

while networks more generally are not necessarily democratic or egalitarian, their distributed structure does suggest a potential affinity with egalitarian values—including flat hierarchies, horizontal relations, and decen tralized coordination—which activists project back onto network technolo gies and forms.

What many activists now call “horizontalism” is best understood as a guiding vision, not an empirical depiction

Multiscalar ethnography

I specifically employ two tracking strategies: fol lowing activists to mobilizations and gatherings, and monitoring discourses and debates through electronic networks.

During my time in the field, I employed diverse ethnographic methods. First, I conducted participant observation among activists at mass mobilizations, actions, and gatherings; meetings and organizing sessions; and in formal social settings. Second, I made extensive use of the Internet, which allowed me to participate in and follow planning, coordinating, and political discussions within Catalan, Spanish, and English language Listservs based in Europe, Latin America, and North America. Third, I conducted seventy qual itative interviews with Barcelona based activists from diverse backgrounds. Fourth, I collected and examined movement related documents produced for education, publicity, and outreach, including flyers, brochures, reports, and posters. Finally, I also collected articles and texts within mainstream and alternative media.

Practicing Militant ethnography

The ethnographic methodology developed here, which I call “militant ethnography,” is meant to address what Wacquant (1992) calls the “intellectual bias”: how our position as outside observer “entices us to construe the world as a spectacle, as a set of significations to be interpreted rather than as concrete problems to be solved practically” (39). The tendency to position oneself at a distance and treat social life as an object to decode rather than entering the flow and rhythm of ongoing social interaction hinders our ability to understand social practice.45 To grasp the concrete logic generating specific practices, one has to become an active participant. With respect to social movements, this means organizing actions and workshops, facilitating meetings, weighing in during strategic and tactical debates, staking out political positions, and put ting one’s body on the line during direct actions. Simply taking on the role of “circumstantial activist” (Marcus 1995) is not sufficient; one has to build long term relationships of commitment and trust, become entangled with complex relations of power, and live the emotions associated with directaction organizing and transnational networking. Militant ethnography thus refers to ethnographic research that is not only politically engaged but also collaborative, thus breaking down the divide between researcher and object.46

Furthermore, militant ethnography also generates embodied and affective understanding. As anyone who has participated in mass direct actions or demonstrations can attest, such events produce powerful emotions, involving alternating sensations of anticipation, tension, anxiety, fear, terror, solidarity, celebration, and joy. These affective dynamics are not incidental; they are central to sustained processes of movement building and activist networking. In this sense, I use my body as a research tool, particularly during moments of intense passion and excitement, to generate what Deidre Sklar (1994) calls “kinesthetic empathy.”47

militant ethnography can provide tools for activist (self) reflection and decision making while remaining pertinent for broader aca demic audiences. I thus hope to contribute to strategic debates, but always from the partial and situated position of the militant ethnographer.

Practicing militant ethnography can thus help activists carry out their own ethnographic research.

For Burdick, this involves supporting movements in their efforts to reach out to a wider audience. But it might also mean helping activists analyze di verse movement sectors, understand how they operate, and learn how to most effectively work together.

Militant ethnography thus includes three interrelated modes: (1) collective reflection and visioning about movement practices, logics, and emerging cultural and political models; (2) collective analysis of broader social processes and power relations that affect strategic and tactical decision making; and (3) collective ethnographic reflection about diverse movement networks, how they interact, and how they might better relate to broader constituencies. Each of these levels involves engaged, practice based, and politically committed re search carried out in horizontal collaboration with social movements.

those of us within the academy can use writing and publishing as a form of resistance, working within the system to generate alternative politically engaged accounts.

The Book ahead

the genealogy of diverse processes that converged there, including grassroots struggles in the Global South, studentbased anticorporate activism, campaigns against structural adjustment and free trade, anarchist inspired direct action, and global Zapatista solidarity networks. I then go on to trace the growth and expansion of anti–corporate globalization movements after Seattle, before concluding with an analysis of their major defining characteristics.

The conflict between networking and traditional command logics forms part of a broader series of struggles involving competing visions, ideologies, and practices, leading to a complex pattern of shifting alliances driven by networking politics at local, regional, and global scales.

Notes from The War of All the People: The Nexus of Latin American Radicalism and Middle Eastern Terrorism

The War of All the People: The Nexus of Latin American Radicalism and Middle Eastern Terrorism

by Jon B. Perdue, Stephen Johnson

Jon B. Perdue is the author of The War of All the People: The Nexus of Latin American Radicalism and Middle Eastern Terrorism, published by Potomac Books in August 2012. Mr. Perdue was also the editor and wrote the foreword to the book Rethinking the Reset Button: Understanding Contemporary Russian Foreign Policy by former Soviet Central Committee member and defector Evgeni Novikov. He also contributed a chapter to the book Iran’s Strategic Penetration of Latin America (Lexington Books, 2014).

Perdue also serves as an instructor and lecturer on peripheral asymmetric warfare, strategic communication and counterterrorism strategy. He is credited with coining the term “preclusionary engagement,” a strategy of counterterrorism that focuses on combined, small-unit operations that can be conducted with a much smaller footprint prior to or in the early stages of conflict against a threatening enemy, in order to preclude the necessity of much larger operations, which are far more difficult in terms of costs and casualties, once the conflict has escalated due to the lack of a forceful resistance.

Mr. Perdue’s articles have been published in the Washington Times, Investor’s Business Daily, the Miami Herald, the Atlanta Journal-Constitution and a number of newspapers in Latin America. Perdue served as an international election observer in the historic elections in Honduras in 2009 and as an expert witness in a precedent-setting human rights trial in Miami-Dade Circuit Court in 2010. He has served as a security analyst for NTN24, a Latin America-based satellite news channel, and CCTV, a 24-hour English-language news channel based in China.

For most of the past decade Mr. Perdue has served as the Director of Latin America programs for the Fund for American Studies in Washington, DC, and as a Senior Fellow for the Center for a Secure Free Society. He also serves on the boards of the Americas Forum in Washington, DC and the Fundación Democracia y Mercado in Santiago, Chile. He has worked unofficially on three presidential campaigns, contributing foreign policy and counterterrorism policy advice.

Preface

As Edward Gibbon hypothesized despite its greatness and the quantum leap in human achievement and prosperity that it wrought, Rome fell after being pushed – but it requires little force to topple what had already been hollowed from within. Rome fell when Romans lost the desire and the ability to defend it.

The American republic has survived the buffeting winds of war and governmental caprice to stand as the sole remaining superpower. Its principal threat is no longer from rival nation-states but from a multitude of smaller subversions.

As the military strategist Bernard Brodie noted, “good strategy presumes good anthropology and sociology. Some of the greatest military blinders of all time have resulted from juvenile evaluations in this department.

What still challenges the United States today is the pervasive lack of seriousness that prevents those agencies tasked with defending the homeland from being able to even name the enemy that we face. It illustrates a failure of will to claim the legitimacy that we have sacrificed so much to attain and an infections self-consciousness that has no basis in realpolitik.

More than any failed strategy or improper foreign policy, it is this American self-consciousness that is the topsoil for the growth of anti-American terrorism worldwide.

It is foolhardy to allow our enemies to paralyze our will to fight by defining American foreign policy as some new form of imperialism or hegemony. The desire for human freedom, lamentably, is not an expansionist impulse.

Introduction

“The War of All the People” is the doctrine of asymmetrical and political warfare that has been declared against the United States, Western civilization, and most of the generally accepted tenants of modernity. At its helm today are Hugo Chavez of Venezuela and Mahmoud Ahmadinejad of Iran – two self-described “revolutionary” leaders hell-bent on the destruction of capitalism and what they call “U.S. hegemony” throughout the world.

In October 2007 the two announced the creation of a “global progressive front” in the first of a series of joint projects designed to showcase “the ideological kinship of the left and revolutionary Islam.” Ahmadinejad would promote the theme on state visits to Venezuela, Nicaragua, and Bolivia, highlighting what he called “the divine aspect of revolutionary war”.

Declaring his own war against “imperialism,” Chavez aims to supplant U.S. dominance in the hemisphere with so-called 21^st Century Socialism.

(2)

The Castro regime adopted the War of All the People doctrine from Viet Minh general Vo Nguyen Giap, who began publishing the military theories of Ho Chi Ming along with his own (much of it adapted from the theories of Mao Zedong) in the 1960s.

Giap’s most thorough examination of the tenets of a “people’s war” was put forth in his book To Arm the Revolutionary Masses: To Build the People’s Army, published in 1975.

(8)

What makes the current threat different is its stealthy, asymmetrical nature. The doctrine has been adapted to avoid the missteps made during the days of Soviet expansionism and has instead focused on the asymmetrical advantages that unfree states enjoy over free ones. While the United States enjoys a free press, it has no equivalent to the now-globalized state-run propaganda operations that unfree states utilize to attack the legitimacy of free ones.

…oil-rich states like Venezuela and Libya have been able to leverage their petrodollars to buy influence in those organizations and by corrupting weaker states to do their bidding on the world stage. These regimes have also formed new alliances around “revolutionary” and “anti-imperialist” ideology in order to coordinate their efforts against the ideals of the West.

(10)

Peripheral warfare conducted by Chavez also includes the use of “ALBA houses,” ostensible medical offices for the poor that serve as recruitment and indoctrination centers for his supporters in neighboring countries… ALBA houses are modeled on Cuba’s Barrio Adentro program, which it has utilized for years to infiltrate spies and agitators into neighboring countries under the guise of doctors, coaches and advisers to help the poor… What is given up by ignoring a tyrant’s provocations is the ability to actively prevent the incremental destruction of democratic institutions that solidify his power.

(16)

There exists a mistakenly view of the interactions between disparate extremist organizations and terrorist groups internationally. This “burqa-bikini paradox” – the premise that culturally or ideologically distinct actors couldn’t possibly be cooperating to any significant degree – has frequently been the default position of journalists, the diplomatic community, and even some in the intelligence community.

Douglas Farah, a former Latin America correspondent for the Washington Post and now a senior fellow at the International Assessment and Strategy Center, challenged this premise at a December 2008 Capitol Hill briefing titled “Venezuela and the threat it Poses to U.S. and Hemispheric Security”:

These lines that we think exist where these groups like Iran – well they’re a theocracy, or Hezbollah, they’re religiously motivated, they won’t deal with anyone else – bullshit! They will deal with whoever they need to deal with at any given time to acquire what they want…. And the idea that someone won’t deal with Hezbollah because they don’t like their theology is essentially horseshit. You can document across numerous times and numerous continents where people of opposing views will do business together regardless of ideology or theology.

(17)

It is no stretch of logic to surmise that terrorist groups are the natural allies of authoritarian regimes. But throughout the 1970s and ‘80s, there was a battle in Washington between those who believed that the Soviet Union was complicit in terrorism and those who maintained that the Soviets eschewed it as a tactic. The official policy of the Soviets during the Cold War was to declare its opposition to terrorism while unofficially supporting and supplying proxy terrorist groups. But in 1970 Moscow had grown bold enough to train terrorists to overthrow the Mexican government and set up a satellite totalitarian state just across the U.S. Border.

(20)

Carlos (the Jackal) “was given a staff of 75 to plot further deaths and provided with guns, explosives and an archive of forged papers” by the East Germans. He was provided with safe houses and East German experts to ensure that his phones were not bugged, and even his cars were repaired by the Stasi.

(21)

The recovery of Stasi files had proven that the extent of Soviet bloc involvement in terrorism was far greater than even the CIA and other security agencies had considered. Throughout the Cold War, much of the conventional media and the foreign policy establishment often dismissed reports that the Soviets were sponsoring international terrorism or that the Marxist terrorists of Europe might be intermingling with Maoists in Latin America.

Some analysts and scholars referred to the writing of Karl Marx and Lenin to shot that the, and hence the Soviets, were ideologically opposed to terrorism… This and other tenants of Marxist-Leninist theory were often used to claim an ideological aversion to Soviet terror sponsorship.

(22)

In 1916 Lenin wrote to Franz Koritschoner, one of the founders of Austria’s Communist Party, telling him that the Bolsheviks “are not at all opposed to political killing… but as revolutionary tactics individual attacks are inexpedient and harmful. Only the mass movement can be considered genuine political struggle. Only in direct immediate connection with the mass movement can and must individual terrorist acts be of value.

(24-25)

Soviet Use of Communist Party Front Groups in the United Nations

The CPSU’s International Department was tasked with controlling the policy of the world communist movement. From 1955 to 1986, Boris Ponomarev was the chief of this department, which became the premier Soviet agency for fomenting and supporting international terrorism.

Under Ponomarev, the CPSU founded the Lenin Institute, which trained communist from Western and Third World countries in psychological warfare and propaganda and in guerilla warfare. Seeing the potential of “liberation movements” and “anti-imperialist” movements as proxy forces against the West, the CPSU also founded in 1960 the Peoples’ Friendship University (renamed Patrice Lumumba University in 1961) to train “freedom fighters” from the Third World who were no Communist Party members.

The International Department was also in charge of setting up front groups and nongovernmental organizations (NGOs) that could advocate by proxy for Soviet aims at the United Nations (UN) and other international governments. According to a U.S. House of Representative Subcommittee on Oversight report on February 6, 1980, Soviet subsidies to international front organizations exceeded $63 million in 1979 alone.

The report noted that the KGB and the Central Committee “actively promote” the UN imprimatur of the NGO front groups. The international Department controlled the NGOs and held coordinated meetings twice a year, and an official of the Soviet journal Problems of Peace and Socialism (also known as World Marxist Review) would always attend.

According to the report, Anatoly Mkrtchyan, the Soviet director of the External Relations Division of Public Information, was in charge of the NGO section.

Source: At the U.N., Soviet Fronts Pose as Nongovernmental Organizations Juliana Geran Pilon

https://www.heritage.org/global-politics/report/the-un-soviet-fronts-pose-nongovernmental-organizations

(32)

After Arafat started the First Intifada in 1987, both the Soviet Union and Cuba increased military support to the Palestinians, often portraying U.S. and Israeli actions in the Middle East as hegemonic aggression against unarmed Palestinian victims.

In 1990 Havana sent assistance to Iran following an earthquake, and Iran started buying biotechnology products from Cuba. In the last 1990s Castro made a number of bilateral agreements with Iran, and several high-level delegations from Iran made trips to Cuba.

(33)

In 1962, the CPSU helped to establish the Paris-based Solidarite terrorist support network that was masterminded by Henri Curiel. Curial was an Egyptian communist born to an Italian Jewish family who ran a highly successful clandestine organization providing everything from arms to safe houses to actionable intelligence for terrorist group from Brazil to South Africa.

In 1982 a U.S. National Intelligence Estimate stated that Curiel’s Solidarite “has provided support to a wide variety of Third World leftist revolutionary organizations,” including “false documents, financial aid, and safehaven before and after operations, as well as some illegal training in France in weapons and explosives.”

Besides the direct support and training of terrorists, the Soviets made ample use of front groups that posed as religious organizations, academic institutions, or human rights advocates. A 1980 CIA report titled Soviet Covert Action and Propaganda stated:

At a meeting in February 1979 of World Peace Council (WPC) officials, a resolution was adopted to provide “uninterrupted support for the just struggle of the people of Chile, Guatemala, Uruguay, Haiti, Paraguay, El Salvador, Argentina and Brazil.” Without resort to classified information, from this one my logically conclude that the named countries are targets for Soviet subversion and national liberation struggles on a continuing basis. One might interpret “uninterrupted support for the just struggle” to mean continuing financial and logistic support to insurrection movements.

(34)

A former senior GRU officer confirmed this when he made the following statement:

…” If I give you millions of dollars’ worth of weapons, or cash, I have a small right to expect you to help me. I won’t tell you where to place the next bomb, but I do expect to have a little influence on your spheres of action. And if someone later arrests an Irishman, he can honestly say that he never trained in the Soviet Union. And he still believes he is fighting for himself.”

(38)

The point that Colby and Sterling were making was that the Soviets supported terrorist groups as proxy forces, specifically to retain the appearance of distance from their activities. The more important point was that international terrorist groups would have been far less prodigious, and far less deadly, without the support that they received from the Soviet Union and its satellite states…. The Soviet aspect could be seen as giving these groups a “do-it-yourself kit for terrorist warfare.”

(41)

According to [Former Secretary of Defense Robert] Gates, “We would learn a decade later that [CIA analysis] had been too cautious. After the communist governments in Eastern Europe collapsed, we found out that the Easter Europeans (especially the East Germans) indeed not only had provided sanctuary for West European ‘nihilist’ terrorists, but had trained, armed and funded many of them.

(49)

She (Leila Khaled) has also been a regularly scheduled speaker at the World Social Forum.

On May 26, 1971, Khaled told the Turkish newspaper Hurryet that:

The Popular Front for the Liberation of Palestine (PFLP) sends instructors to Turkey in order to train Turkish youth in urban guerrilla fighting, kidnapping, plan hijackings, and other matters… In view of the fact that it is more difficult than in the past for Turks to go and train in PFLP camps, the PFLP is instructing the Turks in the same way as it trains Ethiopians and revolutionaries from underdeveloped countries. The PFLP has trained most of the detained Turkish underground members.

Within ten years, terrorist attacks in Turkey would be killing an average of nine to ten people per day.

Source: Sterling, Terror Network

(52)

The Baath Party’s founders were educated at the Sorbonne in Paris, where, incidentally, an inordinate number of the world’s former dictators were schooled. Commenting on this phenomenon, Egyptian journalist Issandr Elamsani said that Arab intellectuals still see the world through a 1960s lens: “They are all ex-Sorbonne, old Marxists, who look at everything through a postcolonial prism.”

The Sorbonne in the 1960s was one of the intellectual centers of radial political science. In the tradition of the Jacobins, it offered a pseudo-intellectual foundation for end-justifies-means terrorism, which many of its graduates – among them Cambodian dictator Pol Pot, Peruvian terrorist leader Abimeal Guzman, intellectual arbiter of the Iranian revolution Ali Shariati, and Syrian Baathist Michel Aflaq – would use to justify mass murder.

(60-61)

Aleida Guevara, the daughter of Che, made a trip to Lebanon in 2010 to lay a wreath on the tomb of former Hezbollah leader Abbas al-Musawi. At the ceremony, she echoed [Daniel] Ortega’s sentiments, saying, “I think that as long as [the martyr’s] memory remains within us, we will have more strength, and that strength will grow and develop, until we make great achievements and complete our journey to certain victory.”. Guevara later told supporters while visiting Baalbek, “If we do not conduct resistance, we will disappear from the face of the earth.” To make sure that the international press understood the subtext, Hezbollah’s official in the Bekaa Valley said, “We are conducting resistance for the sake of liberty and justice, and to liberate our land and people from Zionist occupation, which receives all the aid it needs from the U.S. administration.

Though Guevara was parroting what has become standard rhetoric among revolutionaries in all parts of the world, her visit had the potential to become controversial. Just three years earlier, in 2007, she and her brother Camilo had visited Tehran for a conference that was intended to emphasize the “common goals” of Marxism and Islamist radicalism.

Titled “Che Like Chamran,” the conference was a memorial to the fortieth anniversary of Che Guevara’s death, which happened to coincide with the twenty0sizzth anniversary of the death of Mostafa Chamran. Chamran, a radical Khomeinist who founded the Amal terrorist group in Lebanon, went to Iran in 1979 to help the mullahs take over and died in 1981 in the Iran-Iraq War (or, according to some, in a car accident.

Speaker Mortaza Firuzabadi, a Khomeinist radical, told the crowd that the mission of both leftist and Islamist revolutionaries was to fight America “everywhere and all of the time,” adding, “Our duty is to the whole of humanity. We seek unity with revolutionary movements everywhere. This is why we have invited the children of Che Guevara.”

…He ended his speech with an entreaty to all anti-American revolutionaries in the world to accept the leadership of Iran’s Mahmoud Ahmadinejad and his revolutionary regime.

Qassemi returned once again to the podium at this point. “The Soviet Union is gone,” Qassemi declared. “The leadership of the downtrodden has passed to our Islamic Republic. Those who wish to destroy America must understand the reality.

Though it has been treated as a rarity by much of the Western media, collaboration between radical groups that might appear to have little in common have included joint operations of far-right, fascist, and neo-Nazi groups with far-left, Marxist and Islamist groups. These collaborations go back well before World War II.

The widespread misconception that a philosophical or religious wall of separation exists between the extremist ideological movements of the world is not only demonstrable false, it is highly detrimental to a proper analysis of the terrorist threat and to the public’s understanding of counterterrorism efforts. This myth has served well the forces of subversion.

The small subset of the population that is drawn to extremist movements is not limited to those who process the same or a similar ideology but instead includes those who tend to seek personal fulfilment from extremism itself. Ideology can be quite malleable when militants see an opportunity to take advantage of the popularity of a more militant group, regardless of any ideological differences between them. In fact, these groups have often found common cause soon after seeing a rival group begin to dominate international headlines.

(64-65)

One of the principal objectives of a terrorist attack that is often overlooked is the expected overreaction of the state in response to the threat.

Feltrinelli’s thesis, like those of many terrorist theorists before and after, was that this would bring “an advanced phase of the struggle” by forcing “an authoritarian turn to the right”.

Feltrinelli is emblematic of the ideologically itinerant radicals who wreaked havoc in the 1960s and 1970s in Europe, Latin America, and the Middle East. He was a close friend of Fidel Castro’s, attended the Tricontinental Conference in 1966, and published its official magazine, Tricontinental, in Europe after the event… (he) began wearing a Tupamaros uniform on his return to Italy. There Feltrinelli built his own publishing empire, flying to Moscow to secure the publishing rights to Boris Pasternack’s Dr. Zhivago and publishing Giuseppe Tomasi de Lampedusa’s bestseller The Leopard, … The profit from these blockbusters allowed him to fill bookstores throughout Italy with radical manifestos and terrorist literature.

On March 15, 1972, the police found Feltrinelli’s body in pieces at the foot of a high-voltage power line pylon. He had been placing explosives on the pylon with a group of fellow terrorists when one of his own explosives detonated accidentally.

(71)

According to the Aryan Nations’ website, the premise that could bridge the ideological gap between these ostensibly disparate worldviews that Muslims are of the same “Aryan” lineage. This view was not hard to concoct. Adolph Hitler’s minister of economics, Hjalmar Schacht, had professed a similar theory which was one promoted by King Darius the Great: the Persian bloodline was of Aryan lineage. This, Schacht argued it made the Persians – and therefor, somehow, all Muslims – the natural allies of Hitler’s vision of a superior Aryan race that should rule the world.

(72-73)

The rise of the Third Reich became a rallying point for many Muslim leaders, who fostered a bit of Muslim mythmaking by claiming that both Hitler and Mussolini were closet Muslims. One rumor had it that Hitler had secretly converted to Islam and that his Muslim name was Hayder, translated as “the Brave One”.” Mussolini, the rumors told, was really an Egyptian Muslim name Musa Nili, which translated into “Moses of the Nile.”

As far back as 1933, Arab nationalists in Syria and Iraq were supporting Nazism.

Arab support for Hitler was widespread by the time he rose to power. And when the Nazis announced the Nuremburg Laws in 1935 to legalize the confiscation of Jewish property, “telegrams of congratulations were sent to the fuhrer from all over the Arab and Islamic world.”

It was Germany’s war against the British Empire that motivated much of the early support for the Nazi regime. Hitler was, after all, fighting the three shared enemies of Germany and the Arab world at the same time: Zionism, communism, and the British Empire.

After World War II, many German officers and Nazi Party officials were given asylum in the Middle East, mostly in Syria and Egypt, where they were utilized to help set up clandestine services throughout the region – this time in support of many of the anticolonialist forces fighting the British and French.

(74)

Ronald Newton, a Canadian academic who wrote The Nazi Menace in Argentina, 1931-1947… thesis was that the tales of Nazi-fascist settlement in Argentina was the result of British disinformation, designed to thwart postwar market capture of Argentina by the United States. The theory was refuted in 1998 after Argentina president Carlos Menem put together a commission to study the issue.

(85)

The stated aim of right-wing extremist groups had always been to bring down the leftist democratic state model and bring about a national socialist or fascist state. But that ideology began to devolve in the 1980s as neo-Nazi groups started to see the dame and legitimacy that was afforded to left-wing terrorist groups that were committing far more violent acts and seemed to be rewarded proportionately.

Two years after Palestinian terrorists killed eleven Israeli team members at the Munich Olympics in 1972, PLO chairman Yasser Arafat was invited by the United Nations to address its General Assembly, and the PLO was awarded UN observer status shortly after that. Moreover, by the 1980s the PLO had been accorded diplomatic relations with more countries than Israel had.

(91)

In 1969, Qaddafi became the chief financier of terrorism of every stripe throughout the world. And though he became known as the principal donor to worldwide leftist groups, he began his terrorist franchise with those of the extreme right.

(93)

In his book Revolutionary Islam, Carlos tried to join the two strongest currents of revolutionary terror, declaring that “only a coalition of Marxists and Islamists can destroy the United States.”

Carlos’s book would be little noticed until Hugo Chavez, speaking to a gathering of worldwide socialist politicians in November 2009, called him an important revolutionary fighter who supported the Palestinian cause. Chavez said during his televised speech that Carlos had been unfairly convicted and added, “They accuse him of being a terrorist, but Carlos really was a revolutionary fighter.”

(97)

“There is a revolution going on in Venezuela, a revolution of an unusual kind – it is a slow-motion revolution.” Thus, declared Richard Gott in an interview with Socialist Worker on February 12, 2005. Gott, a British author and ubiquitous spokesman for all things Chavez and Castro, is not the first to note the nineteenth-century pedigree of Chavez’s 21^stCentury Socialism.

The incremental implementation of socialism was the dream of the Fabian Society, a small but highly influential political organization founded in London in 1884… The logo of the Fabian Society, a tortoise, represented the group’s predilection for a slow, imperceptible transition to socialism, while its coat of arms, a “wolf in sheep’s clothing,” represented its preferred methodology for achieving its goal.

(98)

In a 1947 article in Partisan Review, [Arthur] Schlesinger Jr. stated, “there seems to be no inherent obstacle to the gradual advance of socialism in the United States through a series of New Deals.”

Gradualism has always been considered “anti-revolutionary” in communist and socialist circles. But pragmatism has taken the place of idealism after the events of 9/11 increased international scrutiny on radical groups, forcing revolutionists like Chavez and Ahmadinejad to use the Fabian strategy as a “soft subversion” tactic with which to undermine their enemies. In the past decade, Chavez and his allies in Lain America have all embraced Ahmadinejad’s regime, and all have developed their strategic relationship based on mutual support for this incremental subversion.

(99-100)

Castro has had a lot of practice in the art of subversion. Within a short time after he came to power in Cuba, he began trying to subvert other governments in Latin America and the Caribbean. On may 10, 1967 Castro sent an invasion force to Machurucuto, Venezuela, to link up with Venezuelan guerillas to try and overthrow the democratic and popular government of President Raul Leoni.

Led by Arnaldo Ochoa Sanchez, the invasion force was quickly vanished, and the Venezuelan armed forces, with the help of peasant farmers leery of the guerillas, pacified the remaining guerrilla elements before the end of the year. Then the Venezuelan government issues a general amnesty to try and quell any violence from the remaining guerrilla holdouts. But the PRV, Red Flag and the Socialist League continued to operate clandestinely. Douglas Bravo, the Venezuelan terrorist who inspired Carlos the Jackal, remained the intransigent leader of the PRV. One of Bravo’s lieutenants was Adan Chavez, Hugo’s older brother, who would serve as Hugo’s liaison to the radical elements throughout for years to come.

After suffering calamitous defeats at the hand of the Venezuelan armed forces, the PRV decided the best way to continue the revolution would be to infiltrate the “system” and subvert it from within. In 1970, they would first make a move to infiltrate the armed forces. Bravo first contacted Lt. William Izarra in 1920. A year later, Chavez entered military school and started to recruit leftist military members to what became a clandestine fifth-column groups, the Revolutionary Bolivarian Movements. The failed 1992 coup that launched Hugo Chavez’s political career would be planned and executed jointly by the MBR, PRV, Socialist League and Red Flag.

After his release in 1994, Chavez spent six months in Colombia receiving guerrilla training, establishing contacts with both the FARC and the ELN of Colombia, and even adopting a nom de Guerra, Comandante Centeno.

Once he was elected president four years later, he would repay the Colombian guerrillas with a $300 million “donation” and thank Castro with a subsidized oil deal.

Though Chavez would denounce Plan Avila often, it would be his own decision to order its activation in 2002 that would provoke his own military to remove him from power.

Chavez seemed to take the near-death experience as a sign from divine providence of his right to rule and began a purge of the military and the government of anyone who might later threaten his power. Chavez then began radicalizing the remainder of the Venezuelan military by replacing its historical training regimen with a doctrine of asymmetric warfare that involved all sectors of society. He would call his new doctrine la guerra de todo el pueblo – “the war of all the people”.

(101-104)

The Revolutionary Brotherhood Plan

While Chavez calls his hemispheric governing plan “21^st Century Socialism,” his critics have given it another name – democradura.

Democradura is a Spanish neologism that has come to define the budding autocracies in Lain America that have incrementally concentrated power in the executive branch under the guise of constitutional reform.

A Socialist think tank in Spain, the CEPTS foundation, part of the Center for Political and Social Studies, was founded in Valencia in 1993 by left-wing academics supporting Spain’s socialist Party as well as the FARC and ELN terrorist groups in Colombia. It put together a team of Marxist constitutional scholars to write the new constitutions of Venezuela, Bolivia and Ecuador, turning them into “socialist constitutions” but with variations applicable to each particular country.

(105)

Where Bolivia’s indigenous president Evo Morales used race to marginalize his opposition, Correa used the rhetoric of environmental radicalism to demonize the mining, oil and gas sectors in Ecuador. Anyone who opposed the anthropocentric environmental language in the (new) constitution was called a “lackey” or multinational corporations and oligarchs. This stance also allowed Correa to eventually break the contracts with these companies in order to demand higher government revenues from their operations, which was then used to support government-funded projects in government-friendly provinces.

The process of Marxist constitution making first caught the attention of the revolutionary left during Colombia’s constitutional change in 1991. The Colombian constitution had been in place since 1886, a long time for regional constitutions, and was only able to be changed with some political machination and legal subterfuge.

As M-19 guerrillas began demobilization talks with a weak Colombian government in the late 1980s, the group took advantage of its position to transition from an armed insurgency to a political party. By 1991 M-19 was able to get one of its leaders, Antonio Navarro, included as one of the three copresidents of the constituent assembly that drew up the new constitution.

Navarro was able to negotiate a prohibition against any attempts by the state to organize the population against the armed guerrilla groups. Not only would this provision end up escalating violence in Colombia, but it would inspire other terrorist groups throughout the America to seek both an armed and a “political wing” which would be utilized skillfully to prolong their longevity as insurgents.

After witnessing the ease with which the Colombian constitution was changed, “constitutional subversion” became standard operation procedure for those countries headed by Chavez’s allies.

The former Venezuelan ambassador to the United Kingdom, Jorge Olavarria, assessed the situation with a bit more apprehension and foresight: “The constituent assembly is nothing more than a camouflage to make the world think that the coming dictatorship is the product of a democratic process.

Where most Latin American constitutions contained between 100 and 200 articles, the new Venezuelan constitution had 350, or 98 more than its predecessor. According to Professor Carlos Sabino of Francisco Marroquin University in Guatemala, the essence of the new constitution was “too many rules, no system to enforce them.” (it) “would consolidate an authoritarian government with a legal disguise, necessary in today’s globalized world where the respect for democratic values is the key to good international relations.

(108)

The Defense of Political Sovereignty and National Self-Determination Law would prohibit organizations, as well as individuals, that advocate for the political rights of Venezuelans from accepting funds from any foreign entity. It also prohibited them from having any representation from foreigners and even sponsoring or hosting any foreigner who expresses opinions that “offend the institution of the state.” This law was included with the International Cooperation Law, which would force all NGOs to reregister with the government and include a declared action plan on their future activities, along with a list of any financing that they expected to receive.

(109)

gNGOs are Governmental Non-Governmental Orgs. Fake NGO’s operated by the government.

(110)

The Sandinista government in Nicaragua has been even more aggressive against civil society groups, raiding the offices of long-established NGOs and launching what it called Operation No More lies, a crackdown against those that it accuses of money laundering, embezzlement and subversion.

(111)

At the end of March 2011, former president Jimmy Carter made a trip to Cuba to meet with members of the regime. About the time he arrived, Cuban state television aired a series in which it portrayed independent NGOs as subversive organizations that sought to “erode the order of civil society” in Cuba. The report claimed that “via the visits to the country of some of its representatives and behind the backs of Cuban authorities, these NGOs have the mission of carrying out the evaluations of the Cuban political situation and instructing, organizing, and supplying the counter-revolution.” It accused the organizations of hiding “their subversive essence [behind] alleged humanitarian aid.” The series featured Dr. Jose Manuel Collera, who was revealed as “Agent Gerardo,” a Cuban spy who had infiltrated the NGOs in the United States “to monitor their work and representatives.”

Along with thwarting the oversight power of NGOs in Venezuela, Chavez also included a number of “economic” laws designed to put the stamp of legitimacy on his new “communal” economic system that had caused shortages throughout the country… These laws made communes the basis of the Venezuelan economy and established “People’s Power” as the basis of local governance. It is codified as being responsible to the “revolutionary Leadership,” which is Chavez himself. This effectively supplanted the municipalities and regional governments.

(117)

Managing the Media

Speaking in September 2010 at a Washington event to celebrate the sixtieth anniversary of Radio Free Europe/Radio Liberty, the chairman of the Broadcasting Board of Governors Walter Issacson, warned, “We can’t allow ourselves to be out-communicated by our enemies. There’s that Freedom House report that reveals that today’s autocratic leaders are investing billions of dollars in media resources to influences the Global opinion… You’ve got Russia Today, Iran’s Press TV, Venezuela’s TeleSUR…”

Their techniques are similar: hire young, inexperienced correspondents who will toe the party line as TV reporters, and put strong sympathizers, especially Americans, as hosts of “debate” shows.

Where normal media outlets will film only the speakers at such an event, these state-sponsored media units will often turn the cameras toward the audience in order to capture on film those in the audience who may be government critics. Their purpose for this is twofold – to later screen the video to see who might be attending such a conference and to intimidate exiles from attending such events.

(118)

TeleSUR’s president, Andres Izarra, is a professional journalist who formerly worked for CNN en Espanol. He also serves as Chavez’s minister of communications and information. Izarra said of TeleSUR’s launch: “TeleSUR is an initiative against cultural imperialism. We launch TeleSUR with a clear goal to break this communication regime.”

In a 1954 letter to a comrade, Fidel Castro wrote, “We cannot for a second abandon propaganda. Propaganda is vital – propaganda is the heart of our struggle.

“We have to win the war inside the United States, said Hector Oqueli, one of the Rebel leaders. And after the Sandinistas first took power in Nicaragua in the 1980s, the late Tomas Borge, who served as the interior minister and head of state security for the Sandinista regime, told Newsweek, “The battle for Nicaragua is not being waged in Nicaragua. It is being fought in the United States.

It had not been difficult for the revolutionary left in Latin America to find willing allies in the United States to help with its propaganda effort. An illustrative example is William Blum, the author of several anti-American books that have called U.S. foreign engagements “holocausts”. Blum has described his life’s mission as “slowing down the American Empire… injuring the Beast.” Blum’s treatment of U.S. involvement in Latin America is noteworthy, because it is emblematic of what often passes as scholarship on the subject and because it gets repeated in many universities where he is often invited to speak to students… In January 2006, Blum’s Rogue State got an endorsement by Osama bin Laden, who recommended the book in an audiotape and agreed with Blum’s idea that the way the United States could prevent terrorist attacks was to “apologize to the victims of American Imperialism.”

Examples of bad scholarship follow…

Blum’s book is typical of a genre that has long eschewed scholarship for sensationalized anti-Americanism. At the summit of the Americas in April 2009, Chavez handed President Obama a copy of Open Veins of Latin America by Eduardo Galeano, about which Michael Reid, the Americas editor at The Economist, wrote, [Galeano’s history is that of the propagandist, a potent mix of selective truths, exaggeration and falsehood, caricature and conspiracy. Called the “Idiots Bible” by Latin American scholars, Galeano’s 1971 tome was translated to English by Cedric Belfrage, a British journalist and expatriate to the United States who was also a Communist Party member and an agent for the KGB.

The Artillery of Ideas

Another Chavez propaganda effort designed to reach English-speaking audiences is the state funded newspaper Correo del Orinoco, named for a newspaper started by Simon Bolivar in 1818.

(121)

Un April 2010 Chavez held a celebration on the eight anniversary of the coup that earlier had removed him from office for two days. He named the celebration “Day of the Bolivarian Militias, the Armed People and the April Revolution” and held a swearing in ceremony for 35,000 new members of his civilian militia. As part of the festivities, Chavez also had a swearing in ceremony for a hundred young community media activists, calling them “communicational guerrillas.” This was done, according to Chavez, to raise awareness among young people about the “media lies” and to combat the anti-revolution campaign of the opposition-controlled private media.

(122)

The most notorious propaganda and coverup operation to date has been that of the Puente Llaguno shooting in 2002, in which nineteen people were killed and sixty injured as Chavez’s henchmen were videotaped shooting into a crowd of marchers from a bridge overhead.

(124)

According to Nelson (the author of The Silence and the Scorpion) the reason that Chavez felt the need to go after the Metropolitan Police was because they were the largest group in the country, aside from the army. This, feared Chavez, made them a potential threat for another coup against his regime. After he was briefly ousted from office in 2002, Chavez skillfully utilized the canard that the Metropolitan police had fired the first shots at the Bolivarian Circles as an excuse to take away much of their firepower and equipment, leaving them only with their .38 caliber pistols. And one a Chavez loyalist took over as mayor of Caracas, the Metropolitan Police were completely purged. According to Nelson, loyalty to Chavez’s political party became much more important than expertise or experience on the police force.

In January 2007, the President of TeleSUR, Andres Izarra, revealed the thinking behind Chavez’s campaign against the media: “We have to elaborate a new plan, and the one that we propose is the communication and informational hegemony of the state.”

(131)

A report done for the United Nations by the Observatory for the Protection of Human Rights Defenders said that verbal attacks against anyone “who dared to criticize the policies of President Ortega or his government… were systematically and continuously taken up by the official or pro-Government media.” The reports, issued in June 2009, stated:

President Ortega’s government tried to silence dissident voices and criticisms of Government policies through members of the government who verbally assaulted demonstrators and human rights defenders as well as the Citizens Council (Consejos de Poder Ciudadno – CPC) who hampered the NGOs’ activities and physically assaulted defenders. In this context, 2008 saw numerous attacks against human rights defenders and attempts to obstruct their activity…

These Citizens’ Councils were taken directly from the “Revolutionary Brotherhood” plan and are close facsimiles of groups like the Bolivarian Circles in Venezuela. Ortega claimed in July 2007 that “more than 6,000 [CPCs] has been formed,” and “around 500,000 people participated in CPCs.”

(142)

Managing the Military

Daniel Patrick Moynihan: More and more the United Nations seems only to know of violations of human rights in countries where it is still possible to protest such violations… our suspicions are that there could be a design to use the issue of human rights to undermine the legitimacy of precisely those nations which still overserve human rights, imperfect as that observance may be.” (871)

The Department of State Bulletin. (1975). United States: Office of Public Communication, Bureau of Public Affairs.

The southern Connections was a coordinated effort by far-left supporters of the Castro regime and other leftist governments in Latin America to end the Monroe Doctrine or at least to deter Washington’s policy of intervention against communist expansion in the hemisphere.

(144)

EL Salvador’s civil war, from 1979 until 1992, was emblematic of the Cuba-instigated wars in Latin America. It was Fidel Castro who convinced the various left-wing guerilla groups operating in El Salvador consolidate under the banner of the DRU, officially formed in May 1980. The DRU manifesto stated, “There will be only one leadership, only one military plan and only one command, only one political line.” Fidel Castro had facilitated a meeting in Havana in December 1979 that brought these groups together – a feat that has not been repeated since, as the historic tendency of most leftist terrorist groups in the region have been of splintering after fights over egos and ideological differences.

It was a Salvadoran of Palestinian descent, Schafik Handal, who helped found the Communist Party of El Salvador and who would serve as Castro’s partner in the Central American wars of the era.

(145)

Stealth NGOs

One of the most effective asymmetrical tactics has been the use of dummy NGOs as front groups in Latin America. A number of nongovernmental organizations operating in the region that claim to advocate for human rights actually receive funding from radical leftist groups sympathetic to revolutionary movements in the hemisphere. Many of these groups derive much of their legitimacy from unwitting representative of the European Union, the United Nations and even the U.S. Department of State who often designate them as “special rapporteurs” for human rights reporting.

(146)

Both Cristian Fernandez de Kirchner, the current president, and her husband the late President Nestor Kirchner, were far left radicals in the 1960s and 1970s and filled both of their administrations with ex-terrorists and radicals… Many have accused the Kirchner’s and their allies of blatant double standards on human rights issues – especially in the prosecution of former military members who served during Argentina’s Dirty War from 1976 to 1983.

Since 2003, when Nestor Kirchner took office, the successive Kirchner administrations have aggressively prosecuted hundreds of ex-soldiers, many of who served prior to the beginning of the Dirty War. The double standard arises because not one of the ex-terrorists, who started the Dirty War in the first place, has been prosecuted. The Kirchners, along with far-left judicial activists in the region, have relied on a blatantly unjust tenant of “international human rights law” that says crimes against humanity only apply to representatives of the state, a group that includes military and policy but excludes the terrorists who ignited the guerillas wars.

(148)

Since the late 1990s, the NGO practice of dragging the military into court on allegations of human rights violations has destroyed the careers of some of [Colombia’s] finest officers, even though most of these men were found innocent after years of proceedings.”

According to O’Grady, the enabling legislation that makes this judicial warfare possible is what’s been termed the “Leahy Law,” after its sponsor, Sen Patrick Leahy (D-VT). Under this law, American Military aid can be withdrawn if military offenses are brought against them, even when the credibility of the charges is dubious. O’Grady noted, “The NGOs knew that they only had to point fingers to get rid of an effective leader and demoralize the ranks.”

The legislation that became the Leahy Law was first introduced in 1997 in the Foreign Operations Appropriations Act, and similar language was inserted into the 2001 Foreign Operations Appropriations Act. It has since been used repeatedly against Colombia, which has been a target ever since it became serious about taking on the FARC and took funding from the United States to Implement Plan Colombia, an anti-drug smuggling and counter-insurgency initiative.

(149)

The publicity about Reyes’s death put the spotlight on the situation in Colombia and led researchers to uncover the fact that many of the so-called trade unionists in Colombia were moonlighting as FARC terrorists.

Raul Reyes was the prime example, having begun his career at age sixteen when he joined the Colombian Communist Youth (JUCO), which led him to become a trade unionist at a Nestle plant in his hometown of Caquetá. His position as a Nestle “trade unionist” was a front for his real job, which was influencing, recruiting, and radicalizing fellow workers at a plant for the Colombian Communist Party… Since the beginning of the FARC, and its collaboration and later split with the party, a number of Colombian trade unions have served as way stations for FARC members as they moved from union posts to the ranks of the FARC.

(150)

Uribe was able to turn the tide…. By strategically transitioning from the largely fruitless supply-control methods of Plan Colombia to the population centric counterinsurgency (PC-COIN) methods of Plan Patriota, a later iteration of the original plan that put focus on counterinsurgency.

Where the previous policy had granted a vast demilitarized zone to the FARC in exchange for a proposed peace treaty, Plan Patriota utilized a counter-insurgency strategy that attacked terrorists with physical force. But more importantly, it attached their legitimacy by placing security personnel in remote areas where there had been no state presence before. What this accomplished, more successfully than any of the Colombian military’s previous operational tactics, was to change the populations’ perception of the forty-year insurgency. What had been seen as a conflict between rival political parties was now looked upon as the battle of a legitimate, elected government against illegitimate narco-terrorists.

Revolutionizing the Military

In 2001 the Venezuelan daily Tal Cual published a leaked document from the Directorate of Military Intelligence (DIM) which spelled out a plan to politicize the military. According to the document top military officers were to be divided into “revolutionists” who supported Chavez, “institutionalists” who were considered to be neutral, and “dissidents” who were opposed to the regime. It also advocated for catequesis (Spanish for catechism) to proselytize these officers to accept Chavez’s socialist governing program.

(152-153)

During the Hungarian Uprising in 1956, Andropov “had watched in horror from the windows of his embassy as officers of the hated Hungarian security service were strung up from lampposts” It is said that Andropov was “haunted for the rest of his life by the speed with which an apparently all-powerful Communist one-party state had begun to topple” and was thereafter “obsessed with the need to stamp out ‘ideological sabotage’ where it reared its head within the Soviet bloc.” This obsession made the Soviets much more eager to send in troops whenever other communist regimes were in jeopardy.

…both Castro and Chavez, would develop a Hungarian complex as well, leading to a clampdown on ‘ideological sabotage’ within their respective countries. In 1988 Castro stated, when speaking of the Sandinistas’ use of civilian militias to defend their revolution in Nicaragua, that both Cuba and Nicaragua needed a “committed… people’s armed defense that is sufficient in size, training and readiness, “adding that Salvador Allende hadn’t had a big enough force to prevent the coup that drove him from power in Chile in 1973. It was a rare moment of candor, as the militia is usually touted as the last bastion against a U.S. invasion. But in reality, it is a tool designed to accomplish the prime objective of an aspiring autocrat – to ensure the longevity of the regime. Max Manwaring, writing on Chavez’s use of these civilian militias, stated:

All these institutions are outside the traditional control of the regular armed forced, and each organization is responsible directly to the leader (President Chavez). This institutional separation is intended to ensure the no military or paramilitary organization can control another, but the centralization of these institutions guarantees the leader absolute control of security and social harmony in Venezuela.

Perpetuating the Regime

Started as a jobless protest in 1996, the piquiteros have transformed into what are, according to The Economist, “government rent-a-mobs” consisting of “unemployed protestors receiving state welfare payments.” The piquiteros were co-opted by Nestor Kirchner’s government, through some have splintered since his wife succeeded him.

(154)

In February 2011 the gravity of the effort to militarize Morales’s civilian supporters became far clearer. According to ABC, a Paraguayan daily, Iran was providing the financing for the militia training facility. Called the Military Academy of ALBA, it is located in Warnes, thirty miles north of Santa Cruz. ABC reported that the facility would train both military personnel and civilian militia members from all of the ALBA countries.

(156)

Shortly after Castro’s guerrillas took power in Havana, Cuban embassies in Latin America became recruitment centers and incubators for radical groups and terrorist subversives throughout the hemisphere. Organizing subversive student movements became a priority for Cuban “diplomats,” and the autonomy of the campuses provided easy access and impunity.

A comparison of the student vote to that of the general population at the time provides an illustration of the radicalization of the student body. During the 1960s in Venezuela, students at the Central University typically voted 50 to 60 percent for candidates from the Communist Party of Venezuela and the radical Castroite MIR, while these candidates never broke 10 percent among the general population.

A Venezuela MIR guerrilla noted that their near total domination of the liceos (secondary schools) and the universities led them wrongly to believe that this level of acceptance could be extrapolated to the general population. But in reality, noted the guerrilla, “there was absolutely no mass solidarity with the idea of insurrection.” One MIR cofounder, Domingo Alberto Rangel, noted after renouncing the group’s support for terrorism that “the Left enjoys support among students, but it is unknown among working-class youth, or the youth of the barrios.”

In Colombia, the Industrial University of Santander in Bucaramanga was a haven for that country’s ELN terrorists. In 1965 in Peru, the ELN based itself in the San Cristobal of Huamange National University in Ayacucho, and at the National University in Lima a number of leftist political parties set up operations for MIR terrorists.

Just over twenty years later, after Shining Path and Tupac Amaru terrorists had gained control over a majority of the rural area of Peru and had begun to threaten the capital, the (first) government of President Alan Garcia reluctantly decided to raid the University of San Marcos, the National University of Engineering, and a teacher’s college – three schools that had long been known as terrorist havens.

This kind of autonomy without accountability is a policy that invited terrorist infiltration among impressionable young people.

(159)

Like guerrilla groups in many countries in Latin America, Mexico’s also have a cadre of supporters in NGOs who purport to be human rights advocates. After the bombing of the FARC camp in Ecuador, instead of denouncing the FARC for hosting Mexican students in a war zone, one Mexican human rights NGO called the operation an “unjustified massacre” and announced that it was planning to sue the Colombian government.

(161)

According to The Miami Herald, [Tareck] El Aissami was born in Venezuela to Syrian parents, and his father, Carlos, was the president of the Venezuelan branch of the Baath Party and was an ardent supporter of Saddam Hussein. El Aissamni’s uncle, Shibili el-Aissami, whose whereabouts are unknown, was a top-ranking Baath Party official in Iraq.

(164)

The extent of Cuban subversion was investigated and reported to Congress as early as 1963, when the Senate Judiciary Committee released a report detailing the activities of Cuban operatives in the hemisphere. The report concluded: “A war of liberation” or ‘popular uprising’ is really hidden aggression: subversion… the design of Communist expansion finds in subversion the least costly way of acquiring peoples and territories without exaggerated risk.” The report elaborated on the goal of Cuban subversion:

Its aim is to replace the political, economic, and social order existing in a country by a new order, which presupposes the complete physical and moral control of the people… That control is achieved by progressively gaining possession of bodies and minds, using appropriate techniques of subversion that combine psychological, political, social, and economic actions, and even military operations, if this is necessary.

(166)

It was reported by a defector that all Sandinista military plans were sent first to Havana to be vetted by Raul Castro and a Soviet handler before any action was taken against the contras.

A State Department background paper also reported that besides the influx of thousands of Cuban “advisers,” nearly all of the members of the new state police organization, the General Directorate of Sandinista State Security, were trained by the Cubans.

Alfonso Robelo, one of the original members of Nicaragua’s five-man junta, told reporters, “this is something that you have to understand, Nicaragua is an occupied country. We have 8,000 Cubans plus several thousand East Bloc people, East Germans, PLO, Bulgarians, Libyans, North Koreans, etc. The national decisions, the crucial ones, are not in the hands of the Nicaraguans, but in the hands of the Cubans… And, really, in the end, it is not the Cubans, but the Soviets.”

While many foreign policy experts and officials in the Carter administration scoffed at the idea of either Soviet of Cuban steering of the Sandinistas, numerous defectors later confirmed it. Victor Tirado, one of the original Sandinistas, wrote in 1991 that “we allowed ourselves to be guided by the ideas of the Cubans and the Soviets.” Alvaro Baldizon, a chief investigator of the Sandinista Ministry of the Interior, said after defecting, “The ones who give the orders are the Cubans…. Every program, every operation is always under the supervision of Cuban advisors.”

Since the Barrio Adentro program began in Venezuela in October 2000, the number of Cubans in the country has grown to somewhere between forty thousand and sixty-five thousand, depending on the source.

(169)

One of the programs instituted by the Cubans that has driven out many of the professional officers is a new system that allows sergeants to be promoted to the rank of colonel simply by what they call “technical merit” – which most officers define as a high level of fealty to the Chavez political program.

(170)

Prior to the 2006 presidential election in Peru, Hugo Chavez set his sights on the country to try to bring it into the ALBA orbit. Besides sending letters of invitation to mayors near the border areas of his allies, Chavez underwrote a number of ALBA houses in rural areas of Peru. The Peruvian government became concerned enough about the ALBA houses that a congressional committee investigated them and issues a report in March 2009 recommending they be shut down. The committee report concluded that Chavez was trying to influence Peruvian politics via the ALBA houses, which had been established without any government-to-government agreement.

A June 2009 incident in the Amazon city of Badua ended the détente. The incident, called the Baguazo, ended in a bloodbath when members and supporters of a radicalized “indigenous rights” group slit the throats of police officers who had been sent to end the group’s roadblock that had closed the city’s only highway for over a month. Leaders of the Interethnic Association for the Development of the Peruvian Rainforest were revealed to have ties to Chavez and Morales and had previously traveled to Caracas to participate in a meeting of radical indigenous groups.

(171 – 172)

Like Soviet communism, Chavez’s 21^st Century Socialism can only survive by spreading and enveloping its neighbors, lest too much of a distinction be shown in economic outcomes by its nonsocialist neighbors.

In a July 2008 hearing of the Western Hemispheric Subcommittee of the House Foreign Affairs Committee, Dr. Norman Bailey, a former official of the National Security Council whose specialty was monitoring terrorism by tracking finances, testified that Chavez had spent “$33 billion on regional influence.” Bailey further stated that corruption in the Chavez regime was “nothing less than monumental, with literally billions of dollars having been stolen by government officials and their allies in the private sector over the past nine years.” Bailey also testified that a Chavez government official had his bank accounts closed by HSBC Bank in London, which had deposits of $1.5 billion.”

A large portion of the income derived from both the narco-trafficking and money laundering is funneled to Venezuelan entities and officials and “is facilitated by the Venezuelan financial system, including both public and private institutions.”

* Bailey testimony before the Western Hemisphere Subcommittee

(174)

A Wikileaks cable released in December 2010 revealed that Ortega had been given “suitcases full of cash” in Caracas. “We have firsthand reports that GON [Government of Venezuela] officials receive suitcases full of cash from Venezuelan officials during official trips to Caracas,” a 2008 diplomatic cable written by Ambassador Paul Trivelli stated. The embassy cables also said that Ortega was believed to have used drug money to underwrite a massive election fraud.

The accusations of suitcases of Venezuelan money going to Nicaragua match very closely with an August 2007 case in which a Venezuelan American businessman, Antonini Wilson, was cause at the Ezeiza Airport just outside Buenos Aires with a suitcase packed with $800,000 in cash. According to U.S. prosecutors who ended up in charge of the case, the money was intended for Cristina Fernandez de Kirchner, who was campaigning for (and eventually won) the presidency of Argentina… when Wilson flew home to Key Biscayne immediately after he incident, he reported it to the FBI, fearing (rightly) being set up as the “fall guy,” according to his court testimony. Wilson agreed to wear a wire during his subsequent meetings with Venezuelan officials and to record his phone calls. Three of the officials involved were indicted in the United States and pleaded guilty. Another fled and is still at large.

(179)

Nicaraguan defectors had long reported the drug-trafficking habits of the Sandinista government. Antonio Farach, a defector who had worked as a Sandinista minister in Nicaragua’s embassies in Honduras and Venezuela, told U.S. officials in 1983 that Humberto Ortega, brother of the president and then Nicaragua’s minister of defense, was “directly involved” in drug trafficking.

Farach repeated an oft-reported rationale used by Marxists who moonlight in the drug trade as a sideline to revolution. He states that Sandinista officials believed their trafficking in drugs was a “political weapon” that would help to destroy “the youth of our enemies.” According to Farach, the Sandinistas declared, “We want to provided food to our people with the suffering and death of the youth of the United States.”

(190)

As of 2008, nineteen of the forty-three groups that are officially designated “foreign terrorist organizations” were all linked to the international drug trade, and as much as 60 percent of all terrorist organizations were believed to be linked to the drug trade.

From fiscal years 1999 through March 2010, 329 Iranian nationals have been caught by U.S. Customs and Border Protection.

In March 2005 FBI director Robert Mueller testified before the House Appropriations Committee that “there are individuals from countries with known Al Qaeda connection who are changing their Islamic surnames to Hispanic-sounding names and obtaining false Hispanic identities, learning to speak Spanish and pretending to be Hispanic.

In 2010 the Department of Homeland Security had thousands of what are called “OTMs” – Other Than Mexicans – incarcerated for illegally crossing the southern border. The OTMs consisted of individuals from Afghanistan, Egypt, Iran, Iraq, Pakistan, Saudi Arabia, Yemen and elsewhere.

(199)

Hugo Chavez’s placement of individuals with known ties to terrorist groups in charge of his immigration and identification bureau have long been documented.

(204)

Influenced by Chavez and radical leftist groups in the region, Lopez Obrador staged a populist sit-in in the central square of Mexico City for nearly two months, claiming to be the “legitimate president”.

Rep Jim Kolbe (R-AZ) told several Mexican legislators at the time that he had received intelligence reports that Chavez had been funding AMLO’s Party of the Democratic Revolution. Had Lopez Obrador won, the nefarious influences of Chavez and Ahmadinejad would have moved to America’s doorstep, and the nexus of drug trafficking and terrorism that were already on the border would be an order of magnitude greater.

(207)

In September 2011, El Universal reported that a Spanish court had prosecuted five members of Askapena, the international wing of ETA. Court documents showed that Askapena had been instructed to set up an international relations network by organizing seminar and creating “solidarity committees” in Europe and North and South America.

(208)

The New York Times reported on January 28, 1996 that during the last two months that the Sandinistas were in power, they had granted Nicaraguan citizenship and documentation to over nine hundred foreigners, including terrorists from ETA and Italy’s Red Brigades, three dozen Arabs and Iranians from Islamic terrorist groups, and terrorists from “virtually every guerrilla organization in Lain America”.

(209)

As far back as May 2008, Jackson Diehl, deputy editorial page editor and foreign policy writer for the Washington Post, wrote that Chavez belonged on the State Department’s list of State Sponsors of Terror.

His reported actions are, first of all, a violation of U.N. Security Council Resolution 1373, passed in September 2001, which prohibits all states from providing financing or havens to terrorist organizations. More directly, the Colombian evidence would be more than enough to justify a State Department decision to cite Venezuela as a state sponsor of terrorism. Once cited, Venezuela would be subject to a number of automatic sanctions, some of which would complicate its continuing export of oil to the United States…

(221)

It is this irrational reluctance to properly describe the threat we face from declared enemies that validates those enemies contrived grievances. Almost inversely proportional to our increased prowess in kinetic warfare, we have continually ceded the ideological war that has become the only battlefield on which our enemies are able to make an impact. As Max Manwaring and others have stated, today’s battles are fights for legitimacy. To allow political correctness or misplaced deference to alter the terminology of war is to cede our most valuable territory. To our enemies, deference equals weakness, not civil accommodation.

Another tenet shared by political Islam in the Middle East and 21^st Century Socialism in Latin America is that its adherents have declared war not only on the United States and the West in general but on capitalism and free societies as well. TO most of us in the West, this is equivalent to declaring war on gravity, as free exchange and free enterprise are the bases of life and the engines of progress throughout the world.

We enjoy the advantage that our enemies are not only fighting against us but are also fighting against the trajectory of human progress. Our duty is to decide whether we are going to continue to accommodate their superstitions or whether we will confront them before further carnage provides them with false validation.

Notes from Black Against Empire: The History and Politics of the Black Panther Party

Black Against Empire: The History and Politics of the Black Panther Party

While I highlighted far more from Black Against Empire: The History and Politics of the Black Panther Party than the below, I decided to limit myself to posting here issues related to changing perceptions of the Panthers following the dismantling of Jim Crow, issues linked to Marxism issues, and international relations.

(121)

But by 1968, even in “Bloody Lowndes,” the political dynamic had changed. As the Civil Rights Movement dismantled Jim Crow through the mid-1960s, it ironically undercut its own viability as an insurgent movement. Whereas activists could sit in at lunch counters or sit black and white together on a bus or insist on registering to vote where they had traditionally been excluded, they were often uncertain how to nonviolently disrupt black unemployment, substandard housing, poor medical care, or police brutality. And when activists did succeed in disrupting these social processes nonviolently, they often found themselves facing very different enemies and lacking the broad allied support that civil rights activists had attained when challenging formal segregation. By 1968, the civil rights practice of nonviolent civil disobedience against racial exclusion had few obvious targets and could no longer generate massive and widespread participation.

(122)

In this environment, Lil’ Bobby Hutton became a very different kind of martyr from King. He was virtually unknown and ignored by the establishment. Hutton had died standing up to the brutal Oakland police; he died for black self-determination; he died defying American empire like Lumumba and Che and hundreds of thousands of Vietnamese had before him. Unlike King in 1968, Lil’ Bobby Hutton represented a coherent insurgent alternative to political participation in the United States—armed self-defense against the police and commitment to the revolutionary politics of the Black Panther Party.

(123)

A Panther press statement said that in addition to support for the “Free Huey!” campaign and the black plebiscite, the Panthers were calling upon “the member nations of the United Nations to authorize the stationing of UN Observer Teams throughout the cities of America wherein black people are cooped up and concentrated in wretched ghettos.” After meeting with several U.N. delegations and talking with the press, the Black Panthers filed for status as an official “nongoverning organization” of the United Nations. While the notion of the black plebiscite was intriguing to many, it failed to gain traction.

(130)

At SNCC’s invitation, student antiwar activists came to see themselves as fighting for their own liberation from the American empire. The imperial machinery of war that was inflicting havoc abroad was forcing America’s young to kill and die for a cause many did not believe in. Young activists came to see the draft as an imposition of empire on themselves just as the war was an imposition of empire on the Vietnamese.59

SDS leader Greg Calvert encapsulated this emerging view in the idea of “revolutionary consciousness” in a widely influential speech at Princeton University that February. Arguing that students them- selves were revolutionary subjects, Calvert sought to distinguish radicals from liberals, and he advanced “revolutionary consciousness” as the basis for a distinct and superior morality: “Radical or revolutionary consciousness . . . is the perception of oneself as unfree, as oppressed— and finally it is the discovery of oneself as one of the oppressed who must unite to transform the objective conditions of their existence in order to resolve the contradiction between potentiality and actuality. Revolutionary consciousness leads to the struggle for one’s own freedom in unity with others who share the burden of oppression.”

The speech marked a watershed in the New Left’s self-conception. Coming to see itself as part of the global struggle of the Vietnamese against American imperialism and the black struggle against racist oppression, the New Left rejected the status quo as fundamentally immoral and embraced the morality of revolutionary challenge. From this vantage point, the Vietnam War was illegitimate, and draft resistance was an act of revolutionary heroism.

(300)

In their move to take greater leadership in organizing a revolutionary movement across race, the Black Panthers sought to make their class and cross-race anti-imperialist politics more explicit. They began featuring nonblack liberation movements on the cover of their news- paper, starting with Ho Chi Minh and the North Vietnamese. They began widely using the word fascism to describe the policies of the U.S. government. Then in July 1969, two weeks before the United Front Against Fascism Conference, the Panthers changed point 3 of their Ten Point Program from “We want an end to the robbery by the white man of our Black Community” to “We want an end to the robbery by the CAPITALIST of our Black Community”

The Black Panther Party held the United Front Against Fascism Conference in Oakland from July 18 to 21.

At least four thousand young radicals from around the country attended the conference. The delegates included Latinos, Asian Americans, and other people of color, but the majority of delegates were white. More than three hundred organizations attended, representing a broad cross-section of the New Left. In addition to the Young Lords, Red Guard, Los Siete de la Raza, Young Patriots, and Third World Liberation Front, attendees included the Peace and Freedom Party, the International Socialist Club, Progressive Labor, Students for a Democratic Society, the Young Socialist Alliance, and various groups within the Women’s Liberation Movement.

Bobby Seale set the tone for the conference, reiterating his oft-stated challenge against black separatism: “Black racism is just as bad and dangerous as White racism.” He more explicitly emphasized the importance of class to revolution, declaring simply, “It is a class struggle.” Seale spoke against the ideological divisiveness among leftist organizations, arguing that such divisiveness would go nowhere. What was needed, he said, was a shared practical program. He called for the creation of a united “American Liberation Front” in which all communities and organizations struggling for self-determination in America could unite across race and ideology, demand community control of police, and secure legal support for political prisoners.

(301)

The main outcome of the conference was that the Panthers decided to organize National Committees to Combat Fascism (NCCFs) around the country. The NCCFs would operate under the Panther umbrella, but unlike official Black Panther Party chapters, they would allow membership of nonblacks. In this way, the Black Panther Party could maintain the integrity of its racial politics yet step into more formal

(311)

The Black Panther Party’s anti-imperialist politics were deeply inflected with Marxist thought.

The Party’s embrace of Marxism was never rigid, sectarian, or dogmatic. Motivated by a vision of a universal and radically democratic struggle against oppression, ideology seldom got in the way of the Party’s alliance building and practical politics.

he asserted that unemployed blacks were a legitimate revolution- ary group and that the Black Panther Party’s version of Marxism transcended the idea that an industrial working class was the sole agent of revolution.

(312)

Nondogmatic throughout its history, the Black Panther Party worked with a range of leftist organizations with very different political ideologies—a highlight being its hosting of the United Front Against Fascism Conference in July 1969.10 The unchanging core of the Black Panther Party’s political ideology was black anti-imperialism. The Party always saw its core constituency as “the black community,” but it also made common cause between the struggle of the black community and the struggles of other peoples against oppression. Marxism and class analysis helped the Black Panthers understand the oppression of others and to make the analogy between the struggle for black liberation and other struggles for self-determination. While the Marxist content deepened and shifted over the Party’s history, this basic idea held constant.

(313)

. One of the Panthers’ early sources of solidarity and support was the left-wing movements in Scandinavia. The lead organizer of this support was Connie Matthews, an energetic and articulate young Jamaican woman employed by the United Nations Educational, Scientific, and Cultural Organization in Copenhagen, Den- mark. In early 1969, Matthews organized a tour for Bobby Seale and Masai Hewitt throughout Scandinavia to raise money and support for the “Free Huey!” campaign. She and Panther Skip Malone worked out the logistics of the trip with various left-wing Scandinavian organizations, enlisting their support by highlighting the class politics of the Black Panther Party.

(342)

In noninsurgent organizations, established laws and customs are assumed and largely respected. Maintaining organizational coherence may be challenging, but transgressions of law and custom are generally outside of organizational responsibility. Within insurgent organizations like the Black Panther Party, law and custom are viewed as oppressive and illegitimate. Insurgents view their movement as above the law and custom, the embodiment of a greater morality. As a result, defining acceptable types of transgression of law and custom, and maintaining discipline within these constraints, often poses a serious challenge for insurgent organizations like the Black Panther Party. What sorts of violation of law and custom are consistent with the vision and aims of the insurgency?

(343)

By the fall of 1968, as the Party became a national organization, it had to manage the political ramifications of actions taken by loosely organized affiliates across the country. The Central Committee in Oak- land codified ten Rules of the Black Panther Party and began publishing them in each issue of the Black Panther. These rules established basic disciplinary expectations, warning especially against haphazard violence that might be destabilizing or politically embarrassing. They prohibited the use of narcotics, alcohol, or marijuana while conducting Party activities or bearing arms. The Party insisted that Panthers use weapons only against “the enemy” and prohibited theft from other “Black people.” But they permitted disciplined revolutionary violence and specifically allowed participation in the underground insurrectionary “Black Liberation Army.”

(344)

The Black Panther Party derived its power largely from the insurgent threat it posed to the established order—its ability to attract members who were prepared to physically challenge the authority of the state. But this power also depended on the capacity to organize and discipline these members. When Panthers defied the authority of the Party, acted against its ideological position, or engaged in apolitical criminal activity, their actions undermined the Party, not least in the eyes of potential allies. The Panthers could not raise funds, garner legal aid, mobilize political support, or even sell newspapers to many of their allies if they were perceived as criminals, separatists, or aggressive and undisciplined incompetents. The survival of the Party depended on its political coherence and organizational discipline.

As the Party grew nationally and increasingly came into conflict with the state in 1969, maintaining discipline and a coherent political image became more challenging. The tension between the anti- authoritarianism of members in disparate chapters and the need for the Party to advance a coherent political vision grew. One of the principal tools for maintaining discipline—both of individual members and of local chapters expected to conform to directives from the Central Committee—was the threat of expulsion.

(345)

Hilliard explained the importance of the purge for maintaining Party discipline: “We relate to what Lenin said, ‘that a party that purges itself grows to become stronger.’ The purging is very good. You recognize that there is a diffusion within the rank and file of the party, within the internal structure of the party.

As the Party continued to expand in 1969 and 1970, so did conflicts between the actions of members in local chapters across the country and the political identity of the Party—carefully groomed by the Central Committee.

(346)

The resilience of the Black Panthers’ politics depended heavily on sup- port from three broad constituencies: blacks, opponents of the Vietnam War, and revolutionary governments internationally. Without the sup- port of these allies, the Black Panther Party could not withstand repressive actions against them by the state. But beginning in 1969, and steadily increasing through 1970, political transformations undercut the self-interests that motivated these constituencies to support the Panthers’ politics.

(351)

Cuban support for the Black Panthers also shifted during the late 1960s. When Eldridge Cleaver fled to Cuba as a political exile in late

1968, Cuba not only provided safe passage and security but promised to create a military training facility for the Party on an abandoned farm out- side Havana. This promise was consistent with the more active role Cuba had played in supporting the Black Liberation Struggle in the United States in the early 1960s, when it sponsored the broadcast of Robert Williams’s insurrectionary radio program “Radio Free Dixie,” as well as publication of his newspaper, the Crusader, and his book Negroes with Guns. But, as the tide of revolution shifted globally toward the end of the decade, security concerns took on higher priority in Cuban policy. Eager to avoid provoking retaliation from the United States, Cuba distanced itself from the Black Liberation Struggle, continuing to allow exiles but refraining from active support of black insurrection. The government never opened a military training ground for the Panthers, instead placing constraints on the political activities of Panther exiles.34

As the United States scaled back the war in Vietnam; reduced the military draft; improved political, educational, and employment access for blacks; and improved relations with former revolutionary governments around the world, the Black Panthers had difficulty maintaining support for politics involving armed confrontation with the state.

More comfortable and secure with the ability of mainstream political institutions to redress their concerns—especially the draft—liberals went on the attack, challenging the revolutionary politics of the Black Panther Party.

(352)

Many Panthers hoped that Huey would resolve the challenges the Party faced and lead them successfully to revolution. But his release had the opposite effect, exacerbating the tensions within the Party. Some rank-and-file Panthers took Huey’s long-awaited release as a pre- lude to victory and a license to violence, and their aggressive militarism became harder to contain. Organizationally, the Party had grown exponentially in Newton’s name but was actually under the direction of other leaders. His release forced a reconfiguration of power in the Party.

Paradoxically, Newton’s release also made it harder for the Party to maintain support from more moderate allies. It sent a strong message to many moderates that—contrary to Kingman Brewster’s famous statement three months earlier—a black revolutionary could receive a fair trial in the United States. The radical Left saw revolutionary progress in winning Huey’s freedom, but many moderate allies saw less cause for revolution.

(359)

The Panther 21 asserted that the Black Panther Party was not the true revolutionary vanguard in the United States and hailed the Weather Underground as one of, if not “the true vanguard.” In line with the vanguardist ideology of the Weather Underground, the Panther 21 argued that it was now time for all-out revolutionary violence that they believed would attract a broad following and eventually topple the capitalist economy and the state

(361)

Dhoruba Bin Wahad explained his decision to desert the Black Panther Party as a response to the increasing moderation of Newton, Hilliard, and the Central Committee and their efforts to appease wealthy donors. In a public statement in May 1971, Dhoruba wrote,

We were aware of the Plots emanating from the co-opted Fearful minds of Huey Newton and the Arch Revisionist, David Hilliard… . Obsession with fund raising leads to dependency upon the very class enemies of our People. . . . These internal contradictions have naturally developed to the Point where those within the Party found themselves in an organization fastly approaching the likes of the N.A.A.C.P.—dedicated to modified slavery instead of putting an end to all forms of slavery.67

(391)

To this day, small cadres in the United States dedicate their lives to a revolutionary vision. Not unlike the tenets of a religion, a secular revolutionary vision provides these communities with purpose and a moral compass. Some of these revolutionary communities publish periodicals, maintain websites, collectively feed and school their children, and share housing. But none wields the power to disrupt the status quo on a national scale. None is viewed as a serious threat by the federal government. And none today compares in scope or political influence to the Black Panther Party during its heyday.

The power the Black Panthers achieved grew out of their politics of armed self-defense. While they had little economic capital or institutionalized political power, they were able to forcibly assert their politi- cal agenda through their armed confrontations with the state.

The Black Panther Party did not spring onto the historical stage fully formed; it grew in stages. Newton and Seale wove together their revolutionary vision from disparate strands.

(392)

Nixon won the White House on his Law and Order platform, inaugurating the year of the most intense direct repression of the Panthers. But the Party continued to grow in scope and influence. By 1970, it had opened offices in sixty-eight cities. That year, the New York Times published 1,217 articles on the Party, more than twice as many as in any other year. The Party’s annual budget reached about $1.2 million (in 1970 dollars). And circulation of the Party’s newspaper, the Black Panther, reached 150,000.3

The resonance of Panther practices was specific to the times. Many blacks believed conventional methods were insufficient to redress persistent exclusion from municipal hiring, decent education, and political power.

(395)

The vast literature on the Black Liberation Struggle in the postwar decades concentrates largely on the southern Civil Rights Movement. Our analysis is indebted to that literature as well as to more recent historical scholarship that enlarges both the geographic and temporal scope of analysis.5 Thomas Sugrue in particular makes important advances, calling attention to the black insurgent mobilizations in the North and West, and to their longue durée.This work, however, fails to analyze these mobilizations on their own terms, instead seeking to assimilate these black insurgencies to a civil rights perspective by presenting the range of black insurgent mobilizations as claims for black citizenship, appeals to the state—for full and equal participation. This perspective obscures the revolutionary character and radical economic focus of the Black Panther Party.

(398-399)

The broader question is why no revolutionary movement of any kind exists in the United States today. To untangle this question, we need to consider what makes a movement revolutionary. Here, the writings of the Italian theorist and revolutionary Antonio Gramsci are instructive: “A theory is ‘revolutionary’ precisely to the extent that it is an element of conscious separation and distinction into two camps and is a peak inaccessible to the enemy camp.”17 In other words, a revolutionary theory splits the world in two. It says that the people in power and the institutions they manage are the cause of oppression and injustice. A revolutionary theory purports to explain how to overcome those iniquities. It claims that oppression is inherent in the dominant social institutions. Further, it asserts that nothing can be done from within the dominant social institutions to rectify the problem—that the dominant social institutions must be overthrown. In this sense, any revolutionary theory consciously separates the world into two camps: those who seek to reproduce the existing social arrangements and those who seek to overthrow them.

In this first, ideational sense, many insurgent revolutionary movements do exist in the United States today, albeit on a very small scale. From sectarian socialist groups to nationalist separatists, these revolutionary minimovements have two things in common: a theory that calls for destroying the existing social world and advances an alternative trajectory; and cadres of members who have dedicated their lives to advance this alternative, see the revolutionary community as their moral reference point, and see themselves as categorically different from everyone who does not.

More broadly, in Gramsci’s view, a movement is revolutionary politically to the extent that it poses an effective challenge. He suggests that such a revolutionary movement must first be creative rather than arbitrary. It must seize the political imagination and offer credible proposals to address the grievances of large segments of the population, creating a “concrete phantasy which acts on a dispersed and shattered people to arouse and organize its collective will.”18 But when a movement succeeds in this task, the dominant political coalition usually defeats the challenge through the twin means of repression and con- cession. The ruling alliance does not simply crush political challenges directly through the coercive power of the state but makes concessions that reconsolidate its political power without undermining its basic interests.19 A revolutionary movement becomes significant politically only when it is able to win the loyalty of allies, articulating a broader insurgency.20

In this second, political sense, there are no revolutionary movements in the United States today. The country has seen moments of large-scale popular mobilization, and some of these recent movements, such as the mass mobilizations for immigrant rights in 2006, have been “creative,” seizing the imagination of large segments of the population. One would think that the 2008 housing collapse, economic recession, subsequent insolvency of local governments, and bailout of the wealthy institutions and individuals most responsible for creating the financial crisis at the expense of almost everyone else provide fertile conditions for a broad insurgent politics. But as of this writing, it is an open question whether a broad, let alone revolutionary, challenge will develop. Recent movements have not sustained insurgency, advanced a revolutionary vision, or articulated a broader alliance to challenge established political power.

In our assessment, for the years 1968 to 1970, the Black Panther Party was revolutionary in Gramsci’s sense, both ideationally and politically. Ideationally, young Panthers dedicated their lives to the revolution because—as part of a global revolution against empire—they believed that they could transform the world. The revolutionary vision of the Party became the moral center of the Panther community.

(401)

While minimovements with revolutionary ideologies abound, there is no politically significant revolutionary movement in the United States today because no cadre of revolutionaries has developed ideas and practices that credibly advance the interests of a large segment of the people. Members of revolutionary sects can hawk their newspapers and proselytize on college campuses until they are blue in the face, but they remain politically irrelevant. Islamist insurgencies, with deep political roots abroad, are politically significant, but they lack potential constituencies in the United States.

No revolutionary movement of political significance will gain a foot-hold in the United States again until a group of revolutionaries develops insurgent practices that seize the political imagination of a large segment of the people and successively draw support from other constituencies, creating a broad insurgent alliance that is difficult to repress or appease. This has not happened in the United States since the heyday of the Black Panther Party and may not happen again for a very long time.

Notes from CastroChavism: Organized Crime in the Americas

CastroChavism: Organized Crime in the Americas by José Carlos Sánchez Berzaín, Bolivia’s former Minister of Defense and the author of XXI Century Dictatorship in Bolivia.

(16)

[Venezuela and Bolivia] are dictatorships that reach[ed] power through elections and through successive coups that liquate democracy.

(17)

The two Americas make up an axis of confrontation in which perpetual and arbitrary control of power, on the one handed, branded dictatorship with ideology as a pretext; versus democracy, with respect for human rights, alternation in power, accountability and free elections, declaratively protected by the inter-American system, enshrined – among others – in the inter-American democratic charter.

From 1959 to 1999, the Cuban dictatorship is “Castroism.” From 1999 onwards it is “Castrochavismo,” led by Hugo Chavez until his death.

(18-19)

It began as progressive leftist populism, and was successively called ALBA Movement (Bolivarian Alliance for the Peoples of Our America); the Bolivarian Movement; and after a few years Socialism of the 21^st Century.

Castro receives a new source of financing for his conspiratorial and criminal actions with Chavez’s surrender not only of Venezuela’s money and oil but, as we have learned today, of the entire country. This allowed the dictator to reactivate genuine Castroism under the mantle of the Bolivarian Movement, or ALBA, and disguise it as democracy. With Venezuela’s money he started conspiracies, which led to the fall and overthrow of democratic leaders. The first one occurs in Argentina, with the fall of President De La Rua. The second happens in Ecuador and it is Jamil Mahuad who pays the proce. The Third one is the overthrow of President Gonzalo Sanches de Lozada in Bolivia. The fourth is in Ecuador, with the fall of President Lucio Gutierrez. They also overthrew the OAS Secretary General, Miguel Angel Rodriguez, who had just been elected. A false case of corruption was planted in Costa Rica, where Rodriguez ends up being illegally detained, making room for Insulsa to arrive.

The nascent CastroChavista organization expands with Lula da Silva taking power in Brazil with the Workers Party, whose government he used to strengthen the extraordinary flow of economic resources with transnational corruption .A sample of such crimes include the infamous case of “Lava Jato – Odebrecht”

The destruction of democracy becomes noticeable in the exiles, who had been purely Cuban and are now regional – waves of Venezuelans Bolivians, Nicaraguans, Ecuadorians, Argentines, and Central Americans.

(21)

An electoral dictatorship is a political regime that by force or violence concentrates all power in a person or in a group or organization that repressed human rights and fundamental freedoms and uses illegitimate elections, neither free no fair, with fraud and corruption, to perpetuate itself indefinitely in power.”

(23)

Cuba, Venezuela, Bolivia and Nicaragua… are criminal entities that must be separated from politics and must be treated as transnational organized crime from within the framework of the Palermo Convention and other norms, without the immunities or privileges inherent to the heads of State or government.

(24)

Castrochavista dictatorships are in crisis, but are not defeated. They are called out as regimes that violate human rights, that have no rule of law, where there is no division or independence of public powers, and that are narco States and creators of poverty. To remain in power, they apply the uniform strategy of “resisting at all costs, destabilizing democracies, politicizing their situation and negotiating.”

The first element of this strategy, of “retention of all power at all costs,” can be seen in Nicaragua, Venezuela and Cuba – where they imprison and torture political prisoners. The President of the Human Rights assembly in Bolivia has just reported that there are 131 deaths without investigation from killings that the government has committed, and there are more than 100 political prisoners.

(25)

The second element of their strategy is to “destabilize democracies,” for which they conspire against those who accuse them and against the governments that defend democracy. The destabilization range from false news and character assassination of leaders whom they designate as right wing, to criminal acts of terrorism, kidnappings and narco guerrillas.

The third element of their strategy is to “politicize their situation and their criminal acts.” When the dictatorships in Cuba, Venezuela, Bolivia, Nicaragua improperly imprison a citizen, when they torture them, when they evn kill them – they call it defense of the revolution.

These four dictatorships are narco states and, to justify themselves, they argue that “drug trafficking is an instrument of struggle for the liberation of the peoples”

Evo Morales in 2016 at the United Nations said that “the fight against drug trafficking is an instrument of imperialism to oppress the peoples”.

Jesus Santrich fled from Colombia to Venezuela, proclaiming that he had been persecuted by the right. The bosses of the ELN narco-guerrillas of Colombia are under protection in Cuba.

The third element of Castrochavismo, which consists in politicizing their crimes, serves to ensure that when they kill any person they say that they are defending the revolution. When they torture they say they defend the popular process of liberation of peoples and so on.

The fourth element of Castrochavista strategy is to “negotiate”. They negotiate in order to gain time, demoralize the adversary, collect bills from their allies or extort money from third states to gain their support or at least neutralize them.

From these four elements, they survive.

(27)

Political events are based on respect for the “rule of law,” which is simply that “no one is above the law,” on the temporality of public service, on accountability and public responsibility, where you can take on an adversary. But organized crime has no adversaries, it has enemies and the difference between an adversary and an enemy is that the former is defeated or convinced, whereas the latter is eliminated, and this explains the number of crimes that Castrochavismo commits in the Americas.

(30)

The peoples of Cuba, Venezuela, Nicaragua and Bolivia are fighting against the dictatorships that oppress them, but it is not a local or national oppressor, they take on a transnational enemy, united by the objective of retaining power indefiniately as the best mechanism for impunity.

Castrochavismo as a transnational organized crime structure is a very powerful usurper with a lot of money, a lot of criminal armed forces, control of many media and many mercenaries of various specialties at its service, which has put the peoples they oppress in a true and extreme “defenseless condition.”

As long as there are dictatorships there will be no peace or security in the Americas.

(33)

It is vital to differentiate and separate that which is “politics” meaning an activity of public service, from that which is “organized crime” and “delinquency.” Politics with its ideologies, pragmatisms, imperfections, errors, crises, even tainted by corruption is one thing, but another very different things is politics and power under the control of associated criminals who turn their politics into their main instrument for the commission of crimes, the setting up of criminal organizations, the seizure and indefinite control of power with criminal objectives and for the sake of their own impunity.

Politics is legal, meaning that it is conducted in pheres considered to be “just, allowed, according to justice and reason” because it is of order and public service….

(35)

Castro, Maduro, Ortega and Morales are not politicians, they are not corrupted government – they are organized delinquency that holds political power and plans to indefinitely keep holding it. They can no longer keep being treated as politicians, and least of all as State Dignitaries.

(42)

CastroChavist is the label for Fidel Castro and Hugo Chavez’s undertaking that, using the subversive capabilities of the Cuban dictatorial regime and Venezuelan oil, has resurrected – commencing in 1999, the expansion of Castroist, antidemocratic communism with a heavy antiimperialist discourse.

(46-47)

What is happening in Venezuela today is the result of almost two decades of progressive and sustained abuses to freedom and democracy, violation of human rights, persecutions, electoral fraud, corruption, violation of the sovereignty of the country, theft of government and private resources, killing of the freedom of the press, elimination of the rule of law, disappearance of the separation and independence of the branches of government, control of the opposition, imprisonment and forced exile of political opponents, narcotics trafficking and all that may be necessary to make Venezuela a Castroist-model dictatorial “narco-state with a humanitarian crisis.”

The international democratic community has understood that for the sake of their own interests and security, it must preclude Venezuela from turning into the second consolidated dictatorship of the Americas, and prevent the dictatorships of Bolivia and Nicaragua from following that path. Liberating Venezuela is a strategic necessity.

(49)

In Bolivia, the top and perpetual leader of the coca leaf harvesters, Evo Morales, is the head of the Purinational State of Bolivia wherein “by decree of law” he has increated the lawful cultivation of coca by 83% from 12,000 hectares to 22,000 hectares and has increased the cultivation of unlawful coca from the existing 3,000 hectares in 2003 – the year they toppled President Sanchez de Lozada – to the current 50,000 hectares.

Evo Morales’ drug czar Colonel Rene Sanabria was arrested by the DEA for cocaine trafficking and has been sentenced by US judges to 15 years in jail.

(55)

In democracy, corruption is not the rule but the flaw, it is the violation of normalcy, “the misuse of government power to get illegitimate advantages, generally in a secret or private way”, it is “the consistent practice of utilizing the functions and means of the government for the benefit – whether this benefit be financial or otherwise – of those who are involved with it.” In a democracy, there are investigations, prosecution, and punishment with accountability, there is separation and independence of the branches of government, the Rule of Law exists, and there is freedom of the press. On the other hand, however, in dictatorships, corruption is the means, the cause, and the end objective of getting to, and indefinitely remaining in power.

(61)

The Venezuelan dictatorship is the Gordian knot the keeps the Venezuelan people from recovering their freedom and democracy, one that at the same time sustains dictatorships in the America, specifically in Cuba, Bolivia, and Nicaragua as a system of Transnational Organized Crime – they are a real danger not only for this region, but the whole world.

(62)

The hub of narcotics trafficking that Venezuela has been turned into, with the Colombian FARC’s cocaine and with Evo Morales’ coca growers’ unions from Bolivia, has penetrated the entire region and impacts the whole world with serious consequences in security and the wellbeing of people.

(65)

A well-orchastrated international system of public relations, lobbyists who work for the Cuba-Venezuela-Bolivia-Nicaragua group, the subjecting of PetroCaribe countries with bribes of Venezuelan oil, it’s penetration into international organizations, its control over the national news media and its creation and influence over international media, its collusion with important magnates and businessmen, and its repetitive anti-U.S. discourse along with its opening to Russia, China, North Korea, and Iran, have all been factors – that have allowed the existence of the Ortega’s Crime Dictatorship in Nicaragua.

(67)

Cuba with the Castro’s, Venezuela with Chavez and Maduro, Bolivia with Evo Morales, Nicaragua with Daniel Ortega, and Ecuador with Rafael Correa, replaced freedom of the press with a system of control of the information with prior censorship, self-censorship, financial and judicial repression. They appropriated themselves – through transfers under duress, seizures, intervention, and violence – of private news media in order to place them at their service, they have supported and created state media, founded and funded regional media, they manage the official propaganda as a mechanism for extorsion, they use taxes as a means of pressure and retribution, they extort companies regarding the assignment of propaganda, they start and sustain “assassination of reputation” campaigns against journalists and owners of news media.

(74)

Crimes committed by the 21^st Century Socialist Regimes range from persecution with the aim of physical torture and killing, judicial trials with false accusations heard by “despicable judges”, the application of the regime’s pseudo-laws violating human rights or of “despicable laws”, restricting freedom of speech or freedom to work, to be employed, or discharge a profession, assassinating the individuals reputation to convert the wrongly accused as an undesirable, subjecting the person into a condition of being defenseless, depriving him/her of a job and much more.

(75)

…they’ve replaced politics with criminal practices in order to totally and indefinitely control political power.

Extortion is a key feature of the Castrochavista methods that is further proof of the Transnational Organized Crime nature of these dictatorships.

Extortion is “the pressure exerted on someone – through threats – to compel them to act in a certain way and obtain a monetary or other type of benefit.” The legal definition of extortion includes “the intimidation or serious threat that restricts a person to do, tolerate the doing or not doing of something for the purpose of deriving a benefit or undue advantage for one’s self or someone else.”

The Castrochavista constitutions have established “the law’s retroactivity” and have suppressed or limited parliamentary immunities in order to keep extorting members of the opposition.

Judges, prosecutors and even attorneys are extorted. Several cases corroborate this, cases, such as Venezuela’s Judge Maria Lourdes Afiuni’s jailing, violations, and tortures; the fired prosecutors and judges who were afterwards prosecuted in the case of Magistrate Gualberto Cusi in Bolivia, as well as the jailing of defense attorneys; the persecution and exile of Magistrates from Venezuela’s Supreme Justice Tribunal “ the legitimate one in exile,” or that of Attorney General Ortega, the assassination of Prosecutor Alberto Nisman in Kirchner’s Argentina, and dozens more.

The imprisonment, torture, humiliations, assassinations, and exile started as extrortions and are dictatorial warning operations in order to ensure the submission of the system it manipulates “setting precedents” of its decision to use extortion to obtain benefits for the dictator and his Organized Crime group who is called government. Benefits range from financial gain, cover up, and impunity, to the indefinite tenure in government.

(78)

Cornered by crises, the dictatorships of Cuba, Venezuela, Nicaragua and Bolivia, have gone into an attack more and the meeting of the Sao Paulo Forum in Havana was the scenario to launch their new phase of destabilization.

Dictatorships attack with forced migration, the generation of internal violence, and destabilization.

(79)

All of the region’s democratic countries are under the pressure of forced migration caused by Venezuela’s dictatorship that has converted on of its shameful problems into a problem for the whole region. Democracies must now deal with problems in: their security, unemployment, provision of health care, their handling of massive numbers of people in transit, identification issues, budgets, and human rights, all because the Castrochavista criminal regime of Nicolas Maduro has transformed its crimes and its effects into a political weapon. Very similar to the so-called “Mariel’s exodus” promoted by Dictator Fidel Castro against the United States, but many folds greater and for an indefinite period.

(81)

The Sao Paulo Forum is 1990 was the dictatorial reaction to the crash of Soviet Communism and was gathered, for the first time, with the objective of addressing the international scenario following the fall of the Berlin Wall and to confront the “neo-liberal” policies. It is the tool with which the Castroist dictatorship formulated the “multiplication of the confrontation axis” strategy, going beyond class struggles to the fight against any elements that may be useful to destabilize democratic governments.

The 21^st Century in the Americas is the history of the Castro-Chavista buildup…

The worn-out cliché of “liberation of the peoples” as an “anti-imperialist” argument and slogan for massive demonstrations, has remained to become “the people’s oppression” that is corroborated by the quantity of massacres, assassinations, torture, political prisoners, exiles, and the daily life the people must endure.

(83)

It has become necessary for Americas’ leaders and politicians to clearly differentiate themselves from the criminals who hold power in Cuba, Venezuela, Nicaragua and Bolivia. Not doing so implies the assumed risk of being accomplices and concealers.

(89)

The price for Pablo Iglesias and PODEMOS backing to the investiture of the PSOE would be the sustainment of the dictatorships for which Iglesias works and their funding, are now amply evident in Spain’s new foreign policy aiming to sustain the CastroChavista dictatorships of Cuba, Venezuela, Nicaragua and Bolivia.

(92)

Is the use of force the only options for the dictatorships to leave?

Cuba, Venezuela, Nicaragua and Bolivia are under regimes that after applying all possible simulations and misrepresentations in order to be a revolution, a democracy, populist, leftist, and socialist governments but are nothing by Organized Crime’s organizations that hold power by force.

Alleging self-determination of the nation state while oppressing the citizens and violating their human rights is but another flaw of the CastroChavista dictatorships.

(95)

The parameters to qualify a regime as a dictatorship, an Organized Crime dictatorship, and a criminal government, are set out but existing universal and regional standards, such as: the United Nations Charter, the Universal Declaration of Human Rights, the Charter of Bogota, the Convenant of San Jose, the European Union Treaty, the Palermo Conventions, the Interamerican Democratic Charter, and many more.

(102)

The dictatorial nature of a regime is proven by its violation of all essential components of democracy through the supplanting of the democratic order, manipulation of constituent referendums, consults and elections, down to the imposition of a fraudulent legal framework, a “legal” scheme, that nowadays is the legal system in existence in Venezuela, Nicaragua, Bolivia and Correa’s Ecuador.

(105)

Why Abstention?

To run as a candidate in a dictatorship is to dress up a tyrant as a democrat.

(106)

For elections to be free and fair, there must be “conditions of democracy” in existence, this is the minimum presence of the essential components of democracy that will enable all citizens to be wither voters or be elected, will guarantee an equity of options to the candidates, transparency in the process, impartiality in the electoral authorities, offer guarantees of resources with impartial judges, with freedom of association, freedom of expression, freedom of the press, and guarantees against electoral fraud, timeliness and more.

(109)

In 1961, Cuba’s dictatorship birthed; Nicaragua’s National Liberation Army (ELN) afterwards converted into the Sandinista National Liberation Front (FSLN), then later converted into the 13^th of November Revolutionary Movement (MR13N), and the Revolutionary Armed Forced (FAR) in Guatemala. In 1962, it birthed Venezuela’s National Liberation Armed Forces (FALN), the Colombian Self-Defense Forces turned into the Southern Block Forces afterwards turned into the Colombian Armed Revolutionary Forces (FARC). In Peru, it birthed the National Liberation Army (ELN) and the Leftist Revolutionary Movement (MIR), in Bolivia the National Liberation Army (ELN), in Uruguay the Tupamaros, as an urban guerrilla, in Argentina the Montoneros, and in the 70’s the People’s Revolutionary Army (ERP), in Brazil the Revolutionary Movement 8 (MR*), and many more. The Castroist movement did no spare any country from staining it with the blood of guerrillas.

(120)

The OAS has two charters; the Charter of Bogota which birthed the organization and the Interamerican Democratic Charter, with which democracy was institutionalized.

Article 1 of the IDC mandates that “America’s people haec the right to democracy and their government has the obligation to promote and defend it.”

(123)

The Palermo Convention for Human Trafficking should be applied to the Cuban physicians.

(134)

What dictator Nicolas Maduro and his regime insist in presenting as “elections” is a chain of serious crimes to misrepresent the popular sovereignty, sustain the narco-state, and guarantee himself impunity. The “organized crime group” that hold power has committed, and is willing to commit, whatever crime may be necessary to continue receiving the criminal benefits that have taken Venezuela to the current state of its ongoing crisis.

(188)

Fear is an essential component of dictatorships, this is why they kill the “Rule of Law” and supplant it with the “Rule of the State” with despicable laws to enable them to persecute, imprison, dishonor and wrest the property of, citizens.

The foreign enemy is useful in order to blame the United States for all disastrous results from the organized crime that holds political power, such as what the Castros’ have done for so many years and now Maduro, Morales, and their thugs do.

Cuba, Venezuela, Nicaragua, and Bolivia claim the “right” conspires, pays politicians, and wants them toppled, attributing to themselves the position of being “leftist”, socialist, and communist when in reality they are criminal “fascists” whose sole ideology and objective is the total and indefinite control of power along with their illicit enrichment.

(193)

Odebrecht is one of the Brazilian companies implicated in the Forum of Sao Paulo’s criminal network implemented by Lula de Silva with the dictators Fidel Castro and Hugo Chavez with the payments of millions of dollars in bribes.

(202)

Hugo Chavez allied himself with Fidel Castro in 1999 when Cuba agonized during it’s “special period” as a parasite state that, since the breakdown of the Soveit Union, did not have a way to survive. With Venezuela’s oil, Chavez salvaged the only dictatorship there was at that time in the Americas and kick started the recreation of Castroist expansionism under the labels of the Bolivarian Movement, ALBA, and 21^st Century Socialism and that is today known as “CastroChavismo”.

Pitaya

Cape Sundew – Drosera Capensis

Pitcher Plant

Suculenta Kalanchoe Humilis

Venus Flytrap

Rambutan Tree

Fig Tree

Black Against Empire: The History and Politics of the Black Panther Party