The military and intelligence community are run by strict sets of doctrine, authorities, regulations, instructions, directives… the list goes on – this is not the same for the private sector. Each company, team, and division may have specific naming conventions for special projects. I first learned about Open-Source Intelligence (OSINT) while serving for the US Army Special Operations Command circa 2016 and quickly realized the power of publicly available information (PAI) synthesized into finished ‘intelligence.’ You think OSINT is just Googling stuff? Think again.
Open-Source Intelligence (OSINT) is the practice of gathering and analyzing information from publicly available sources to gain valuable insights and make informed decisions to understand trends, assess risks, and identify opportunities. It combines human intuition with advanced technology to uncover actionable intelligence.
The Department of Defense (DOD) and the Intelligence Community (IC) took their time updating the definition of OSINT, at the request of Congress, but has since published a Strategy focused on Open-Source Intelligence. This signifies the government’s emphasis on a discipline that has been taken for granted for far too long.
OSINT offers a range of solutions to address a variety of challenges, including advanced analytics tools, threat intelligence platforms, and digital risk monitoring services. By leveraging OSINT technologies, the commercial sector can enhance their cybersecurity posture, detect and prevent fraud, ensure regulatory compliance, manage reputation risks, and ultimately, safeguard their assets and reputation in an increasingly complex and interconnected world. We spoke to InfoSecurity Magazine about how OSINT is being adopted to address this.
‘OSINT’ has become an umbrella term to encompass, or compliment, so many business processes. Confusion arises among teams, departments, divisions all using PAI and calling it intelligence. The collection of publicly, or commercially, available information and data can be synthesized into intelligence used to gain either a commercial or geopolitical edge. A common understanding and uniform lexicon across the private sector is needed. Here are just a few terms I have seen used in the commercial sector where OSINT is found:
- Risk Management
- Supply Chain Risk Management
- Threat Intelligence
- Financial Compliance
- Insider Threat[s]
- Due Diligence/Human Resources
- Social Engineering
- Information Security (INFOSEC)
- Identity Management
- Reputational Risk
- Insurance Fraud
- Identity Theft
- Tax Fraud
- Healthcare Fraud
- Credit Card Fraud
- Public Counterintelligence
- Corporate Espionage
- Intellectual Property Theft or Infringement
- Data Analytics
- Business Intelligence
…and many, many more.
More information is public every day. The International Telecommunication Union (ITU) claims there were more than 8.58 billion mobile subscriptions in use worldwide in 2022, compared to a global population of 7.95 billion in 2022 – each giving off unique, public data points used to quantify…just about anything. Along with more than 8.5 billion devices, approximately 328.77 million terabytes of data are created each day – and it is growing exponentially. In addition to the overwhelming amount of data and information, the world is more dangerous today for multi-national companies than any time since World War II.
Navigating international supply chains, sanctions compliance, loss prevention, or state, or non-state, cyber threats [boosted by generative AI] is difficult – OSINT can help. Commercially Available Information (CAI) offers new and exciting ways to analyze information as well. Not long ago, net flow data (Internet Protocol traffic information) was highly classified within government and service providers’ vaults, now it’s publicly available – if you know where to look. This allows companies to monitor cyber threats and identify the origins of threats. Geospatial Intelligence (GEOINT) and imagery was once reserved for exquisite government programs and intelligence agencies – not anymore. Commercial satellite imagery companies are integrating exciting AI and ML software meant to rapidly identify objects at a dizzying pace. 223 attempted space launches were recorded in 2023, up from 186 in 2022, and more than double the 85 attempts made in 2016. The commercial applications are endless.
Building an OSINT team or augmenting a security division that can imagine and prevent real risks has never been easier. While the West recovers from more than 20 years of a War on Terror, more intelligence-minded talent spills into the private sector with skill-sets unique to the current geopolitical environment. Renowned Professor and author, Thomas Rid, notes in Makers of Modern Strategy, that
“Throughout the twentieth century, counterintelligence and covert action operators had skills and experiences that were not adequately valued by the market outside the government’s intelligence community. Specifically trained and skilled individuals were, effectively limited to one employer: their own government. Intelligence specialists worked in intelligence agencies, and counterintelligence specialists worked in counterintelligence agencies. No longer.”
The threats are real and growing. ShadowDragon offers products to manage any private sector risk. With nearly 300 source and data integrations, we can arm and equip your team with the tools needed to tackle any security risks or challenges faced.
Contact us to talk about how we can help: [email protected]