Using OSINT as Part of the Intelligence Cycle

I. An Introduction to the "Intelligence Cycle"

Open source intelligence (OSINT) is an intelligence-collection methodology that has exploded (greatly increased in size) in recent years. Even "all-source" intelligence operations look to OSINT professionals to help them enhance their capabilities. As I see more people "getting into OSINT" and producing their own products "using OSINT," I wanted to make sure that OSINT, as a kind of intelligence product, is being processed through the Intelligence Cycle.

I understand that OSINT enthusiasts enjoy finding new online tools and methods to find people, places, and detailed information about them. However, the Intelligence Cycle is a research methodology that improves the quality of finished intelligence, even if that intelligence derived from open source information (OSINF). . . .

I.a. The Purpose of this Article is to Help YOU!

The purpose of this essay is to help aspiring OSINT researchers to ramp up their game, improve their performance, and create more reputable intelligence products that other consumers in the industry would like to have. It is my hope that once you understand and see the value in knowing the Intelligence Cycle, you can improve your personal brand, a more knowledgeable professional in an industry where even seasoned experts get comfortable (or lazy) and neglect to incorporate what they learned in their first year of training.

In this essay, I rely on the Intelligence Cycle description provided by the United States' (US) Office of the Director of National Intelligence (ODNI), the highest office in the US government (USG) that regulates the rest of the US intelligence community (IC)--e.g. Central Intelligence Agency (CIA), National Security Agency (NSA), Defense Intelligence Agency (DIA), and more. . . .

I.b. The Intelligence Cycle - How Many Steps?

According to ODNI (n.d.), the Intelligence Cycle consists of six elements, steps, or phases: 1) Planning, 2) Collection, 3) Processing, 4) Analysis, 5) Dissemination, and 6) Evaluation. Some IC professionals categorize these into four, five, or seven phases (Stark 2016; Rocha, 2015; Lahneman, n.d.). We present it the way ODNI shares it, because that office is positioned to serve as the standard of the nation's intelligence apparatus, and, by extension, the world's. Also, we are confident if you review the steps presented here and compare them with those presented by Stark (2016), Rocha (2015), Lahneman (n.d.), and others, then you will find practically the same research process just categorized differently.

We have also designed this article for emerging private intelligence companies. The USG is increasingly reaching out to partner with private-sector services, like intelligence providers, in general, and OSINT specialists, in particular. The consumers of OSINT intelligence can be either long-established government entities or private sector individuals and organizations new to intelligence. Businesses from every industry are discovering their need for intelligence, and OSINT operations must familiarize themselves with how the Intelligence Cycle pertains to them to remain competitive, relevant, and impactful. . . .

II. On the Planning Phase of the Intelligence Cycle

ODNI (n.d.) explains that "policymakers . . . determine what issues need to be addressed and set intelligence priorities." These "intelligence priorities" then initiate the planning stage of the Intelligence Cycle. In a cyclical, perpetual sense, the planning phase of the intelligence cycle is never-ending, always presupposing previous intelligence priorities set by governmental policy-makers. As ODNI states, "We begin with an awareness of what has previously been collected to inform plans for new intelligence gathering and analysis. Some issues . . . are ongoing subjects of interest." The same can be true for private sector intelligence as well.

For instance, in a lecture at the 2022 FS-ISAC Europe Summit, B. Kime (2022)--a representative from global cybersecurity firm ZeroFox--explained, "It is my opinion that a lack of robust planning and management for threat intelligence operations is what holds security teams back from truly becoming a proactive, intelligence-driven function" (emphasis added, "The Traditional Threat Intelligence Cycle," para. 4). In other words, a lack of planning in the intelligence cycle can significantly damage the outcome--final intelligence product--and thus damage the consumer's efforts, whether they be public or private consumers of said intelligence products. That is, without competent planning, the entire intelligence cycle is thus ruined and may likely result in bad intelligence or intelligence failures. . . .

III. On the Collection Phase of the Intelligence Cycle

Collecting information as part of the Intelligence Cycle is much like collecting fruit, vegetables, nuts, and other edible items from trees, bushes, vines, and other vegetation. Collection methodologies differ and many have developed into a unique art and science over time. ODNI lists six (6) "basic types" of intelligence collection methodologies it uses: Geospatial Intelligence (GEOINT), Human-Source Intelligence (HUMINT), Imagery Intelligence (IMINT), Measurement and Signature Intelligence (MASINT), Signals Intelligence (SIGNINT), and Open-Source Intelligence (OSINT). Much like the fruit-collecting metaphor, intelligence-collecting methods have developed into intricate and robust industries.

We at OSIRIS acknowledge OSINT as a valid intelligence-collection methodology, as valid as HUMINT, IMINT, and all the other "-INTs" that typically require government-issued clearances. As Hribar, Podbregar, and Teodora (2014) of the International Journal of Intelligence and Counterintelligence explain, "Systematic collection of data from public sources can be divided into open source information (OSINF; publicly available information) and open source intelligence (OSINT; information as a result of intelligence analysis of public sources and data)" (p. 531). That is, while OSINF is publicly-available, OSINT final intelligence products can be privatized by a business and classified by a government because of how valuable the open-source intelligence-collection methodology has proven to be.

Often intelligence professionals call collected information in this stage of the Intelligence Cycle "raw intelligence," because the info has not been processed yet. For this reason, it is important for intelligence students to understand all about the Processing Phase of the Intelligence Cycle. . . .

IV. On the Processing Phase of the Intelligence Cycle

Following the fruit-collection analogy stated above, collected information in the Intelligence Cycle must be processed, very much like fruit at a processing plant. In the modern food production industry, mass-produced fruits and vegetables must be thoughtfully washed, stored, packaged, and staged for infinitely multifarious purposes (Singh, 2021). Likewise, intelligence products are not merely the result of analysts drawing conclusions based on raw intelligence, but rather IC professionals must process the collected information to make it usable for the Analysis Phase of the Intelligence Cycle.

Examples of the processing phase that the ODNI provides include some of the following: image-processing, decoding messages, translating foreign-language media, prepping information for digital filing, storage, and retrieval; for HUMINT this involves (in part) "placing human-source reports into a form and context to make them more understandable" (ODNI, n.d.). Essentially, the intelligence operation must be capable of efficiently collecting raw intelligence and competently handling and positioning this data in such a way that it is useful for the analyzing phase. Therefore, this Processing Phase must not be overlooked by any intelligence operation wishing to sustain its relevance and efficacy. . . .

V. On the Analysis Phase of the Intelligence Cycle

Also known as the Production Phase, this is the stage of the Intelligence Cycle where the intelligence analyst typically takes the processed information that had been collected and interpret its meaning and usefulness for intelligence consumers (ODNI, n.d.). This is the bridge phase between collected raw intelligence and a produced final intelligence. It should be easy to remember that the Analysis/Production Phase is where the intelligence product (or final product) is created. Often this phase requires the analyst to comprehend that which was achieved in the Planning Phase--the research design, the consumer's request for information (RFI), research instructions provided by the intelligence supervisor, or other parameters set for the analyst to understand whom the final intelligence product will be for and what they will need it for.

Similar to academic writing, one of the objectives of the Analysis Phase is to produce new information. Therefore, the intelligence analyst often considers remaining information gaps--what is still unknown or uncertain as much as what is known and verifiable (ODNI, n.d.). Notes can be provided for the Planning Phase for future intelligence products, while allowing the consumer to know that their initial RFI is being answered. It is important that, amidst the endless world of abstract thinking that comes with analytical creativity, the RFI is still being directly answered or addressed. Mind your deadlines too. . . .

VI. On the Dissemination Phase of the Intelligence Cycle

If only it were as simple as clicking "Send" or "Publish" or some other single action. The intelligence operation must understand the best methodology for delivering its finished intelligence products to the intended recipients and consumers. The operation must not only determine how frequently such products need to be delivered, which determines deadlines, but it also must ascertain the best medium to use, what emerging media technologies to implement, maintaining operational security (OPSEC) and information security (INFOSEC), and always remaining aware of the constantly changing needs of the clients while simultaneously maintaining capabilities to adapt and respond appropriately.

For OSINT operations, the role of the Dissemination Phase is no less critical. Private intelligence operations may experience a different market environment than their public counterparts regarding the Dissemination Phase, as the private market tends to have more flexibility and opportunity to customize and tailor services to consumers' needs. For example, frequency of reports can be daily, weekly, bi-weekly, monthly, quarterly, issued electronically, delivered by courier, presented in person, and the list goes on. Intelligence professionals must treat OSINT as seriously in the Dissemination Phase of the Intelligence Cycle as much as they would any other type of intelligence product in this industry. . . .

VII. On the Evaluation Phase of the Intelligence Cycle

Ensuring that your work worked in the end is only important if your team ever intends on delivering another intelligence product again. How else will you know how efficacious your planning, collection, processing, analyzing, and dissemination phases are without the evaluation phase of the Intelligence Cycle? ODNI (n.d.) uses evaluation through every step of the cycle: "Although this is listed as a discrete step in the intelligence cycle, evaluation of our products and approaches to producing them is ongoing throughout the cycle." This does not just include "feedback from customers" but also an "ongoing" assessment of "relevance, bias, accuracy, and timeliness," among other aspects of the entire production process (ODNI, n.d.).

For OSINT producers, with ever-increasing access to new collection-phase technologies and tools, dissemination methodologies are also important in ensuring the client/customer receives the right final products at the right time and with proper OPSEC and INFOSEC in mind. What does this look like? It can mean that you routinely inspect your digital platform(s), ensuring your webmaster and web delivery services continue working for you, creating updated workflow lists for your team to help reduce skipped steps in the dissemination stage. In one instance, I handed a hard copy of an OSINT report to a field operator in a discreet public location, then followed up with them weeks later to learn that the intelligence product made it to at least one other asset in the field--evaluation in action.

VIII. Return to Start: Back to the Planning Phase...Again

According to an undated CIA (n.d.) public document, at the end of the Intelligence Cycle, the policymakers, the recipients of finished intelligence, then make decisions based on the information, and these decisions may lead to the levying of more requirements, thus triggering the Intelligence Cycle" ("Dissemination," para. 1). This concept of "triggering" or re-triggering the Intelligence Cycle implies that once consumers of the final product review the information you provided them, they may request more information. Expect to continually receive RFIs and expect the intelligence-production process to exist in the form of an ongoing cycle.

Once you disseminated your final product and evaluate all your procedures, expect to immediately proceed to "Step 1" again--the Planning Phase. Have your team ready to create more intelligence products, all of which will feature additional value if they undergo a well-thought-out planning stage, like before. Have your resources, tools, and materials (that you utilized in your planning phase) immediately available, because once your customer reaches back out to you for more information, you need to be ready to immediately get back to work on your follow-up intelligence products. . . .

IX. Plot Twist: The Intelligence Cycle is Not Always Cyclical!

Not only does this school of thought present the Intelligence Cycle as "multi-directional," but, as D. Davydoff (2017) of the global security firm ASIS International suggests, this process model "was always meant as a rough model with the key being the fluidity of its application to any environment, whether public or private" (p. 2). He further suggests, "Each intelligence team [whether public or private] should consider . . . obstacles specific to their own organization," and "thinking about the problems experienced by private sector intelligence can help improve efficiency of the analytical process outlined by the cycle" (p. 5). In other words...

The Intelligence Cycle can serve as a guide for organizations to custom-tailor themselves that is based on their own individual needs. The Intelligence Cycle, therefore, as outlined and defined by ODNI does not have to be (and perhaps should not) serve as a strict rule for all intelligence firms everywhere to adhere to. But, by viewing the Intelligence Cycle through Davydoff's (2017) perspective, the OSIRIS Editorial Staff can more confidently experiment with the ODNI model, perhaps combine it with others, and thus further adapt it to our needs to help provide more value to you, our valued network.

X. Is OSINT 'Real Intelligence'?

B.H. Miller (2018) of National Intelligence University near Washington, DC, makes an argument that intelligence professionals should not characterize OSINT as traditional intelligence, especially in the sense that the defense community had understood it during the twentieth century. He states that "it depends" and calls upon the Intelligence Community to cautiously reconsider overusing the term OSINT as real intelligence (Miller, 2018). His use of the term oxymoron to label OSINT for some occasions presents an important (though uncommon) perspective in the industry. By contrast, many industry professionals welcome the term and seem to either overuse or misuse it without question.

Meanwhile, G. Varga (2022) of the global security firm ASIS International also uses oxymoron to describe OSINT but in a different sense. Unlike Miller (2018), Varga (2022) claims that researchers can almost always use OSINT as intelligence in the traditional sense, but he states that the conflicting nature inherit in OSINT lies in the seemingly endless amount of source material to collect, analyze, and report on: "There is almost infinite data freely available and yet, at the same time, it is so often ignored because of its sheer volume and complexity" (Varga, 2022). It seems that this industry professional is willing to consider OSINT as traditional intelligence as long as researchers can competently data-mine, harvest, and collect OSINF (or PAI).

As we continue reviewing the latest philosophy and industry-led, peer-reviewed academic publications on the matter, the formal editorial position of OSIRIS regarding OSINT is as follows: We understand OSINT as one of many forms of intelligence-gathering techniques, that a monograph that a researcher(s) created using the Intelligence Cycle is an intelligence product, and that a person or organization can produce these intelligence products for various kinds of clients (whether public or private) for varying kinds of purposes. We perceive the articles that we publish as OSINT are real intelligence products (in the traditional sense of intelligence)--final products that we derive from OSINF whilst utilizing the Intelligence Cycle.

XII. About the Author

Daniel C. Ross, BS, MBA, MAHS has worked as a private contractor for security, intelligence, and corrections for both the public and private sectors. He holds a Master of Arts in Homeland Security with a concentration in Intelligence Studies from American Military University. He also earned an MBA and BS in Communication from Southeastern University in Lakeland, Florida. He loves Florida's unique history, climate, and ecosystems and enjoys taking long hikes on its many nature trails.

XII. About OSIRIS

"OSIRIS" began as an acronym for "Open Source Intelligence Reporting Information System" and now has evolved into a global humanitarian information agency. Its mission is to foster and promote global security, civil society, and individual sovereignty throughout the world.

XII. References

Central Intelligence Agency [CIA]. (n.d.). Central Intelligence Agency Factbook on Intelligence. Retrieved on October 22, 2022 from https://irp.fas.org/cia/product/facttell/index.html

Davydoff, D. (2017). Rethinking the Intelligence Cycle for the private sector. ASIS International. Retrieved on October 5, 2022 from https://www.asisonline.org/globalassets/security-management/current-issues/2018/01/white-paper_intelligence-cycle_11-29-17.pdf

Kime, B. (2022). The Intelligence Cycle: Modernization for the 21st Century. ZeroFox. Retrieved on October 5, 2022 from https://www.zerofox.com/blog/the-intelligence-cycle-modernization-for-the-21st-century/

Hribar, G., Podbregar, and Ivanuša, T. (2014) OSINT: A “grey zone”? International Journal of Intelligence and CounterIntelligence, 27(3): 529-549, DOI: 10.1080/08850607.2014.900295

Lahneman, W. (n.d.). The seven-step Intelligence Cycle. Naval Post-Graduate School. Retrieved on October 23, 2022 from https://www.chds.us/coursefiles/NS4156/lectures/intel_7_step_intel_cycle/script.pdf

Miller, B.H. (2018). Open source intelligence (OSINT): An oxymoron? International Journal of Intelligence and Counterintelligence, 31(4): 702-719

Office of the Director of National Intelligence [ODNI]. (n.d.). How the IC works. Retrieved on October 5, 2022 from https://www.intelligence.gov/how-the-ic-works

Rocha, L. (2015). The 5 steps of the intelligence cycle. Count Upon Security. Retrieved on October 5, 2022 from https://countuponsecurity.com/2015/08/15/the-5-steps-of-the-intelligence-cycle/

Singh, R.P., McLellan, M.R., Pallardy, R., Rogers, K., Young, G., and The Editors of Encyclopaedia Brittanica. (2021). "Fruit processing," in The Encyclopaedia Brittanica. Retrieved October 17, 2022 from https://www.britannica.com/topic/fruit-processing

Smith, C.L., and Brooks, D.J. (2013). "Knowledge Management: The Intelligence Cycle" in Security Science: The Theory and Practice of Security. Elsevier Inc., Oxford, the United Kingdom of Great Britain and Northern Ireland.

Stark, B. (2016). The Intelligence Cycle: An introduction to direction, collection, analysis & dissemination of intelligence. Intelligence101. Retrieved on October 5, 2022 from https://www.intelligence101.com/an-introduction-to-the-intelligence-cycle/

Varga, G. (2022). Unraveling the OSINT oxymoron. Security Management. Retrieved on October 4, 2022 from https://www.asisonline.org/security-management-magazine/latest-news/online-exclusives/2022/unraveling-the-osint-oxymoron/