Analysis: Classifying open source intel?
Washington (UPI) Sep 16, 2008
Intelligence from open sources like the Internet is now recognized as an essential part of the work of U.S. agencies -- but one leading expert in the field says much more of it should be secret.
"Open source intelligence is widely recognized as both an essential capability and a formidable asset in our national security infrastructure," CIA Director and retired Air Force Gen. Michael Hayden told a conference in Washington Friday.
Hayden quoted the strategic plan issued this year by Director of National Intelligence Michael McConnell: "No aspect of (intelligence) collection requires greater consideration or holds more promise than open source information."
But the conference, organized by the DNI's Open Source Center, the agency based at the CIA that provides analysis of open sources for U.S. intelligence, also heard counterintuitive calls for more of its product to be classified.
Jennifer Sims, director of intelligence studies at Georgetown University, told United Press International there was another rationale for classifying intelligence reports, other than the traditional one of protecting sources and methods.
She said under the definition of classified information -- data the release of which would damage the national security of the United States -- intelligence could, and should, be classified even when the source was open, "because of the insights you derive for the decision-maker from that source."
"That requires classification because the release of it tells people what decision-makers find insightful about the open source analysis."
In other words, if it is worth knowing, it is worth preventing adversaries from knowing.
"If you don't classify" open source intelligence products, she argued, "what you're saying is that you're not providing any particular insights that matter to the competition."
Sims also cited the DNI's strategic plan, which defined the key role of the sprawling collection of U.S. agencies known as the Intelligence Community as providing "decision advantage" in a dangerous and quickly changing world.
"What's new and exciting about the use of the term 'decision advantage' is that it reminds everybody that the core business of intelligence is not gathering secrets. The core business of intelligence is providing insights for decision-makers who are engaged in life-or-death competitions, and those insights require classification wholly apart from any need to protect sources and methods."
But Sims also argues against the widely held assumption that open source intelligence gathering requires no protection of sources and methods.
All intelligence collection involves at least five elements, she explained: command and control, sensors, platforms, processing and exploitation, and finally data exfiltration.
Even in open source, she said, "You will want to classify your command and control, because you don't want people to know what your requirements are." Processing and exploitation should also be secret "at least in part żż because you want to keep your methods for deriving insights from the data away from anybody else."
Steven Aftergood, a government-transparency advocate at the Federation of American Scientists, said Sims "made the most coherent argument for open source secrecy I have heard."
But, he said, in actual fact, very few of the analyses produced by the Open Source Center fitted Sims' picture of material that conferred a vital advantage over the country's adversaries.
"Only a small minority of OSC analytical products fits that description," he told UPI. "The overwhelming bulk have no operational relevance. They are at best contextual," he added, comparing them to the research backgrounders prepared by the Congressional Research Service.
"They are not inputs into strategic decision-making."
According to Aftergood, Sims' argument was "misleading to the extent that it presented the exception as the rule."
Aftergood's conclusion was echoed by Kim Robson, the center's deputy director, who told UPI that "the vast majority of what we produce is not classified żż and doesn't have to be."
"In some cases," Robson added, OSC reports end up being classified "because of the sensitive nature" of their conclusions.
"If the information will żż reveal intentions and capabilities, then it ought to be protected in some way, even if the (underlying) information is unclassified," she explained.
But in most cases the restrictions on the circulation of OSC reports was a matter of copyright, not classification, she said.
Robson acknowledged there might be times when even unclassified information should be protected -- for instance, by being labeled as "Controlled Unclassified Information."
She gave the example of a young al-Qaida operative who was revealing operational vulnerabilities on a blog or social network site. "That could provide us with a decision advantage," she said. "Maybe we don't want to tell al-Qaida that one of their operatives is out there blogging about their vulnerabilities. So that would be something you'd want to keep in sensitive channels, even though it's unclassified."
Email This Article
Comment On This Article
Share This Article With Planet Earth
Cyberwar - Internet Security News - Systems and Policy Issues
Washington (UPI) Sep 11, 2008
A group of experts from academia, the private sector and government are putting their heads together to answer the long-nagging question: How do you measure the cost-effectiveness of cybersecurity efforts? It is an issue, they say, that dogs officials and executives, leaving them reliant on intuition and a tick-the-box approach to security measures.
|The content herein, unless otherwise known to be public domain, are Copyright 1995-2007 - SpaceDaily.AFP and UPI Wire Stories are copyright Agence France-Presse and United Press International. ESA Portal Reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by SpaceDaily on any Web page published or hosted by SpaceDaily. Privacy Statement|