1

1

STRATEGIC INTELLIGENCE FUNDAMENTALS:

THEORY AND APPLICATIONS

Note that this presentation does not represent the views of the US Government or any US Government agency

Christopher A. Noble

chris.a.noble@saic.com

2

Disclaimer

All statements of fact, opinion, or analysis expressed

are those of the author and do not reflect the official

positions or views of the US Government. Nothing in

the contents should be construed as asserting or

implying US Government authentication of information

or endorsement of the author’s views. This material

has been reviewed by the US Government to prevent

the disclosure of classified information.

2

3

Outline

• Intelligence fundamentals

• Tradecraft

• Challenges

• Intelligence techniques

• Collection disciplines

• Analysis methods

• Intelligence themes

• Nonproliferation and arms control

• Counterterrorism and counterinsurgency

• Others

4

Key concepts

• Intelligence is6

• Politically motivated

• Secretly derived

• Action enabling

• Time sensitive

• Tradecraft

• Intelligence cycle

• Intelligence disciplines

• Counterintelligence

• Covert action The theoretical/conceptual intelligence cycle highlighting key stages of

the cycle; other intelligence cycle models may compact or expand on any

or all of these stages

Targeting

Analysis

Reporting

Collection

Processing

Requirements

3

5

Types of intelligence

• Business

• Competitor products

• Competitor performance

• Consumer demand

• Market predictions

• Law enforcement

• Evidence collection

• Crime location

• Criminal residence

• Criminal profiling

• Tactical (battlefield)

• Strategic (political) Homicides in Washington DC based on data from the DC Metropolitan

Police Department; from http://en.wikipedia.org, accessed 12/20/12

6

Types of strategic intelligence

• Descriptive

• Basic research

• Current events

• Operational support

• Science, technology,

and weapons (ST&W)

assessment

• Predictive

• Threat warning

• Strategic trendsCover from CIA’s 2002 report on weapons of mass destruction

in Iraq; from http://www.cia.gov, accessed 12/21/12

4

7

Legal foundations

• US Code

• Title 6—Domestic

security

• Title 10—Armed Forces

• Title 18—Crimes and

criminal procedure

• Title 50—War and

national defense

• Others

• Executive order

• Code of Federal Regulations

• Congressional (public) law

Several bound volumes of the US Code; from http://www.flickr.com,

accessed 04/28/13

8

Intelligence tradecraft

• Formalized guidelines for

espionage and intelligence

• Tradecraft is generally

specific to an intelligence

function

• Targeting

• Collection

• Processing

• Analysis

• Tradecraft may also be

specific to an intelligence

organization

Conceptual example of a portion of the intelligence cycle based on a

signals intelligence collection of an encoded communication; from US

Joint Chiefs of Staff (2012) Joint and National Intelligence Support to

Military Operations

5

9

Raw (foreign) intelligence

• Intended for analysts

• Includes raw information

specific to a collection

event that addresses an

intelligence requirement

• May include processed

information (decryption,

translation, geospatial

overlays, etc.)

• May include interpretation

(e.g., language nuances,

imagery analysis)

Commercial imagery of the Right Bank Drinking Water Treatment Plant

in Mosul, Iraq, following rehabilitation efforts; from http://www.sigir.mil,

accessed 12/21/12

10

Finished intelligence

• Intended for policy makers

• Includes evaluated

information specific to a

topic of interest to the

consumer (e.g., military

capabilities, leadership

stability)

• Includes assessment by

analyst who is a subject

matter expert

• Includes all sources of

intelligence collection President’s Daily Brief from 6 August 2001 (declassified on

10 April 2004) with Bin Ladin warning; from http://www.gwu.edu,

accessed 01/04/13

6

11

Intelligence challenges

• Incomplete data

• Insufficient time

• Source characteristics

• Access

• Expertise

• Reliability

• Completeness

• Expert interpretation

• Data access (stovepiping)

• Data quantification

• Assessment confidence

• Unapproved sharing (leaks)

• Analytic tools

Slide from Secretary of State Powell’s UN speech on 5 February 2003

concerning Iraq’s weapons of mass destruction; slide shows 81-mm high-

strength aluminum tube—one of 60,000 ordered from China—that was

interdicted by the United States in Jordan en route to Iraq; the US

Intelligence Community assessed at the time that the tubes were

intended for use in uranium centrifuges; the Iraq Survey Group later

concluded that the tubes were likely intended for conventional rockets;

from http://www.globalsecurity.org, accessed 01/04/13

12

Targeting

Analysis

Reporting

Collection

Processing

Requirements

Intelligence cycle

Where can we find it?

How do we get it?What does it mean?

Who needs to know?

What do we need?

What did we get?

7

13

Intelligence techniques

• Collection disciplines

• Human intelligence

• Open-source intelligence

• Geospatial intelligence

• Signals intelligence

• Measurement and signature intelligence

• Analysis methods

• Analysis of competing hypotheses

• Link analysis

• Red teaming

• Others

14

Human intelligence (HUMINT)

• Information that can be

covertly obtained through

human sources

• Examples

• Observations

• Photographs

• Documents

• Debriefings

• Diplomatic contacts

• Military attachés

People who potentially have access to information that governments

might find valuable; from http://hubpages.com, accessed 02/19/11

8

15

Open-source intelligence (OSINT)

• Information that can be

overtly obtained through

media sources

• Examples

• Television broadcasts

• Radio broadcasts

• Blogs

• Microblogs

• Magazines

• Academic literature

Newspapers and other forms of traditional and new media can provide

information of importance for strategic intelligence; from

http://tabtimes.com, accessed 02/20/11

16

Geospatial intelligence (GEOINT)

• Information that can be

overtly or covertly obtained

through imagery and geo-

referenced data

• Examples

• Electro-optical imagery

• Infrared imagery

• Multispectral imagery

• Radar imagery

• Geocoordinates

• Human terrain

Commercial imagery from GeoEye showing the River Thames in

Dartford, England; inset shows closeup of the Dartford Crossing (bridge);

from http://www.defenseindustrydaily.com, accessed 12/18/12

9

17

Signals intelligence (SIGINT)

• Information that can be

overtly or covertly obtained

from electronic signals

• Examples

• Phone calls

• Text messages

• Emails

• Video

• Telemetry

• Radar

Basics of a radiofrequency signal; from http://etutorials.org, accessed

12/26/12

18

Measurement and signature intelligence (MASINT)

• Information that can be

overtly or covertly obtained

using technical methods

• Examples

• Seismogram

• Microbarogram

• Radar returns

• Sonar returns

• Infrared spectra

• Mass spectra

• Cell culture

Mass spectra—showing chemical composition—of three individual

airborne particles; from Noble (1998)

10

19

Analysis of competing hypotheses (ACH)

• Purpose

• Discover knowledge

• Assess possible

hypotheses/explanations

• Discount meaningless

facts/evidence

• Process

• Identify possible

hypotheses/explanations

• List known facts/

evidence

• Draw conclusions

Matrix for analysis of competing hypotheses (ACH) showing

(hypothetical) hypotheses across the top axis and (conceptual) facts

along the vertical axis; from http://competinghypotheses.org, accessed

03/06/13

20

Link analysis

• Purpose

• Discover knowledge

• Visualize data

• Identify critical items

• Identify clustered items

• Evaluate relationships

• Process

• Identify items

• Identify relationships

• Draw conclusions

Conceptual representation of link analysis when each dot represents an

item and each line represents a relationship between two items; color

represents a similarity between items; physically adjacent items

represent clusters; from http://wordpress.com, accessed 03/06/13

11

21

Red teaming

• Purpose

• Discover knowledge

• Identify weakness or

shortcomings

• Mitigate potential

stressors

• Process

• Form independent team

• Assume oppositional

perspective

• Plan/simulate attacks

View of Parker Brothers board game Risk that simplifies the wargaming,

a military version of red teaming; from http://www.mrrives.com, accessed

03/06/13

22

Other analytic tools

• Brainstorming

• Cluster analysis

• Financial analysis

• Geospatial analysis

• Linguistic analysis

• Quantitative analysis

• Schedule analysis

• Trend/pattern analysis

• Traffic-light chartsConceptual stop-light chart where green indicates completed goal, yellow

indicates partially completed goal, and red indicated uncompleted goal

12

23

Intelligence themes

• Nonproliferation and arms control

• Weapons proliferation

• Treaty verification

• Counterterrorism and counterinsurgency

• Terrorism organization

• Terrorism weapons

• Military intelligence

• Cryptography and computer security

• Counterintelligence

• Law enforcement intelligence

• Disaster relief and humanitarian efforts

24

Nonproliferation and arms control

• Weapons categories

• Conventional

• Advanced conventional

• Nonconventional

• Delivery systems

• Weapons trafficking

• Technology

• Materials

• Treaty verificationTrident submarine-launched ballistic missile (SLBM) test shot; SLBMs

are considered to be advanced convention weapons as well as weapons

delivery systems; from http://www.public.navy.mil, accessed 12/31/12

13

25

Soviet Joe-1 nuclear test (1949)

• The Soviet Union tested its

first nuclear bomb after

stealing designs from the

US Manhattan Project

• The US Intelligence

Community had estimated

the Soviet’s first nuclear

test in 1953 or later

• The US Intelligence

Community prepared for

contingencies and detected

airborne radiological debris

confirming the test

Soviet Joe-1 nuclear test in Kazakhstan—called “First Lightening” by the

Soviets—used a plutonium implosion device based on the US Manhattan

Project’s Fat Man bomb; from http://en.wikipedia.org, accessed 12/19/12

26

Counterterrorism and counterinsurgency

• Understanding terrorism

• Definitions

• Categories

• Analyzing terrorism

• Organization

• Finances

• Weapons

• Current and recent cases

• International

• DomesticSuicide attacks on the World Trade Center in New York; from

http://images.nationalgeographic.com, accessed 04/23/13

14

27

Aum Shinrikyo sarin attack (1995)

• Five coordinated attacks on

Tokyo’s subway system

during morning rush hour

• Sarin nerve agent

• Thirteen dead, 50 disabled,

500 hospitalized, and over

1,000 (possibly over 6,000)

injured

• Precursor attacks

• Asahara and perpetrators

sentenced to death or life

in prison Cover of Time magazine reporting Tokyo subway attack;

from http://www.time.com, accessed 12/26/11

28

Military intelligence

• Strategic analysis

• Political intent

• Economic capabilities

• Military doctrine

• Military capabilities

• Indications and warning

• Order of battle analysis

• Target analysis

• Collateral effects analysis

• Battle damage assessment

• Medical intelligence

Conceptual example of raw information transformed through the

intelligence cycle to become finished intelligence; from US Joint Chiefs of

Staff (2012) Joint and National Intelligence Support to Military Operations

15

29

Battle of Britain (1940)

• German WWII air

campaign staged against

the United Kingdom

• Targets included convoys,

ports, airfields, military

factories, and infrastructure

• Chain Home early warning

radar stations

• Royal Observer Corps

visual detection and

tracking organization

• First major defeat of

Germany in WWIICoverage provided by the Chain Home radar networks during the Battle

of Britain; http://en.wikipedia.org, accessed 07/18/12

30

Cryptography and computer security

• Secret writing terminology

• Plaintext/ciphertext

• Encrypt/decrypt

• Encode/decode

• Steganography

• Physical

• Digital

• Other

• Computer/cyber forensics

The Lorenz SZ42 cypher machine developed by the Germans in the early

1940s and used during World War II; from http://en.wikipedia.org,

accessed 08/12/13

16

31

German Zimmermann telegram (1917)

• Germany sent diplomatic

message to Mexico to

encourage a Mexican war

with the United States

• Germany promised Mexico

territory in Arizona, New

Mexico, and Texas

• England intercepted and

decoded the message

before sharing with the

United States

• Mexico initially ignored and

then rejected the offerCoded telegram sent by German Foreign Secretary Arthur Zimmermann

to Mexico; from http://en.wikipedia.org, accessed 07/18/12

32

Counterintelligence

• Defensively oriented

• Counterintelligence cycle

• Identify threat

• Prioritize protection

• Develop safeguards

• Communicate findings

• Safety measures

• Physical security

• Information security

• Communication securityThe security card for building or facility access is one form of physical

security; from http://www.mtp-use.com, accessed 08/13/13

17

33

Aldrich Ames’ betrayal (1994)

• CIA Officer with over 30

years of experience

• Operations

• Counterintelligence

• Mediocre performer

• Compromising factors

• Alcohol abuse

• Marital problems

• Financial difficulties

• Spied for the Soviet Union-

Russia for about 10 years

• Gave up at least 12 spies

Aldrich Ames at Allenwood Penitentiary in Pennsylvania serving his life

sentence for espionage; http://en.wikipedia.org, accessed 08/13/13

34

Law enforcement intelligence

• Narcotics trafficking

• Cocaine

• Opiates/heroin

• Financial crime

• Money laundering

• Counterfeiting

• Forgery

• Identity crime

• Computer/cyber crime

• Arms trafficking

• Human trafficking

Worldwide cocaine production, trafficking, and consumption in 2008; from

http://www.unodc.org, accessed 08/12/13

18

35

Disaster relief and humanitarian efforts

• Natural disasters

• Hurricanes

• Tornadoes

• Tsunamis

• Earthquakes

• Political oppression

• Civil war

• Forced migration

• Human trafficking

NGA’s lidar-based digital elevation model (DEM) data overlaid on Google

Earth imagery showing the aftermath of the 2010 Haiti earthquake; from

http://www.opentopography.org, accessed 08/13/13

36

Further reading

• Cirincione, J.; et al. (2005). Deadly Arsenals:

Nuclear, Biological, and Chemical Threats. Carnegie

Endowment for International Peace: Washington

• Clark, R. M. (2009). Intelligence Analysis: A Target-

Centric Approach. CQ Press: Washington

• George, R. Z.; et al. (2008). Analyzing Intelligence:

Origins, Obstacles, and Innovations. Georgetown

University Press: Washington

• Lowenthal, M. M. (2006). Intelligence: From Secrets to

Policy. CQ Press: Washington