Open Source Intelligence Professionalism: Distinguishing “OSINT” from “Pro-SINT”

There is a current chasm between multiple definitions of the term “open source intelligence” (OSINT). For example, the narrow legal definition of OSINT by the US intelligence community is perhaps the most regulated and rigorously monitored government function in the US constitutional balance of powers, with potential impacts on civil liberties and individual privacy. Several different concepts of OSINT are now shaping alliance and national intelligence, cybersecurity, and defense strategies. Just type a search for “open source intelligence” or “OSINT” into any Internet search engine, academic database, or non-paid online news media and you can immediately see that OSINT is revolutionizing the landscape of national security and world affairs, across geopolitical areas from Ukraine to Taiwan, and across new industries from synthetic biology to space technology.

In March 2024, the director of the Central Intelligence Agency Amb. Bill Burns and Director of National Intelligence Avril Haines jointly signed a 2024-2026 Open Source Intelligence Strategy (OSINT) for the United States. The strategy aims to assess and modernize the IC’s approach to OSINT.

The strategy paper and a series of policies published subsequently included a critical new inclusion of the term “commercially available information (CAI)” in its definition.

I propose a subtle new term of art to help bridge the significant gaps in understanding between allied governments, industry, academia and the public. As threats continue to converge across domains, the role of professional companies in the intelligence gathering, analysis and data ecosystem will continue to align around what I call “professional OSINT” (Pro- SINT). It differs from a growing body of OSINT, hobbyist, and other unfiltered efforts that use only publicly available information.

In the rapidly converging threat landscape, there is an undisputed need for allied OSINT practices to discover threat data in the wild, provide cutting-edge collection capabilities, and accelerate information sharing for security both in the public sector as in the private sector. Several recent symposia and conferences have underscored the importance of these practices, emphasizing the need for strong public-private partnerships in intelligence gathering and dissemination.

The July 2024 NATO summit in Washington, DC proved a timely opportunity to discuss and improve these capabilities, especially in light of emerging hybrid threats posed by nation-states such as Russia, China, Iran and North Korea, among other smaller cybernetic ones. actors and safe havens for cybercriminals. As an illustration of the seriousness with which the alliance views these threats affecting all sectors of free society, NATO, in collaboration with the Partnership for Peace Consortium of the European Marshall Center, of more than 800 security and defense training institutes, released a new benchmark curriculum titled Hybrid Threats and Hybrid Warfare. This syllabus was the first in a long series aimed not only at government trainers and course developers, but also at commercial audiences.

The critical role of OSINT was also highlighted at a recent European OSINT Symposium at King’s College London, where representatives from Sweden and Ukraine publicly shared compelling insights into the effectiveness of OSINT in their national security strategies, underscoring the importance of maintaining professionalism in OSINT. Similarly, a Canadian Alliance workshop entitled “Public Sources Secret Threats” held in Ottawa, Canada by the Canadian Security Intelligence Service (CSIS) with Carleton University, brought together experts from around the world academia, government and industry to discuss the evolving OSINT landscape under one umbrella. of OSINT defined as “intelligence derived exclusively from publicly available information (PAI)”. Observations from the Canadian workshop highlighted the importance of professionalism in OSINT, particularly for global governments and large multinational corporations that are rightfully subject to public scrutiny regarding privacy, legal and ethical concerns.

For purposes of common understanding and to distinguish them from OSINT non-professionals, I propose to organize international open source intelligence efforts around the following definition:

“Pro-SINT is open source intelligence professionally derived from both publicly available and commercially available information. Pro-SINT is distinct from various official and unofficial definitions of the term OSINT as used by governments and a more general use of the term. Pro-SINT is a subset of the broader possible definition of the term OSINT. Pro-SINT addresses specific customer requirements and proprietary intelligence needs, whether for private use or support for public sector decisions. Customer requirements for Pro-SINT are reasonably protected from public disclosure, with legal protections such as government secrets or proprietary commercial interests.”

To address the complexities of modern hybrid threats facing society as a whole, it is essential to differentiate between a general use of OSINT and Pro-SINT. Arriving at a narrower and more commonly defined understanding of Pro-SINT can provide the starting point for a framework for having substantive and transparent policy conversations about professional, ethical, and legally defensible virtual intelligence operations. This is crucial to maintaining confidence and effectiveness in the intelligence services of any allied nation and for multinational companies that also face legitimate demands for accountability from regulators and the public.

The US-based OSINT Foundation, open only to US citizens and companies, exemplifies a set of best practices and definitions that could benefit a wider set of international allies. Sharing these practices and fostering public-private partnerships with CAI and PAI can improve the professionalism and effectiveness of OSINT efforts worldwide.

Professionalism in OSINT means adhering to privacy laws, preventing malicious use of information, and ensuring that all intelligence activities serve an ethical and legally justifiable purpose. This involves active participation in the development of privacy policies, laws and protections, in collaboration with European and NATO stakeholders.

Some examples of why it is so critical that a dedicated international public-private “professional OSINT ecosystem” be developed and fostered for NATO and other like-minded nations include:

• Governments must make informed decisions to safeguard national interests and those of their allies.
• Private companies and corporate boards need knowledge to protect themselves from a growing field of cybercrime actors and state-sponsored threats.
• Universities and research institutions must protect intellectual property.
• Global media entities need means to validate trusted information and debunk false narratives that can be amplified with deep fakes and generative AI in a real-time global information environment.

By adopting a subtle distinction between general OSINT and Pro-SINT, we can ensure that intelligence collections by those paid for the work are professional, ethical and legally defensible. This approach will enhance trust and cooperation among allied nations and enhance our collective ability to effectively identify, address, and mitigate hybrid threats. Pro-SINT can help clarify those individuals, organizations and activities that we collectively want to develop and adhere to rigorous standards and ethical guidelines, aligning with allied government values ​​and the transparency requirements of listed companies. stock market and regulated industries.

We continue to grow the diverse but like-minded network of OSINT professionals who share our core values ​​of human rights, freedom, democratic principles and transparent business practices. Sharing best practices and fostering public-private partnerships in Pro-SINT can improve the professionalism and effectiveness of OSINT efforts worldwide, but we must begin with a common understanding of the professional information trade.

Andrew Boren is executive director of flash pointthe world’s largest private threat intelligence company. He is a former senior official in the Office of the Director of National Intelligence, where he led initiatives on counterintelligence, counterterrorism, open source intelligence, and advanced technology. He has previously served as an advisor to the CIA, associate deputy general counsel at the Pentagon, and is a combat veteran of the US Marine Corps.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located in the European Economic Area.