Open Source Intelligence-If You Build It, Be Sure You Can Find It

Whether monitoring for competitive intelligence, strategic innovation, or asset protection, the real-time monitoring of open information sources or streams, the so-called Open Source Intelligence (OSINT), is quickly becoming an important concept and core, strategic activity in any organization. Having poor information-monitoring practices is an expensive oversight, one that many organizations learn the hard way.

Why has OSINT become so important?

Take the example of the 1975 film Three Days of the Condor. It is the original OSINT adventure: books, magazines in foreign languages (aka “open source intelligence" by today’s standards) -read and monitored by humans (in this case, Robert Redford as Joe Turner, the Condor) and converted from analog to digital by powerful computers that could search for hidden messages or codes.

Alone, a single piece of information may have little value. But when combined with hundreds of other pieces of information, that one little piece could be the essential element that ties the whole picture together. With today’s technology, and diversity of sources, analysts can do even more than the Condor could have imagined.

Building out the big picture and making important connections between even disparate pieces of information, in a variety of languages, may mean collecting hundreds of pieces of information from as many sources. Today’s OSINT is being used in a number of capacities, from investigating corruption and other criminal activity, to tracking terrorists or stolen works of art, or protecting people and companies from cyber attacks but also for more common activities like monitoring the competition, the market trends.

When the discussion progresses from “if" to “how" such activities should be implemented, not surprisingly, there are many different approaches. Although traditionally outsourced reports such as social media monitoring are increasingly being done in-house, other activities are still being outsourced to “experts" A standard criteria for outsourcing best practices, like those mentioned in “Linking Outsourcing to Business Strategy" by Richard C. Insinga and Michael J. Werle (Academy of Management Executive, Vol. 14, Nov.4, November 2000), tasks organizations to evaluate “the likelihood a task will bring competitive advantage" against their own internal capability for doing it effectively.

Following these guidelines, a task that could bring competitive advantage would be better outsourced if the organization is unable to optimally manage it in-house. OSINT analysis often falls into this category. In fact, few organizations, mainly in selected industries, have the internal capabilities for effectively running OSINT in house.

However, I would argue that, given the value of such information, not bringing OSINT in house could itself compromise the organization’s viability in the long term (and more likely, even sooner).

A better strategy: outsource now, but start investing in the people, processes and software infrastructure to progressively bring this activity in house. Start with a few selected activities (reputation management, supplier analysis, country risk, etc.) and continue to expand the scope of your corporate OSINT strategy.

If you don’t have a strategy in place to monitor what’s important, when it’s of most importance, you’re ignoring one of the most basic elements of operational risk mitigation. Stronger skills in this area together with the knowledge of your business environment will allow you to become much better and more effective for your business than any external experts. No matter how effective they may be, no one knows how important a specific piece of information can be to your business like you do.