Open Source Intelligence Professionalism: Distinguishing “OSINT” from “Pro-SINT”

There is currently a gulf between multiple definitions of the term “open source intelligence” (OSINT). For example, the US intelligence community’s narrow legal definition of OSINT is perhaps the most highly regulated and rigorously monitored government function in the US constitutional balance of powers, with potential impacts on civil liberties. individual and private life. Several different OSINT concepts now shape national and alliance intelligence, cybersecurity, and defense strategies. Simply type a search for “open source intelligence” or “OSINT” into any Internet search engine, academic database, or non-paid online news outlet and you will immediately see that OSINT is revolutionizing the intelligence landscape. national security and global affairs, across geopolitical zones from Ukraine to Taiwan, and in new industries ranging from synthetic biology to space technology.

In March 2024, Central Intelligence Agency Director Amb. Bill Burns and Director of National Intelligence Avril Haines co-signed a 2024-2026 Open Source Intelligence (OSINT) strategy for the United States. The strategy commits to enhancing and modernizing the IC’s approach to OSINT.

The strategy document and a series of policies subsequently released included a crucial new inclusion of the term “commercially available information (CAI)” in their definition.

I propose a subtle new term of art to help bridge significant gaps in understanding between allied governments, industry, academia, and the public. As threats continue to converge across domains, the role of professional firms in the intelligence data collection, analysis, and ecosystem will likely continue to align around what I call “professional OSINT.” (Pro-SINT). It stands out from a growing body of crowdsourced, amateur, and other unfiltered OSINT efforts using only publicly available information.

In a rapidly converging threat landscape, there is an undisputed need for allied OSINT practices to discover threat data in the wild, provide cutting-edge collection capabilities, and accelerate information sharing for security across public sectors and private. Several recent symposia and conferences have highlighted the importance of these practices, emphasizing the need for strong public-private partnerships in the collection and dissemination of intelligence.

The July 2024 NATO Summit in Washington, DC, proved a timely opportunity to discuss and strengthen these capabilities, particularly in light of the emergence of hybrid threats posed by nation states such as Russia, China, Iran, and North Korea, among other small-time rogue cybercriminals. actors and havens for cybercriminals. To illustrate the seriousness with which the alliance views these threats that affect all sectors of free society, NATO, together with the European Marshall Center Partnership for Peace Consortium, made up of more than 800 training institutes across defense and security, published a new reference program entitled Hybrid Threats and Hybrid Warfare. This program was the first of many aimed not only at government trainers and course developers, but also at the business audience.

The critical role of OSINT was also highlighted at a recent European OSINT symposium at King’s College London, where representatives from Sweden and Ukraine publicly shared compelling ideas on the effectiveness of OSINT. OSINT in their national security strategies, emphasizing the importance of maintaining professionalism in OSINT. Similarly, a Canadian alliance workshop titled “Covert Threats from Public Sources” organized in Ottawa, Canada, by the Canadian Security Intelligence Service (CSIS) with Carleton University, brought together experts from academia, from government and industry to discuss the evolving OSINT landscape under one roof. of OSINT defined as “intelligence derived exclusively from publicly available information (PAI).” Observations from the Canadian workshop highlighted the importance of professionalism in OSINT, particularly for global governments and large multinational corporations which are rightly subject to public scrutiny regarding privacy, legal concerns and ethical.

For the purposes of common understanding and to distinguish ourselves from non-professional OSINT practitioners, I propose to organize professional international open source intelligence efforts around the following definition:

“Pro-SINT is open source intelligence professionally derived from both publicly available and commercially available information. Pro-SINT is distinguished from several official and unofficial definitions of the term OSINT as used by governments and from a more commonly understood general use of the term. Pro-SINT is a subset of the broadest possible definition of the term OSINT. Pro-SINT meets specific customer requirements and proprietary information needs, whether for private use or for public sector decision support. Customer requirements for Pro-SINT are rightly protected from public disclosure, with legal protections as government secrets or proprietary business interests.

To address the complexities of modern hybrid threats facing all of society, it is essential to differentiate between general use of OSINT and Pro-SINT. Achieving a narrower, commonly defined understanding of Pro-SINT can provide the starting point for a framework for having substantive and transparent policy conversations about professional, ethical, and legally defensible virtual intelligence operations. This is crucial to maintaining the trust and effectiveness of any allied country’s intelligence services and for multinational corporations who also face legitimate demands for accountability from regulators and the public.

The US-based OSINT Foundation, open only to US citizens and US businesses, illustrates a set of best practices and definitions that could benefit more international allies. Sharing these practices and promoting public-private partnerships using both CAI and PAI can improve the professionalism and effectiveness of OSINT efforts worldwide.

Professionalism in OSINT means adhering to privacy laws, avoiding malicious use of information, and ensuring that all intelligence activities serve an ethical and legally justifiable purpose. This involves active participation in the development of privacy policies, laws and protections, in collaboration with stakeholders across Europe and NATO.

Here are some examples of why it is so essential that a public-private and international “professional OSINT ecosystem” be developed and encouraged, specific to NATO and other like-minded countries:

• Governments must make informed decisions to safeguard national interests and those of their allies.
• Private companies and boards of directors need information to protect themselves against a growing number of cybercrime actors and state-sponsored threats.
• Universities and research institutes must protect intellectual property.
• Global media entities need ways to validate reliable information and debunk false narratives that can be amplified by deepfakes and generative AI in a real-time global information environment.

By adopting a subtle distinction between General OSINT and Pro-SINT, we can ensure that the intelligence collections carried out by those who are paid for this work are professional, ethical, and legally defensible. This approach will build trust and cooperation among allied countries and improve our collective ability to effectively identify, address and mitigate hybrid threats. Pro-SINT can help clarify which individuals, organizations and activities we collectively want to see thrive and adhere to rigorous ethical standards and guidelines, aligning with allied government values ​​and business transparency requirements publicly traded and regulated industries.

Let us continue to grow the diverse but like-minded network of OSINT professionals who share our core values ​​of human rights, freedom, democratic principles, and transparent business practices. Sharing best practices and fostering public-private partnerships within Pro-SINT can improve the professionalism and effectiveness of OSINT efforts worldwide, but we must start with a common understanding of the business of professional information .

Andrew Borene is executive director of Flash pointthe world’s largest private threat intelligence company. He is a former senior official in the Office of the Director of National Intelligence, where he led initiatives in counterintelligence, counterterrorism, open source intelligence, and advanced technology. Previously, he served as an advisor to the CIA, associate deputy general counsel at the Pentagon, and is a veteran of the United States Marine Corps.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located in the European Economic Area.