The US’s Permanent Select Committee on Intelligence has created an open-source intelligence (OSINT) subcommittee in a landmark move.
OSINT use has risen steadily in both the intelligence community and enterprise environments – including for risk and cybersecurity analysis.
It has been driven by an explosion in publicly available data – and the democratisation of tools to analyse it. (“Celebrity” OSINT specialists showcasing their ability to identify people’s locations on social media at blistering speed has also driven increased interest in the power of OSINT.)
New OSINT subcommittee
“In an ever-changing threat landscape, the IC [Intelligence Community] is presented with both the opportunities and challenges of collecting intelligence and counterintelligence. This increasingly includes the importance of effectively leveraging Open Source Intelligence (OSINT).
“To help meet that challenge and ensure proper oversight of this evolution in the IC, we have created a new Subcommittee on OSINT… to address OSINT oversight in a more comprehensive manner” the House’s intelligence committee said on February 8. This will be chaired by Republican congresswoman Ann Wagner.
“We applaud the House Permanent Select Committee on Intelligence for establishing a Subcommittee dedicated to Open-Source Intelligence (OSINT). As more data and information is public daily, it provides valuable insights to the Department of Defense and Intelligence Community,” said the Special Operations Association of America, a veterans organisation.
In the enterprise, OSINT can be used to support supply chain risk management, loss prevention, financial crime and cyber threat intelligence. Scholars and practitioners alike, however, debate whether OSINT can be considered a strict discipline, on par with human intelligence (HUMINT), signals intelligence (SIGINT), imagery intelligence (IMINT) et al, although it stands apart by relying on non-secret sources.
Experts have warned, however, that the rise in convincing deepfakes gives adversaries the opportunity to "poison" open-source data.
As one paper for the Royal United Services Institute (RUSI) earlier noted: "Approaches that might help to mitigate this risk include: a strong understanding of the information environments of both adversaries and allies; and pairing skilled subject-matter experts with innovative technologies that are able to detect and measure changes in particular themes or targets within the information space.
"Verification processes should evolve in correlation with new trends – a method for verifying information from one year ago may not work in two years’ time, suggesting the need for ongoing review and updating of professional OSINT standards across the security community..."
