Looking at different use cases for Open Source Intelligence – contrasting ‘Foresight analysis’ with ‘Cyber Threat Intelligence’
Open-source intelligence means using data and information that is readily available (generally for free) in the public domain to gain a better understanding of things. In this post, I’m going to explore two different use cases for Open-source intelligence, one from an area of analysis known as ‘Foresight’ and another from the field of Cyber Threat intelligence (CTI). Contrasting these two, quite different, areas of analysis helps show where and what benefits open source intelligence can bring.
Use Case 1 – Applying Open Source Intelligence to Foresight Analysis
What is it? Foresight analysis is the name for an area of study that provides methods and tools for people to discuss the future. They generally culminate in visions and scenarios that describe potential futures for which strategy makers and policy planners prepare for. These have value because they enable decision-makers to run through hypothetical issues and trends for the future and come up with plans to address them.
How is data used generally in this case? The use of data in Foresight is quite complex, given the breadth of the subjects it could cover. Any given Foresight project could consider trends and activity over a timeline over 5-50 years. Additionally, the data that could describe any particular issue is generally broad. For example, to understand future trends you might need to combine economic data, data on climate change or social data the variety of potential data types is pretty much endless. At the same time, the tools used to interpret such data are equally broad, and generally based on scenario and ideas generation, again probably because of the challenges of handling data from a diverse range of potential sources and trying to understand complex things that could happen.
How can open-source intelligence analysis help? The challenges for Foresight are the breadth of the data being considered and how to combine its techniques to produce meaningful, quantifiable predictions that can be tested. At the moment you could argue about how well current Foresight methods do this – but this where the pursuit of open-source intelligence can be seen to be important.
Using open-source intelligence a vast array of source data can be gathered, classified and then processed to give us a structured evidence base of trends which can then be mined and analysed. Following such an approach gives us something that can fulfil two important criteria. First, having a structured evidence base provides us with an audit trail for reaching back to the sources that have informed our choices and beliefs on the future: this can reduce the impact of bias that can often be seen in traditional Foresight processes. Second, it gives us the foundation to derive metrics from diverse data sources – which can help us really model areas that are conventionally more difficult to apply metrics too (social trends as opposed to climatic trends for example). To summarise this bit further, it gives us the foundation to generate numbers and with these we can build meaningful models.
What are the challenges of this particular use case? Applying open-source intelligence to Foresight is likely to be valuable as it can increase the rigour and confidence in how we gather, model and understand data. However, there are some challenges to address:
- The actual market opportunity for Foresight is quite small. It’s hard to put a value on the Foresight market but it does remain a niche area of study that doesn’t have particularly large commercial demand. Strategy and policymakers do see some of the value of this work, but generally commercial opportunities in this space, although possible, are not huge.
- The influence of Foresight analysis could be limited because it’s hard to assess its value. Perhaps because Foresight is difficult to test (how successful can we say strategic advice really is?) it is challenging to see how, in its current form at least, it can be either tested or highlighted as a good process. For example, how useful have Foresight methods and tools been in our pandemic preparedness? If they haven’t been useful, why is this – is it that they don’t work or that they suffer from how they communicate their findings to policymakers? As many public health scientists have found in the COVID crisis, have they just been another group of experts whose advice has been ignored?
Use Case 2 – ‘Cyber Threat Intelligence’ – a real-world application of open-source intelligence
What is it? Cyber Threat Intelligence (CTI) uses open-source data to help cybersecurity specialists and analysts better understand and anticipate threats that occur in Cyberspace. Basically, it is an area of study that catalogues and documents potential attacks and threats that can occur in the virtual world – an increasingly important and vital part of infrastructures from your home, to local businesses, to government services and global supply chains.
How is the data used generally? As an area of study, CTI provides a body of well structured and meaningful data – with resources such as STIX and MITRE providing comprehensive, openly available standards. By contrast, Foresight lacks such easily accessible industry standards: as discussed before there are many different data sources in Foresight.
How can open-source intelligence analysis help? CTI has an established community of users and contributors who believe in the applications of data science. Generally, because of what it is, CTI is conducted by a community of users who are on a spectrum of technical ability and awareness – from hardcore coders through to analysts and specialists on the tools and techniques of cybersecurity. This gives a community of people open to data science and its application to improve how we anticipate and act on real-world threats. As a result, the application of open-source intelligence in this area is flourishing with analysis techniques being developed in tandem with machine learning and its applications.
What are the challenges of this particular use case? The cyber landscape is huge and there is no shortage of threats as we conduct more and more of our lives online, with events such as COVID rapidly accelerating this trend. This means there is a strong need to attempt to understand the open-source data that describes online cyber threats; even more so, there is a need to analyse, understand and act on this data – sometimes very quickly, when a cybersecurity incident is occurring, or about to occur. So there is a very immediate need that often needs to be addressed by CTI analysis – in contrast to Foresight which lacks this urgency and, in a sense, has fewer opportunities to test predictions and their underlying analysis.
Final thoughts on use case analysis
At this moment of time (Feb 2021), there is probably a stronger use case for the use of open-source intelligence and its application to structured datasets in the area of CTI. Compared with Foresight as a discipline, it offers both the data and the community who can enable its application. However, this doesn’t necessarily indicate that open source intelligence is not valuable to Foresight. For example, can we use the developments being made in CTI and the applications of open-source intelligence to make wider strides in how we analyse and understand other forms of analysis? Can the lessons we learn in anticipating and acting on cyber threats help us better anticipate and understand other strategic issues? With COVID still raging and our appreciation of how we use and understand data, as well as how political leaders use the advice of science, can we learn from this more widely?