Stealing other countries’ secrets is the form of intelligence gathering that gets most attention—and resources. But a mass of information is publicly available and just waiting to be collected, to produce what’s called open-source intelligence (OSINT).
Governments, including Australia’s, are working on how better to collect it, and one idea is to set up a central agency for the task. If that’s a solution, however, it’s not the full solution. Potentially valuable public information and the ways it is used are so varied that individual parts of the government each need to collect it and turn it into OSINT.
So, as an independent review into Australia’s intelligence agencies proceeds, a high priority should be strengthening OSINT capabilities dispersed through the government. Australia must have an ecosystem of OSINT capabilities that are fit-for-purpose, evolve with the information environment, embrace accessibility of PAI, and move forward in alignment with industry, academia, and the whole federal government—not just the national intelligence community (NIC).
Ben Scott of the National Security College argues that setting up a dedicated OSINT agency would rebalance the NIC’s work, putting more focus on publicly available information (PAI). And so it would. The problem is that there can be no one-size-fits-all OSINT capability: sources and applications are just too diverse.
OSINT centres that are fit for purpose must be tailored to deliver intelligence at the level and tempo required by each part of the government to consume and exploit. In practice, this means the demand for OSINT varies according to the operational demands of each agency. They will variously require specialised forms of collection and exploitation, sometimes sustained monitoring of enduring hazards, or unplanned or dynamic collection on emergent threats.
The Richardson review of the legal framework of intelligence collection provides a glimpse of these operational demands. The Department of Home Affairs, for example, uses PAI to inform policymaking, identify research gaps, and reduce the volume and effectiveness of terrorist and violent extremist content online. The department has a sustained high tempo of OSINT operations with a strong focus on people both onshore and overseas.
The Department of Defence, by contrast, requires the capacity to quickly scale OSINT gathering in support of war fighters during crisis and conflict.
Fit-for-purpose integration also depends on the intelligence maturity of the consumer. Some have access to exquisite intelligence, surveillance, and reconnaissance (ISR) assets. For them, OSINT will be geared for sharing with people at lower classifications, collecting against otherwise inaccessible targets, collecting faster and more cheaply and cueing other intelligence-gathering methods.
But operators at the tactical edge or organisations not traditionally served with intelligence may have limited or no access to exquisite ISR capabilities. For them, OSINT is the solution. Many parts of the federal government outside the NIC find themselves in this situation, and their organic capabilities should be empowered.
Moreover, OSINT centres must tailor and continuously adapt the inputs of their capability to the target information environment. As Scott outlines, we are amid an ongoing information revolution, where the potential of OSINT lies in capitalising on the growing volume, variety and velocity of PAI. The challenge of operating in this information environment lies in keeping pace with a landscape that varies by region and language and features unique and diverse platforms. This complexity extends to the diverse types of data generated on these platforms, including social media, news articles, satellite imagery, ship telemetry and more.
But the difficulty doesn’t end there. How you access, use, protect, and share this information can be governed by whether it is personally identifiable, copyrighted, or access-controlled. While a central OSINT agency can play a significant enabling role, diverse agencies in the government can excel at keeping pace with and exploiting their respective target environments.
Accessibility of PAI is the strongest argument for strengthening agency capabilities alongside a central body. Given the online nature of the information environment, if you have an internet connection, you have access to PAI. This accessibility is part of what makes OSINT so attractive to intelligence missions of all shapes and sizes—not just inside the NIC.
However, the seemingly low barrier to entry is deceptive. Operating legally, safely, and effectively over sustained periods demands more than just connectivity; it requires tailored governance, policies, training, and technology, and operating without that backing carries risks. Those include risks that may compromise the integrity of collection and analytical products, harm analyst mental wellbeing, expose sensitive information, break laws, or conflict with other missions.
Fortunately, agencies can already engage with these risks by leveraging the Government’s centre of expertise for open source within the Office of National Intelligence.
Accessibility is also the reason why, as Scott acknowledges, OSINT thrives beyond government. Industry, academia, NGOs and private citizens are all delivering innovative intelligence products, services, and research.
Australia is fortunate to have established vendors of OSINT training and managed services that already support, augment and complement a government workforce under strain. In the technology space, vendors build tailored OSINT tools and infrastructure that manage attribution and enhance all elements of the intelligence cycle. The challenge for all capability managers is in navigating a burgeoning marketplace, mapping their needs to the right mix of tools and services, and then optimally integrating them.