Vanguard
Security

Intelligence information management in joint environments

Just days after the December 2009 attempted bombing of a US airliner, President Obama said: “The bottom line is this: The U.S. government had sufficient information to have uncovered this plot and potentially disrupt the Christmas Day attack, but our intelligence community failed to connect those dots which would have placed the suspect on the ‘no fly’ list. In other words, this was not a failure to collect intelligence; it was a failure to integrate and understand the intelligence that we already had.”

Obama was referring to intelligence organizations at the national level, but the statement can just as easily apply to multinational organizations or joint operational settings, where the challenges of post-war reconstruction and countering insurgent, terrorist and organized criminal networks, coupled with increases in information volume and dissemination rate, have made connecting the dots all the more essential.

Faced with largely the same information sharing, processing and management challenges as national intelligence agencies, multinational organizations carry the added burdens of not only operating in complex and often chaotic operational environments with a frequently rotating, and therefore much less stable, workforce, but are also faced with an equally unstable and therefore unreliable knowledge environment. While both factors contribute to an increased likelihood of intelligence failure, only the latter can be improved upon as international organizations have little or no authority over the type, frequency and duration of appointment of seconded or deployed personnel.

The question, therefore, is how joint intelligence units operating within multinational organizations and restrictive budgetary environments can reduce instability in their knowledge space while simultaneously improving their ability to effectively and accurately “connect the dots” in a timely manner?

In laymen’s terms, connecting the dots is a term generally understood as an internalized mental process through which an analyst discovers, deduces or makes sense of something pieced together from various multi-sourced nuggets of information, much like how a puzzle evolves and forms a larger picture as pieces are added to it. This interpretation of the term, however, sometimes leads to the unrealistic belief that more information automatically leads to less uncertainty and more connected dots, and therefore to a reduction in the likelihood of intelligence failure or surprise. Hence, there also tends to be a constant perceived need for more collection (methods, assets and output), which yield more information and ultimately lead to better analytical outcomes and intelligence results by reducing uncertainty. As evidenced by past events and highlighted by President Obama’s statement, more collection and higher information volumes do not necessarily lead to more connected dots or to better intelligence outcomes.

Another meaning attributed to “connecting the dots” is one where analysts draw relationships between various types of entities in an effort to map what they already know, without necessarily drawing initial conclusions from the relationships themselves. In this sense of the term, connecting the dots actually means the meticulous connection of dots, or bits of previously disconnected pieces of collected data, information and intelligence to each other within a virtual environment for the purposes of future analysis; or, from a data visualization perspective, to map and preserve existing knowledge.

In both instances, what tends to be most often overlooked or ignored are the information management processes between the collection and analysis phases of the intelligence cycle. In other words, while a particular organization’s strengths may lean toward either collection or analysis, or in some cases both, most remain weak when it comes to bridging these two functions because neither analysts nor collection managers/specialists want to be “information managers” and therefore responsible for the tedious naming, storing, archiving, organizing, cross-referencing and retrieval of information.

Unfortunately, though not surprisingly, these tasks are generally relegated to support, administrative or IT professionals rather than intelligence specialists because collection managers and analysts are either busy collecting information, getting it to where it needs to be, or analyzing it to determine its meaning and significance, producing analytical products, and getting those to where they need to be.

In short, the governing mechanisms which guide the organization and management of the information itself, such as the policies, practices and the non-IT user-defined needs and methods of processing intelligence information, both prior to and during its integration into the larger virtual knowledge environment, are predominantly driven by IT requirements whose primary concerns are often technical or systems-focused rather than intelligence function based. Consequently, as analysts leave or are deployed elsewhere along with their institutional knowledge and memory, they leave behind vast vaults of unstructured, semi-structured or unmanaged data, information and intelligence along with little more than best wishes for those arriving or left behind, along with an assumption that all of the information will be retrievable and usable as long as the right software is available.

NATO’s coalition environment was no different. As its mission in Bosnia Herzegovina, and its subsequent missions in Kosovo and Afghanistan demonstrate, fusion centers, information sharing initiatives, good collection and good analysts all coupled with endless mounds of information flowing between them are a necessary, but insufficient, criteria for intelligence success. Moreover, if supported almost entirely by automated software solutions, systems and data administration initiatives in the absence of a data governance framework, which codifies how intelligence information is processed by intelligence specialists for intelligence needs in the post-collection and pre-analysis phases, no amount of information sharing initiatives or fusion centres will be sufficient.

Information loss
Prior to 2001, NATO’s Stabilization Force (SFOR) mission in Bosnia Herzegovina relied on a distributed update and query mechanism to manage, store and share mission-wide intelligence information between its three regional commands and its mission headquarters in Sarajevo. At pre-determined intervals, each area command would provide a copy of its database to the mission HQ, which subsequently amalgamated all these databases into a single mission database, giving it (in theory) a geospatially displayable, cross-referenced joint (multinational) and fused (multi-source) intelligence picture. This unified mission database was then “pushed” back to the area commands, so that each would have the same theatre-wide view and level of awareness.

The overall intent was to maximize information entry, storage, sharing and distribution between the geographically separated headquarters, with an aim to maintaining situational awareness, improving overall intelligence sharing and capability, while striving toward intelligence-led operations and a stabilization of corporate memory.

While the distributed query aspect of the arrangement worked relatively well, the distributed update left much to be desired. Due to numerous information management-related factors, intelligence personnel at the HQ and area commands progressively lost confidence in the local and theatre-wide databases, which in-turn led to a plethora of uncontrolled personal, small group and even local command initiatives aimed at “fixing” the information processing and management problems by initiating local, technological data administration solutions.

Projects and proposals varied with each new rotation of personnel, and included developing ad-hoc, new or topic/target-focused databases of varying sizes and complexities, managing information and events through spreadsheets, or advocating the use of network-shared file and folder structured “data-warehouses” combined with free-text search engines and/or data-mining technologies as a means of “managing” intelligence information. Because of the rotational environment within which these initiatives were implemented most, if not all, had unpredictable life spans.

Without exception, however, each initiative managed to achieve the exact opposite of its desired effect and resulted instead in perpetuating information loss and causing a further degradation of confidence in the mission intelligence systems already available.

As the information management situation worsened and significant amounts of information and data were either lost or became irretrievable, analysts continued to drown in a daily deluge of incoming reports and outgoing production requirements, while continuing to carry the added burdens of looking for a solution to their information management problem as well as acting as information managers for their own issues, targets or cases.

Concurrently, personnel filling intelligence billets with the joint intelligence teams came from different participating countries and therefore varied in intelligence training and experience. In some cases, they faced the added challenge of working in a language other than their native tongue. Depending on who replaced whom, skill, language and competency levels varied not only with each rotation but also within each position. Consequently, these factors led to a self-reinforcing and self-propagating downward spiral of negative information management practices, unchecked and immeasurable information loss, decreasing confidence in the systems available and an increase in the initiatives to “fix” these shortfalls. Ultimately, it resulted in a cycle of theatre-wide information hoarding and the unbridled creation of ad-hoc databases and information storage and management practices.

Reversing the downward spiral
In an attempt to slow and eventually reverse these trends within the framework of its existing intelligence doctrine, NATO, instead of augmenting its analytical or collection capacities, chose to reinforce its intelligence information management (collation) capacity at the mission HQ level. Its intent in doing so was four fold:
· first, to reduce the impact of personnel turnover and sustain a single, fused (and functioning), visually displayable mission intelligence database;
· second, to have a database with source-based links between all of the entities within it (people, events, organizations) coupled with embedded information on why each entity and link was created;
· third, to reduce analyst workloads, acclimatization and research times as well as the frequency of analytical error, such as confirmation bias, while assisting in the production of timely and relevant intelligence products;
· and lastly, while improving and increasing information retrievability, it sought to restore internal and command confidence in existing intelligence systems without increasing spending on new tools, software or other IT-based “solutions.”

It achieved these goals by, initially, civilianizing the chief intelligence information manager (collation) position at the mission HQ level and creating an intelligence IT systems manager position. This move resulted in first, immunizing its lead intelligence information management post against the incessant rotation of staff (and resultant variances in approaches) at the HQ level. Second, coupled with the removal of database write access at the regional levels and simultaneous increase of update and database dissemination efforts at the HQ level, it helped stabilize information quality and availability at all levels. Third, it provided SFOR with a means of developing and enforcing new standard operating procedures (SOPs) relating to intelligence information management. Lastly, it provided the SFOR intelligence division with its own dedicated IT specialist, whom it could encourage to see the world from an intelligence needs rather than IT-only perspective. This also meant less “waiting in line” for assistance from the help-desk for even the smallest of issues while ensuring that its intelligence systems were always online and functioning correctly.

Over time, these changes and subsequent updates to the relevant internal practices and SOPs succeeded in reversing the downward spiral of information loss and lack of systemic confidence, and led to the progressive achievement of SFOR’s sought after outcomes.

Overall, the combined effect of these changes proved so successful that NATO’s neighboring mission in Kosovo (KFOR) and its subsequent mission in Afghanistan (ISAF) eventually adopted the same basic intelligence information management model, with minor variations due to mission setting, tempo and operational needs. Similarly, NATO supported the European Union Force (EUFOR) in establishing its own intelligence information management team in Sarajevo in an effort to keep it from repeating lessons already learned.

Ultimately, the lessons and successes were crystallized into a unified strategic vision: Allied Command Operations (ACO) Directive AD65-13 “Intelligence Collation Management.” Other than the section on intelligence collation in NATO’s intelligence doctrine (AJP 2.1), AD65-13 remains the only strategic policy resource which groups all intelligence information management or collation management matters into a single all-encompassing document and acts as the policy root for both funding and organizational or personnel allotments in new or existing joint (NATO) mission intelligence environments.

Other than simply defining Intelligence Collation Management (ICM), AD65-13 provides the foundation for an intelligence-specific data governance framework as well as rationalizes its purpose as the critical bridge between collection and analysis.

As a testament to its creation, and with NATO HQ Sarajevo and Supreme Headquarters Allied Powers Europe (SHAPE) guidance, a KFOR initiative to create several new positions and establish its own civilianized ICM team in 2007 was successful. Although far from being the panacea to all intelligence and information management challenges, the successes of NATO’s ICM concept and teams in Sarajevo and Kabul demonstrate the utility and applicability of ICM principles in joint intelligence environments, irrespective of mission length or complexity, while also highlighting the potential for introducing and integrating ICM concepts at the national level in an effort to improve domestic intelligence management, collection, analysis and production.

Arpad Palfy was the Head of Intelligence Collation Management at the NATO HQ in Sarajevo from 2004 to 2008, and was senior advisor and SME throughout the development of NATO’s (ACO) Directive on Intelligence Collation Management (arpad.palfy@gmail.com). He would like to thank Sebastien Godefroid, Michael Innes and Paul Stanley, scarred information warriors who at one time or other led valiant charges into the unknown.

Related posts

Canadian Rangers from Nunavik honoured

Stewart Downing
March 3, 2016

Key figure in Canadians’ beheading killed in clash with Philippine troops

Stewart Downing
April 12, 2017

EP 50: The major challenges of body-worn cameras

Marcello Sukhdeo
May 5, 2017
Exit mobile version