top of page

How needs intelligence? Anyone who is in a decision-making role in an environment with uncertainty.

What is intelligence? Information that has been collected and analyzed specifically to reduce uncertainty in a decision-making process.

Intelligence is the process of gathering, processing, collating and analyzing information in order to give an authority making decisions for an organization (a commanding officer, a prime minister or other minister, or executive officer) to make an informed decision in pursuit of their mission. That mission could be a military operation given the military by a government or a higher organization, the implementation of an Act of the legislative branch by government, or the launch of a business plan. Intelligence is generally the ability to answer questions over which an authority does not have direct knowledge or control. In the military, this used to be summarized as the enemy, weather and terrain; however, since the invasions of both Afghanistan and Iraq, a fourth unknown has been added: the civilian population: for a military operation to succeed, it is necessary to understand how civilian population will affect and respond to a military operation. Similarly, the government does not control foreign countries, foreign corporations, and other foreign non-governmental and criminal organizations. Governments could also seek intelligence on denizens and organizations within a country, although this is usually restricted to criminals and criminal organizations. Finally, corporations cannot control governments, other corporations, and people: it may be useful to be aware of the intentions of a government (perhaps to influence policy), or the research and development strategies of competing corporations, or the response of individuals or more usually groups to a corporation's business.

In our discussion, we must refer to three types of operations. I will call these

  1. boundary,

  2. interior, and

  3. trans-boundary

operations. The first is the traditional defence or attack of a defined boundary: the operations generally associated with military operations:

  1. advance to contact,

  2. the deliberate attack,

  3. defence,

  4. withdrawal.

The second include operations that are held either within the interior of friendly territories, or within the interior of adversarial territories, including:

  1. assassinations,

  2. cyber,

  3. deception,

  4. espionage,

  5. intelligence gathering,

  6. reconnaissance,

  7. sabotage,

  8. space,

  9. surveillance,

  10. target acquisition, and

  11. terror.

The third includes operations that involve both interior operations together with the crossing of boundaries, including:

  1. arms trafficking,

  2. smuggling,

  3. human trafficking,

  4. narcotics.

 

Describing these in detail as to their characteristics:

  1. For boundary operations, this generally involves the defence of or offence against a point, route, or area target. In general, both friendly and adversarial forces control an area, and at least one has the goal of controlling the area currently controlled by the other.

  2. For interior operations, this generally involves the defence of or offence against point, route or area targets behind designated boundaries, be these national boundaries, or the forward edge of the battle area (FEBA), although the goals tend to be more varied based on the operation.

  3. For trans-boundary operations, these generally involve operations that are interior operations but also require the transportation of items across boundaries.

The army generally performs operations within the scope of boundary operations, and while the air force may be called to support boundary operations, it is also possible to perform interior operations. The navy generally tries to control areas of the high seas, but can also perform interior operations, while also performing or defending against trans-boundary operations. The coast guard is an organization that specializes in preventing trans-border operations.

 

The issue with interior operations is that there are generally significantly more targets than can effectively be defended at a reasonable cost, and thus different strategies must be used other than those usually reserved for the defence of a traditional boundary (e.g., fortifications, trenches, etc.). Consequently, the tools available differ from the traditional tools of a static defence. Similarly, there will be a different set of tools used to counter interior operations, and there will be other common tools used to protect those engaged in interior operations. We will thus discuss why those who specialize in intelligence gathering are able to engage in sabotage or assassinations, while those who specialize in counterintelligence are so often able to engage in counterterror or counternarcotics (at least, the interior aspect thereof).

Who directs the production of intelligence?

It is useful to understand that in good governance, there is usually a body that deals with the policy of an organization, and a body that deals with the execution of that policy. In larger organizations, these bodies are generally independent, as the consideration of long-term policy differs from the day-to-day execution of policy. For government, the legislative branch sets policy (the law) and the executive branch enacts that law. In Canada, the executive is lead by the Cabinet (comprised of various Ministers and others and headed by a Prime Minister), and there is a significant overlap between the Cabinet and the House of Commons, while in the United States, the Cabinet (comprised of Secretaries and others and headed by a President) is completely disjoint from the House of Representatives and the Senate. In a small company, an owner simultaneously sets policy and runs day-to-day operations of that company. In larger corporations, there may be a Board that sets policy for the corporation, and that board is elected by the shareholders, while the day to day operations are run by a Chief Executive Officer who also oversees a C-suite of other officers (including chief officers for operations, finances, technology, information, marketing, communications, etc.) While the CEO and other chief officers may also be members of the Board, the Board also includes others who are more focused on the long-term policy of the company. The military is slightly different, in that the policy for the military is set by the legislative branch. For example, in Canada, the long-term policy is set by the legislative branch and this long-term policy prescribes certain responsibilities to the Ministry of National Defence, which in turn assigns responsibilities to the military commanders. In the military chain-of-command, the commander is responsible for all individuals under that commander's responsibility, be it a unit, ship, etc. The administration or execution of larger military organizations is performed by staff officers who report directly to the commander. The exception to this in Canada is that while the reigning monarch is the Commander-in-Chief of the Armed Forces, the day-to-day commander is the Chief of the Defence Staff.

There are similarities in the design of the C-suite, the Ministers in the Cabinet and the Staff Officers in the military:

  1. For every aspect that the CEO needs to run the corporation, there is an appropriate chief officer. Most corporations do not have a Chief Medical Officer, but a hospital may very likely have such a position. Smaller corporations may not have a Chief Communications Officer, but in the past few decades, Chief Technology Officers have become much more common.

  2. For every aspect that the Prime Minister determines that it is necessary that a Cabinet member oversees that aspect of Canadian society, there is a Minister. There has been a Minister of National Defence for decades, and before that it was a Minister of War. The government elected in 2021 has introduced a Minister of Mental Health and Addictions. In the United States, Ministers are titled Secretaries.

  3. For every aspect that a commander must control, there is a staff officer tasked to deal with those, including: personnel, operations and training, logistics, civil-military operations and communications.

The one outlier to this is the gathering of intelligence: that is, the ability to collect, process, collate and analyze information regarding aspects not under the control of the CEO, the PM or the commander. 

  1. Most companies do not have an organization to collecting intelligence. It simply does not make economic sense. Instead, companies will often contract with private corporate intelligence companies who will provide such services under contract for clients.

  2. The ability of the executive branch of government to collect intelligence has been recognized as being very dangerous, for if misused, it can give the executive branch significant power that is antithetical to liberal democracy. Instead, the legislative branch defines the terms under which an intelligence agency can operate, and then the executive branch can task that organization, but only within the scope provided for by law. CSIS is one such organization, and by law can only provide intelligence on subversion, terrorism, and foreign espionage. CSIS was set up when it was determined there were systemic and irreparable issues with the intelligence services provided by the RCMP; an organization that had the task of both providing policing services and intelligence; however, the RCMP used illegal means of collecting intelligence including unauthorized opening of mail and break-and-enter. Of course, CSIS is not immune from illegal activities as that organization soon after its creation collected information on labour unions.

  3. For the military, however, the gathering of intelligence is so central to operations that there is, in addition to staff officers for personnel, operations, etc., a staff officer responsible for intelligence. There are also units responsible for producing intelligence, with a division having a company-sized intelligence agency.

There are two general aspects with respect to the work of intelligence:

  1. preparation of the operational environment, and

  2. responding to requests for intelligence to aid in the decision-making process of the directing authority.

The first aspect involves the analysis of the operational environment (be it business, national or international affairs, or peacekeeping, security or military operations). This includes the creation and continued maintenance of an intelligence estimate, and it involves the groundwork for creating intelligence products, such as databases, assets, and training of specific organizations. This preparation allows the intelligence agency to respond to the directing authority (the C-suite, the Cabinet, and commanding officers and their staff) during its decision-making process may require information about aspects of their operational environment that they cannot control, but which will or may have an impact on their decisions and operations. ​The directing authority will therefore request or contract with intelligence agencies to collect specific intelligence to aid in the decision-making process. The preparation of the operational environment provides the framework, while the intelligence cycle describes the response by intelligence agencies to specific requests for intelligence.

Intelligence support of the operational environment

For any operation, there are three phases of intelligence support:

  1. preparation,

  2. maintenance, and

  3. transfer

of the operational environment. We will look at each of these. When you look at six-year long wars like World War II or the even longer cold war, it may appear to be one long continuous event; however, for the ability to maintain command and control, these are all divided into separate operations. A very few number of very specific operations may be going on for decades, such as an operation targeting the bugging of a specific embassy, but most operations are time limited. When an operation starts, it is necessary to build up an intelligence picture of the operational environment, and throughout the operation, that picture must be maintained. When the operation is shut down, the information and intelligence collected must either be transferred or destroyed.

Intelligence preparation of the operational environment

When we an intelligence agency is tasked to support an operation, once the agency has been given the objective of the allied forces and the resources available, the first task of the agency is to determine:

  1. the scope of possible priority intelligence requirements, the range of possible information requirements and corresponding indicators,

  2. possible sources and allied intelligence agencies,

  3. the processing and collating requirements of information that may be obtained, and

  4. the expertise required to analyze the required information.

1. Determining the scope of possible priority intelligence requirements, the range of information

The Operational Scope (OpS) of possible priority intelligence requirements is determined by first defining the environment.

Examples of the Operational Scope include:

  1. For a military operation, this may include the area into which a commander will deploy or manoeuvre forces to achieve the objective of the operation, but it will also include the area from which an adversary could potentially counter that operation.

  2. For government, it may be domestic (suppressing terrorist organizations), regional (aid during a disaster), or international (countering foreign industrial espionage).

  3. In business, the environment may be a specific market for a product or line of products, or the penetration of a new region such as another country or region.

In general, the Operational Scope is defined by the directing authority, and thus not an unknown, and therefore not a question for an intelligence agency.

1.1 Determine operational factors

Within the Operational Scope, identify the

  1. allied,

  2. adversarial,

  3. neutral,

  4. the indigenous population, and

  5. environmental

Operational Factors that will impact the achieving of the objectives of the operation. Some Operational Factors may be unknown to the staff (such as the attitude of a local civilian population), and thus may form the Priority-1 Intelligence Requirements

Examples of Operational Factors within the Operational Scope include:

  1. For the military, the adversaries are any organizations, groups or individuals who may actively engage in preventing the directing authority from achieving their objectives, while in business, adversaries may include competing corporations but also governments of countries supporting their domestic corporations or hampering foreign corporations.

  2. For the military, neutral aspects may include civilians who live or work in, or neutral military forces located in the Operational Scope, while in business, neutral populations may be markets and consumers together with governments friendly to competition, trade and business.

  3. For the military, the environment includes weather and terrain, while in business, global warming may be considered to be an impact to certain corporations.


The environment elements will impact allied, adversarial, neutral elements and the directing authority's organization, while all allied, adversarial, and neutral elements will impact each other and the directing authority's organization. It is now necessary to identify:

  1. Those characteristics of any of these elements that may impact the directing authority's mission.

  2. Those characteristics of any of these elements that may impact those elements identified in 1.

1.2 Determine those operational factors that are of interest

Those Operational Factors that that have been assessed to potentially impact the ability of the directing authority to achieving their objectives of the operation are described as Operational Factors of Interest (OFIs). If the impact of an Operational Factor is unknown, this may form a Priority-2 Intelligence Requirement. OFIs may also be interpreted as potential threats for the mission. At this point, the OFIs should be given a preliminary OFI Priority (OFIPri) based on a rapid assessment of their expected relative impact on the Directing Authority's mission. As resources become available, they will be directed to those OFIs of highest priority.

For example, if the civilian population is not impacting the achievement of military objective, it is not necessary to potentially consider the impact of the weather on that population; however, if the civilian population is potentially impacting the achievement of the objectives (through, for example, obstructing traffic), then it may also necessary to take into consideration the impact of the weather on that civilian population.

1.3 Determine relevant attributes of the operational factors of interest

The next step is to list the attributes (characteristics, effects or capacities) of any Operational Factor of Interest that may affect the impact on the Directing Authority's mission. These are described as OFI Attributes. If an attribute is unknown, this may form a Priority-3 Intelligence Requirement. As the attributes are analyzed, this may result in an adjusting of the of the OFI Priorities.

For example:

  1. A commander may be aware that they are facing the elements of a brigade-sized organization, but it may be unknown as to whether or not specialized units have been attached. For example, a rocket artillery battalion could be attached to a defending brigade, as an example.

  2. Alternatively, an effect of future rain may render certain terrains less traversable or even unpassable while at the same time generally degrading the morale of defending forces who are required to maintain defensive positions that generally tend to be less protected from the effects of rain than bivouacs, as their focus is on protection from artillery and small-arms fire. 

1.4 Qualify or quantify relevant attributes of the operational factors of interest

The next step is to determine, if not already known from the current intelligence database and holdings, the qualitative or quantitative assessment of any OFI Attributes, or OFIAQ². This is much more specific to the specific attribute: how much artillery and what calibers, how many infantry personnel, what is the quality of the defences, what is the morale? Each of these will dictate the potential impact of the attribute on the Directing Authority's mission. Once again, if a qualitative or quantitative assessment is unknown, this may form a Priority-4 Intelligence Requirement. The OFIAQ² will result in the ability to analyze actual threats to the mission.

1.5 Determine the impact or courses of actions of the operational factors of interest

At this point, it is therefore possible to begin determining possible courses of action of any operational factors of interest: what is the adversary likely to do. Associated with each course of action (COA) of an adversary, there will be associated relevant high-value targets (HVTs). Each potential course of action must be associated with a probability of the adversary following that course of action. If two or more potential courses of action currently have approximately the same likelihood, this uncertainty forms a Priority-5 Intelligence Requirement and differentiating these potential courses of action should be resolved as soon as possible. This information, when passed to the directing authority, will aid that authority in its decision-making process with respect to these operations.

For example, normally one considers adversaries as the most dominant threat to military missions; however, suppose an organization is engaged in providing disaster recovery. At this point, one of the most significant threats to the success of the mission may be the weather and any indirect impact of that weather. While the current weather and even forecasts together with knowledge of the ground may be known, the impact of the weather on features such as roads (being washed out) may be unknown. Not having engineering assets available to deal with such situations may result in more serious delays; however, including engineering assets if not required may divert them from where they are necessary and may incur additional expenses.

This ordering of the priorities is necessary:

  1. Not knowing what factors exist is worse than

  2. not knowing which factors may affect you, which is worse than

  3. not knowing the attributes of those factors that you understand that may potentially affect you, which is worse than 

  4. not knowing the precise qualitative or quantitative characteristics of the relevant attributes, which is worse than

  5. not knowing what the adversary is going to do.

All of these aspects must be considered throughout the entire operation, and must be constantly updated as new information comes in. Throughout an operation, a new unit may be sent in to reinforce an adversary's strength. Once that unit is identified, it must be assessed as whether or not it will affect the operation, and if it has been determined to affect you, what attributes are relevant, and what is the qualitative or quantitative assessment of each of those attributes?

Note that these may be done in parallel at some point. Those factors that have been identified can be immediately analyzed to determine whether or not the are of interest, and those that are found to be of interest can be analyzed with respect to their relevant attributes. Meanwhile, the intelligence cycle be started to  determine unknown factors, or determine if a known factor is actually of interest to the Directing Authority's mission.

 

As this information becomes available, it is next necessary to to determine the impact of each OFI on the Directing Authority's organization and operations in terms of an Intelligence Estimate. This is a standardized five-paragraph report to the Directing Authority operations staff specifying:

  1. the mission (a reiteration),

  2. the operational scope and its relationship to the area of operations for the Directing Authority's mission,

  3. the highest-priority operational factors of interest likely to adversely affect the Directing Authority's mission, 

  4. the expected impact of those highest-priority operational factors of interest on the Directing Authority's mission, and

  5. conclusions.

Each of these will, in the appropriate situation, provide input in the directing authority's decision-making process.

Determining possible adversarial courses of actions (adversarial COAs) requires understanding the state of the current adversarial organizations in your Operational Scope, knowledge of the mission and intentions of those organizations, and an understanding of the strategy, tactics and procedures of those organizations. This, together with potential impacts on those adversarial organizations by other Operational Factors of Interest (OFIs), will hopefully allow the intelligence analyst come up with a reasonable estimate of what the adversarial organization will do to threaten the Directing Authority's mission. When possible, knowing characteristics of the adversarial directing authority's personality would certainly help; however, such details are often more difficult to collect, although such details may become available through human intelligence.

2. Determining possible sources and allied intelligence agencies

Even prior to the determination of any Priority Intelligence Requirements (PIRs), it is likely that lists of possible sources of information and allied intelligence agencies either already exist or can be easily prepared. Liaisons should be established with allied intelligence agencies and specialized intelligence assets and units trained in intelligence gathering, and sources should be provided, where possible, with the training necessary if they are called upon to perform some sort of information gathering task. The priority of such training will of course depend on other aspects. For example, if an engineering battalion is seconded to this mission, it is likely to have both engineering intelligence and engineering reconnaissance detachments

integral to its organization. Liaisons with these assets should be established to provide mutual support:

  1. timely responses to intelligence requests from the engineering battalion, and

  2. being able quickly request intelligence and information from the engineering battalion assets.

Such liaisons would also allow each party to more correctly assess each others intelligence gathering capabilities.

In longer-term operations, it may be necessary to develop human-intelligence sources within the Operational Scope.

One critical aspect of determining possible sources and allied intelligence agencies includes Risk Management. For example, certain sources will entail greater cost or great likelihood of compromise. If an adversary becomes aware of allied information gathering tasks, then adversarial intelligence agencies may be able to determine specific aspects of the Directing Authority's mission. Certain sources will have greater likelihood of success but at greater cost: is it better to send out a specialized reconnaissance unit that may be able to get within 200 m of a target, or would be be safer to use an infantry patrol, which may only be able to view the target from 400 m. Sending non-specialized infanteers on a tasking that should be reserved for specialist reconnaissance units may result in better information, but at a much higher risk of detection and thus tasking failure. Communications with neutral intelligence agencies may result in penetrations of those agencies gaining knowledge of requests made to such organizations, information that could be passed back to adversarial intelligence agencies. As a consequence, it may be necessary to expand on the available resources by making appropriate requests, or perhaps tasking separate sources to collect information on the same indicator to allow for redundancy and a greater likelihood of success in obtaining such information. It may also be determined that certain indicators cannot be determined with a reasonable level of risk, and therefore it may be necessary to determine alternative indicators, together with alternative sources.

As Priority Intelligence Requirements (PIRs) come in from Step 1, and the intelligence cycle is started, gaps within the intelligence database will be will be identified and if these gaps cannot be filled with existing sources and allied intelligence agencies, it may be necessary to develop new sources and establish connections with appropriate allied or even neutral intelligence agencies, where possible. 

3. Determining the processing and collation requirements

As with sources and allied intelligence agencies, it will also be necessary to process and collate information returned from sources and allied intelligence agencies. For example, imagery must be interpreted by those with the specific expertise, while communications may need to be decrypted or translated. Throughout an operation, it may be necessary to request additional processing and collation resources, although hopefully prior to the mission, the intelligence agency tasked with supporting the Directing Authority's mission we also preparing this.

4. Determining the expertise required to analyze information and produce intelligence

As with Steps 2 and 3, it may be necessary to request additional resources with respect to the analysis of intelligence. If, for example, it has been determined that an adversary is deploying significant intelligence gathering and  counter-intelligence assets, it may be necessary to request to bring on staff to be able to correctly deal with deception, operational security and counterintelligence.

Intelligence maintenance of the operational environment

As discussed before, throughout an operation, as information comes in and is processed, new Operational Factors may come into play, while others may be removed from the Operational Scope. OFIs, their attributes, and the qualitative and quantitative assessment of these must continually be reviewed, and changes must be updated. Throughout the operation, gaps in knowledge must be continually identified and where possible (and without overloading them), sources tasked to collect specific may be able to collect information on related intelligence gaps. As intelligence reports are received from either higher echelons or from allied intelligence agencies, or sources are debriefed, new information may appear that changes the intelligence picture, which again will affect the determination of OFIs, etc., and this may once again result in Priority Intelligence Requirements, which will result in subsequent taskings.

For example, in a long-term operation, a lesser skilled and untrained, and therefore possibly insignificant, intelligence section attached to a terrorist cell may be determined to be of no interest, and therefore irrelevant to the operation. If it has been determined that additional assets have been incorporated into this section, the previously irrelevant section may suddenly become an OFI. Human intelligence or intelligence reports from higher echelons may identify previously unknown Operational Factors (a reinforcement convey moving in the direction of your operational scope), and it becomes necessary for the intelligence agency to determine if these new OFs are indeed of interest to the Directing Authority's mission.

Intelligence transfer in the operational environment

As an operation draws to a close or if an intelligence agency is being rotated out of an operation, it is necessary to transfer the corresponding intelligence gathering processes:

  1. Sources may need to be deactivated or transferred to other allied intelligence agencies.

  2. Intelligence databases and holdings may need to be transferred appropriately.

In the operational environment, the maintenance of the intelligence database and holdings will not necessarily be a priority, and therefore as the transfer occurs, it may require work to standardize and synchronize the intelligence database and holdings to the standards of the non-operational databases and holdings (back at base, so to speak) or to the standards of a senior intelligence agency. Reports and debriefing notes may be stored and transferred electronically; sensitive information may be encrypted, if it is not already. Briefings may be given to highlight and emphasize the critical details may occur. In a longer-running operation, the Directing Authority's organization may be cycled out of the operational environment, to be replaced by another organization, and thus, once again, there must be a transfer of those intelligence databases and holdings. 

Collection management

One major issue throughout the preparation and maintenance phases is that of collection management. The above process identifies Priority Intelligence Requirements; however, in addition to these, the Directing Authority may have additional questions that must be answered independent of this process. With multiple Operational Factors in play, and with perhaps many unknowns, the number of such Priority Intelligence Requirements will grow significantly, and almost certainly beyond the collection capabilities of any information-gathering sources or allied intelligence agencies. Thus, there must be some mechanism in place to determine which priority intelligence requirements should be pursued, and which should be delayed. One significant benefit of the approach of determining operational factors, then those that are of interest, then the attributes of those that are of interest, and then qualifying or quantifying those attributes is that the associated Information Requirements (see below) are likely to be independent. However, it may be possible that a specific source may still, never-the-less, be able to answer questions regarding multiple independent Priority Intelligence Requirements. For example, a reconnaissance detachment may be tasked with observing multiple different attributes, and a photo analyst may be tasked with qualifying or quantifying numerous attributes; however, this must be balanced with work load: a reconnaissance detachment is already overloaded (dealing with stealth and detection avoidance), and the greater the number of disparate attributes that must be observed, the greater the likelihood of detection. These problems may be solvable through the use of appropriate software, whereby Attributes are not only identified with the Operating Factor, but also associated with a location and time period, and an analysis of these may allow for the identification of attributes that may be simultaneously observed. Similarly, too many requests to allied intelligence agencies may result in an inability for them to process those that are of highest priority; remembering that allied intelligence agencies have their own responsibilities. 

Summary

In this section, we discussed the preparation, maintenance and transfer of intelligence support to an operation. During the preparation phase, the framework for information gathering and intelligence dissemination is established, and with the establishment of the intelligence estimate, list of potential adversarial courses of action, and lists of high-value targets, the products returned to the Directing Authority. During the maintenance phase, when the groundwork has been established, operational factors continue to be surveyed, and those that become of interest are elevated, and those that become irrelevant are disregarded. The attributes of operational factors of interest are observed and continuously qualitatively evaluated or quantified. Then, when the operation is handed over, either due to replacement or the termination of the operation, the intelligence database and holdings must be appropriately integrated or disposed of.

Contrast with standard procedures

My description of what I call intelligence support of the operational environment contrasts with the general descriptions of the intelligence preparation of the battlefield or operational environment in that the latter describe their goals as:

  1. defining the operational environment,

  2. describe the environmental effects on operations,

  3. evaluate the threat, and

  4. determine the threat.

This contrasts with the above approach which does not differentiate between environmental effects and adversarial threats: instead:

  1. determining the scope in which intelligence must operate,

  2. identifying factors (environmental, friendly, adversarial or neutral) that may impact the operation,

  3. determining which of those factors are of interest,

  4. determining the attributes of those factors of interest that are relevant to the operation, and

  5. determining the qualitative or quantitative characteristics and of these relevant attributes.

From this process, the threat to operations can be determined, both through direct impacts and the determination of possible courses of action.

Responding to specific intelligence requests:
The intelligence cycle

How do intelligence agencies support the decision-making process of the directing authority? This is summarized through the intelligence cycle where the directing authority requires the intelligence agency to answer specific questions for that directing authority to reduce uncertainty in its decision-making process, and the process that agency goes through to ultimately deliver appropriate responses to those questions back to that directing authority. There are numerous variations of this cycle described by different agencies, and so I will simply give my summary thereof:

  1. Direction

  2. Planning

  3. Collection

  4. Processing and collation

  5. Analysis and production

  6. Dissemination

These steps are shown in Figure 1. Note that different interpretations of this cycle may include a different number of steps; however, hopefully the description below will justify the choice made here.

Figure 1. The intelligence cycle.

Direction is given as to what questions must be answered; it is then determined what information is required to answer those questions, the relevant indicators, the sources that can provide that information, producing the collection plan; the sources are then tasked, supported in the collection process, and they are subsequently debriefed or return an appropriate report; the debriefing notes and reports are then processed and collected; the result is then analyzed producing intelligence, that is, answers to the questions at hand; and this intelligence is then disseminated back to the directing authority through intelligence reports or intelligence briefings. With the delivery of the intelligence, the cycle is complete. We will now elaborate on these six steps.

1. Direction

The product of the direction phase are the priority intelligence requirements (PIRs).

The cycle begins with direction, and this involves the direction of the intelligence agency by the directing authority as to what questions must be answered. The cycle begins with the directing authority (the military commander or staff member, the Prime Minister or cabinet member, or a member of the C-suite, or a duly appointed individual representing one of these) directing the intelligence agency with a summary of the questions that require answers for the directing authority to proceed in its decision-making process. These questions are described as Priority Intelligence Requirements (PIRs). These should be specific, and not general, questions that direct the intelligence agency as to what information is required to reduce ambiguity in the decision-making process. A question should be specific and not general and require a quantitative and not qualitative answer.

Examples of poor lines of questioning may include general queries such as:

  1. What is the Taliban doing?

  2. What are the intentions of the Chinese government in cyberspace?

  3. In which direction is Ford Motor Company focusing their research and development?

More appropriate questions or PIRs may include:

  1. Do the Taliban intend to launch an attack on 'Azizollahkhan Kariz, and if so, with strength?

  2. Which university research groups will be priority targets for the Chinese government in the next year?

  3. To what extent is Ford Motor Company's research and development focused on the capacity of the batteries of the electric F-150? 

Having given the intelligence agency appropriate PIRs, the next step is for the intelligence officers to preparing the plan for responding to the directing authority's PIRs. This is the last step formally involving the directing authority; however, at times, and as information is collected and analyzed, it may be necessary to consult with that directing authority.

2. Planning

The product of the planning phase is the collection plan.

The cycle continues with planning, and this involves a number of steps:

  1. For each PIR, determination of the information that is required (information requirements or IRs) to answer those questions.

  2. For each information requirement, determining indicators that will provide the necessary information.

  3. Select or determine the sources that will be used to obtain the information required.

  4. Match each source and the the indicators which that each source should be able to answer.

We will describe each of these four steps in slightly greater detail.

2.1 Determining information requirements

Once the Priority Intelligence Requirements (PIRs) are established and delivered to the intelligence agency, that agency must then determine what information is required to respond to those questions. These are described as Information Requirements (IRs), and allows the agency to articulate clearly what is required to answer the authority's PIRs. Each PIR will have one or more IRs, and IRs in general should be independent of each other, as each IR will require at least one source that the intelligence officer will determine is capable of providing the necessary information in the appropriate timeframe and cost. If two IRs have overlapping requirements, it should be possible to separate the IRs into specific and independent aspects. 

For example, asking where a military unit is reconnoitering and where that unit's axis of advance is likely to be overlap, as generally reconnaissance is performed along the intended axis of advance. Additionally, an axis of advance is more general and is hardly answerable with the collection of information. Instead, an alternative IR may be where the unit's engineering units currently are. While engineering units do perform their own engineering reconnaissance missions, these tend to be much closer to the front, and are not as in-depth as those reconnaissance units seeking out information on potential targets.

Ideally, if the intelligence officer has found satisfactory information on each of the IRs, then the intelligence officer should be able to respond to the corresponding PIR.

2.2 Determine indicators

For each information requirement (IR), it is then useful to determine a list of indicators that will allow the intelligence officer to determine the significance of the corresponding IR on the Priority Intelligence Requirement. An indicator should be some aspect to which a source can give a definitive quantitative answer.

2.3 Determine or select sources

With the Information requirements (IRs) and corresponding indicators determined, it is now necessary to determine what is the best mechanism to collect the information required. For each indicator, one or more sources will be assigned to retrieve the requisite information. Sources are any individual or organization that may be tasked by the intelligence agency, and that may include:

  1. personnel directly employed by that agency (various operators or specialists),

  2. intelligence databases,

  3. open-source information,

  4. other intelligence agencies,

  5. other non-intelligence sources, or

  6. agents.

For example, in the military, there may already simply be intelligence officers, operators or specialists who already are aware of the information required, it is only necessary to know to whom to speak, with the benefit of that individual being able to put that information into the context in which you are operating. Next, it may likely most desirable to check the intelligence databases overseen by the intelligence agency, requiring the efficient searching and retrieving of information; previously this often involved the careful collation of information under a detailed multi-digit index with numerous additional letters for specifying various aspects of that source, and today, computers today allow for much much easier searches of large electronically-stored databases. In some cases, information is available on the Internet or Dark Web, or public sources, and specialists within the the organization may be assigned to retrieve this information. Alternatively, it may also be possible to task another intelligence agency for specific information, and here, an intelligence agency is any other organization or individual trained in the collection and analysis of information with the ultimate goal of producing intelligence:​

  1. in the military, an intelligence agency may be any subordinate intelligence unit, an electronic warfare unit, or specific detachments that have specialized intelligence training, such as sniper or reconnaissance detachments or special forces;

  2. for the Canadian government, other intelligence agencies in addition to CSIS include the Communications Security Establishment (CSE), Integrated Terrorism Assessment Centre (ITAC), and divisions within the Royal Canadian Mounted Police (RCMP), while in the United States, you may also have other agencies including, for example, satellite imagery; and

  3. for corporate intelligence, this may include other companies providing such services.

Sources of information include third-party organizations and individuals who may be tasked with collecting specific information:

  1. in the military, a subordinate unit may be tasked with tasking a patrol to gather specific information at a given location, route or area, and while a reconnaissance detachment may have specific intelligence training, an infantry or engineering unit may not;

  2. for the government, this may include individual agents who have handlers who direct those agents to collect specific information where possible; and 

  3. for corporate intelligence, we now must deal with the law in which make specific actions criminal or illegal, and may also provide the target with other legal remedies through civil lawsuits.

Note however, in responding to a request for intelligence to support a decision-making process, it is very unlikely that an agent is able to provide suitable information in an appropriate amount of time. Instead, agents generally will provide information during the on-going intelligence preparation of the operational environment, with that information appropriately collated within the intelligence databases.

In determining assets to be tasked with retrieving information, it is necessary to take into consideration:

  1. in what time-frame can the asset return the information,

  2. what is the likelihood that the asset will be able to retrieve the information (the likelihood of success),

  3. what is the quality of the information that the asset is able to retrieve,

  4. what is the cost of tasking the source,

  5. what level of trust can be assigned to the source, and

  6. are there consequences if that source is compromised?

Some examples: 

  1. In the military, an infantry section assigned to reconnoiter a specific location may not be able to get as close to the object as a specialized reconnaissance detachment (recce det), and therefore the information they can retrieve may be less accurate or more vague. Additionally, an infanteer may be less aware of what details are relevant; however, infantry sections are much more readily available and recce dets may not always be available for tasking.

  2. With respect to governments, agents may be able to provide information that may not be accessible in any other manner, but one must always question the motivation of that agent. A satellite photo may appear to be more reliable, but foreign elements may take steps to even present false visuals for such imagery. Drones are cheaper, but now you must consider intrusions on foreign air spaces.

  3. For the corporate world, individuals sign non-disclosure agreements, and these are enforceable in courts of law. 

Generally, however, if there has been sufficient time for intelligence preparation of the operational environment, much of the information may already have been collected and collated, allowing for rapid retrieval. A quality of an excellent intelligence officer is being able to determine those possible sources of information that are mostly likely to provide reliable and timely information necessary to address the priority intelligence requirements (PIRs) of the authority.

2.4 Determine or select sources

Having considered the appropriate indicators and sources, it is now necessary to develop the collection plan that pairs the chosen sources and the corresponding indicators. This will result in a tabulated grid described as a collection plan. With this plan, it is now necessary to task those sources, and have them deliver the relevant information.

3. Collection

The product of the collection phase are the debriefing notes and intelligence reports from the various sources.

Once the intelligence requirements (IRs) and indicators are determined, and appropriate sources are determined that can provide information on each of those indicators, it is necessary to collect that information which requires us to exploit the sources:

  1. We begin by tasking the sources.

  2. The collection of information must then be monitored and supported.

  3. The sources must be debriefed by intelligence officers so as to retrieve the relevant information.

We will elaborate on each of these steps.

3.1 Tasking information collection

The first step in collection is tasking and providing direction to those sources of the information requirements (IRs):

  1. If the source is another intelligence agency, it is only necessary to reinterpret your IRs as their PIRs. That agency will then proceed 

  2. If the source is open, it is simply necessary to provide guidance to the operators or employees who will search for and vet the relevant information.

  3. If the source is an agent, the agent's handler must be appropriately briefed as to the relevant IRs.

  4. Other sources that do not have intelligence training may require more guidance as to what is required. Additionally, it may be necessary to obscure why the information is actually required. The intelligence officer who tasks such sources should also subsequently debrief that same source once the information is retrieve.

3.2 Monitoring and supporting

Intelligence officers will then have to monitor and support the sources were necessary and possible. If it is determined that a source cannot provide the necessary information, it may be necessary to return to Step 1.3 and determine and task an alternate source.

3.3 Source reporting and debriefing

Each source in turn will report back with the relevant information that was requested.

  1. If the source is an intelligence agency, that agency itself will perform its own intelligence cycle, but focused on the specific Information Requirement (IR) tasked to that agency. That agency will then produce an intelligence report. It is critical to note that while the intelligence report may be the ultimate product of that agency's attempt to satisfy the information requirement, that report now becomes simply one more piece of information within the larger cycle, and while it may be given greater trust, that report must still be interpreted in light of the larger Priority Intelligence Requirement that spurred that Information Requirement.

  2. If the source is open and being accessed by intelligence operators or other employees of the agency, this may simply be the collected information. The operator or employee should be debriefed by an intelligence officer who understands what information is required.

  3. If the source is an agent, the handler will debrief the agent and provide the necessary collating, processing and analysis of that information to result in the production of an intelligence report, which once again, becomes information within the scope of the larger Priority Intelligence Requirement.

  4. Finally, other sources should likely be debriefed by the same intelligence officer who tasked that source. A source that is not trained in intelligence gathering may not be able to properly evaluate the information gathered, and thus further questioning during the debrief.

4. Processing and collation

The product of the processing and collation phase are those notes, summaries and reports for each information requirement.

When the sources have been debriefed or the reports from the resources have been collected, it is now necessary to:

  1. process that information, and

  2. collate it in reference to the original information requirements (IRs).

It is useful to note that even if one of the sources is an intelligence agency or a source specialized in intelligence gathering, their final reports must never-the-less be considered as information within the current intelligence cycle; it may require less processing and scrutiny, but it is simply considered information that will be used during the analysis and production phase that will provide the intelligence necessary for the directing authority. We will discuss both of these steps here.

4.1 Information processing

As information is returned from the sources, it must be processed in an manner to facilitate analysis. Information may need to be translated or decrypted first. If data is being collected or imagery is being taken by an intelligence agency, that agency may already have provided an analysis of that data or imagery; however, if the data or imagery is being provided by a non-specialist source (documents on the web or a CCTV), it may be necessary to extract the relevant details. Images may need to be interpreted in light of other knowledge bases by specialists. Large amounts of data may need to be summarized; for example, with the use of statistics including means, standard deviations, correlations, outliers, etc. The information must also be standardized to support the analysis; for example, terminology (items may have different names in different contexts or language), locations (grid coordinates may be translated to location names), identifiers should be provided (a detachment or unit unidentified by a source may be identifiable by other means), and context may have to be given to specific sources (the background, ethnicity or religion of an agent). For example, an infantry section performing a patrol may identify markings on vehicles, but given the intelligence database, it should be possible to identify the corresponding military organization. 

4.2 Collation

As information is processed, it must then be collated, indexed, etc., and also filed with respect to the original Information Requirements (IRs) that required that information to be collected. These files will then become available to the intelligence officers for analysis. Appropriate processing and collation simplifies the task of intelligence analysis. As files are collated, further processing may be necessary to standardize the information associated with each IR. Previously, tabbed page dividers were appropriate tools used when such collation was performed using paper reports, and in the current processing era, corresponding features should be used within computing environments (directories or specialized intelligence-gathering collation software packages).

5. Analysis and production

The product of the analysis and production phase is the intelligence report or intelligence briefing for the directing authority.

Once information is processed and collated, it is necessary to begin analyzing that information to begin answering the Priority Intelligence Requirements (PIRs). Analysis begins as soon as it is received, and the intelligence officer reviewing the information must then assess the reliability of both the source and the credibility of the information. While the officer no doubt is performing this analysis based on many more factors, this analysis can be summarized as a letter-number pair, where the letter (A-F) describes the reliability of the source, and the number (1-6) describes the credibility or accuracy of the information. Taken from Wikipedia:

  • A - Completely reliable: No doubt of authenticity, trustworthiness, or competency; has a history of complete reliability.

  • B - Usually reliable: Minor doubt about authenticity, trustworthiness, or competency; has a history of valid information most of the time.

  • C - Fairly reliable: Doubt of authenticity, trustworthiness, or competency but has provided valid information in the past.

  • D - Not usually reliable: Significant doubt about authenticity, trustworthiness, or competency but has provided valid information in the past

  • E - Unreliable: Lacking in authenticity, trustworthiness, and competency; history of invalid information.

  • F - Reliability cannot be judged: No basis exists for evaluating the reliability of the source.

and

  • 1 - Confirmed by other sources: Confirmed by other independent sources; logical in itself; Consistent with other information on the subject.

  • 2 - Probably True: Not confirmed; logical in itself; consistent with other information on the subject.

  • 3 - Possibly True: Not confirmed; reasonably logical in itself; agrees with some other information on the subject.

  • 4 - Doubtful: Not confirmed; possible but not logical; no other information on the subject.

  • 5 - Improbable: Not confirmed; not logical in itself; contradicted by other information on the subject.

  • 6 - Truth cannot be judged: No basis exists for evaluating the validity of the information.

As information comes in, the intelligence officer will observe which sources corroborate each other, and which contradict each other. As more and more information comes in, the intelligence officer will then determine appropriate responses to each Priority Intelligence Requirement. It is not necessary that all sources are successfully exploited before an assessment can be made and an intelligence officer may be able to make make a response to a PIR after one reliable source. However, contradictory sources may instead require the intelligence officer to initiate further information requirements, or require additional sources of information; thus, it may be necessary to return to Step 1.3 to once again determine and tasks appropriate alternative sources to provide the the necessary information before the PIRs can be confidently answered. A return to collection will, however, also put greater stress on any source, as time has already passed, and if a PIR requires a response, the information must be collected in that much shorter a period of time. For example, if the location or activities of a particular individual is or group are still unknown, a detachment sent in to collect this information may have less planning time, and less time to safely collect that information. Consequently, a good intelligence officer organizing the collection phase will ensure that there are sufficient sources initially tasked to collect relevant information, without requiring too many sources, which will stress resources and take sources from other missions including other information-or-intelligence-gathering missions. At the same time, not all sources are guaranteed to provide information, as cloud cover may prevent drone or satellite imagery, or an agent may be captured, intercepted or simply not able to provide the information required.

Once an intelligence officer has determined an appropriate response to a Priority Intelligence Requirement (PIR), it is then necessary to convey that intelligence to the authority that issued the PIR. Depending on the instructions from the directing authority, either an intelligence briefing or intelligence report or both will be prepared for delivery to the directing authority. A military commander below that of a brigade may simply require an intelligence briefing, while generals may require an intelligence report to be subsequently passed on to the appropriate staff officers. A written intelligence report will likely be the final product for both a government and a corporate client. PIRs may be responded to piecemeal if the responses are urgent, or they may be answered in a single final intelligence briefing or intelligence report. The issuing authority is generally not interested in any other aspect of the intelligence cycle outside of the response to the PIR. The intelligence report will usually not list the Information Requirements, the sources, or even the analysis, although the issuing authority may never-the-less query these points, especially during an intelligence briefing. These may appear as appendices of an intelligence report, but the report itself should be a succinct response to the PIRs.

6. Dissemination

The product of the dissemination phase is the delivery of the intelligence report or briefing to the directing authority.

The final phase of the intelligence cycle is the delivery of the intelligence report or briefing to the originating directing authority. This completes the cycle. Ideally, the intelligence report or briefing reduces the corresponding uncertainty in the directing authority's decision-making process, but this is not guaranteed, and the result may initiate the direction of new Priority Intelligence Requirements to the intelligence agency.

Summary of the intelligence cycle

The intelligence cycle described here is only one aspect of responding to the requirements of the directing authority; specifically, the response to direct questions posed by that authority for the purpose of reducing uncertainty in that authority's decision-making process. It is a response that is performed within the larger scope of the intelligence preparation of the operational environment. For further reading, see this white paper on the intelligence cycle applied to corporate security. This cycle is summarized in greater detail in Figure 2, which details the steps involved in each of the steps of the intelligence cycle.

Figure 2. The intelligence cycle in detail.

It is critical to remember that the intelligence cycle is an idealized description of what occurs, and it is not necessary, nor is it intended, that each of these steps is performed verbatim. For example, if a source is a trusted intelligence agency, it may only be necessary to send that source the Information Requirement, and that IR would then become a PIR for that agency, which will then initiate its own cycle producing an intelligence report that will be disseminated back to this intelligence agency, and this report would then form the basis for this intelligence agency's analysis. I will comment on one further aspect that I have seen elsewhere: at attempt to explicitly place "feedback" into the intelligence cycle.

Feedback

Various intelligence cycles seem to want to explicitly add feedback onto the tail of the loop. This is awkward at best, as feedback should be issued at all steps of the cycle. The issuing authority should be given feedback on the Priority Intelligence Requirements if these are too vague or ambiguous, especially if the issuing authority is not specialized or trained (a new minister after a change in government or a chair of a corporate board). Intelligence officers and operators preparing the Information Requirements (IRs) and determining sources will vet each other for bias. Sources will likely give feedback to those tasking them if the information required of them is unobtainable. The information collected and processed may require the intelligence officer to give feedback to those determining the IRs and sources. Finally, the authority issuing the PIRs may take the final intelligence product and may simply act on that, or based on the intelligence product, may be forced to issue further PIRs (if for example, the intelligence indicates an unaccounted for worst-case scenario), which may then begin the intelligence cycle again. It is never just the issuing authority that provides feedback. 

Deception

Deception is the process of of either 

  1. preventing through concealment or denial, or

  2. misleading through disinformation

adversarial intelligence agencies or information-gathering sources from gaining useful quantitative or qualitative information about friendly

  1. location,

  2. disposition,

  3. strength,

  4. morale,

  5. intentions,

  6. movements,

  7. capabilities,

  8. logistics,

  9. identity,

  10. health,

  11. leadership,

and any other information that may aid the adversary in their decision-making process. The determination of what information is critical to the adversary is determined through the process of operational security, while the process of actively countering adversarial intelligence agencies and information-gathering sources falls under the scope of counterintelligence. Denial or disinformation specifically targeted at manipulating the emotions, motives or reasoning of adversarial decision-making authority falls within the scope of psychological warfare.

 

Deception may be passive or active. Camouflage and radio silence may be used to deny information to the adversary, while dummy equipment displays and other demonstrations together with false radio traffic may be used to actively disinform the adversary. Information on movement can be denied through march discipline, while false demonstrations can be used to disinform the adversary. A diversion is generally a passive attraction of the attention of adversarial intelligence agencies and information-gathering sources, while a feint is active contact with the adversary.  

For example, intensive security patrolling may prevent adversarial sources from observing friendly positions and deployment is an example of denial. Appropriate use of camouflage is an example of concealment, and the purposeful concealment of certain vehicles and equipment together with the deliberate exposure of others is an example of deception. For example, simply wearing the insignia of another unit could confuse an adversary as to the extent of deployment or concentration of forces; however, getting an infanteer to wear the epaulette of the RCLI instead of the LINC & WELLD would be difficult if not impossible, and rather than understanding the benefit thereof, this would likely lead to aggravation. 


Russian military training and doctrine requires deception to be integrated into their military planning, and it even has an appropriate name: maskirovka (маскировка). This level of integration was not even conceived of when I was in the Canadian Forces Reserve; I hope that has since changed. In the United States, much of deception falls under the jurisdiction of Operational Security (OPSEC).

Operational security

The aims of operational security in a sense are the opposite of intelligence: identifying OFIAQ² in the Directing Authority's organization and then taking steps to either:

  1. use deception to prevent or deception to feed false information to adversarial information-gathering sources from determining the critical information about this organization that may benefit an adversary in their decision-making process, or

  2. ensure sufficient security so that adversarial information-gathering sources do not get into a position where they can observe the qualitative and quantitative measures necessary for assessments of the priority attributes of the Directing Authority's organization.

Counterintelligence

While deception seeks to deny or disinform an adversary, and operational security seeks to stop adversarial from getting the appropriate information necessary, counterintelligence involves any aspect that:

  1. targets adversarial intelligence agencies or information-gathering sources,

  2. seeks an understanding of adversarial intelligence procedures and capabilities, or

  3. preventing adversarial counterintelligence agencies from targeting our intelligence agencies, information-gathering sources or determining our intelligence procedures.

Note, there is no such thing as counter-counterintelligence, any activity involved in countering or protecting intelligence resources falls under the domain of counterintelligence. 

The targeting of adversarial intelligence agencies and information-gathering sources and the protection of one's own intelligence agencies and information-gathering sources is more in tune with standard military missions, although it will be informed by our knowledge of the adversarial intelligence service capabilities.

The understanding of an adversarial intelligence procedures and capabilities, however, requires intelligence support of the operational environment:

  1. What is the Intelligence Scope of adversarial intelligence services and their information-gathering sources? This can be significantly larger than the operational area, as it would include, for example, any launch-and-recovery site of drones, as well as possible satellite imagery, depending, of course, on the adversary in question.

  2. What are the Intelligence Factors: does the adversary have one or more dedicated intelligence agencies in the operational area, what are the plausible information-gathering sources, what are possible allied intelligence agencies of the adversarial intelligence agency?

  3. What are the Intelligence Factors of Interest, which adversarial intelligence agencies are likely to be involved, and what are their likely sources of information?

  4. What are the qualities and quantities of the resources available to the adversarial intelligence agency?

Some of this information can only come through human intelligence: agents passing on names, manuals, etc. In Western countries, many of the manuals are publicly available. 

For example, any infantry detachment can be used as an information source. A static observation post or listening post can be tasked to provide information. The officers and soldiers staffing an artillery observation post likely have greater training than infanteers. A reconnaissance patrol can be sent behind lines to gather information, but at significantly greater risk, and a specialized reconnaissance unit will have significantly greater training in gathering information. Depending on the adversary, you may have to deal with infantry or armored reconnaissance. One issue is, of course, that it is necessary to understand the adversarial strategies and tactics. Information that may be relevant to your side may not be relevant to your adversary. An adversary who is primarily interested in the deployment of armored forces in the defence will have a different approach than those looking for dug-in infantry positions. Security posts can be used to deny adversarial reconnaissance detachments access to specific routes, and security patrols can be used to detect  or at least distract reconnaissance detachments in hides in your lines. These would be the responsibility of operational security, but input from friendly intelligence agencies can help direct that security effort.

Drones can either be shot down, or camouflage can be used to prevent detection from the air. Most often, soldiers focus on camouflage from the direction of another human observer: it requires significant retraining to emphasize that certain aspects of a deployment need also to be camouflaged from above. For longer term and strategic operations, satellite imagery may be available, however, the periodic nature of satellite coverage allows for deception to occur during the necessary time intervals. This all falls under the purview of deception, but again with input from friendly intelligence agencies.

Through human intelligence, it may be possible to identify key adversarial intelligence officers, in which case, with an appropriate psychological analysis, it may be possible to feed false information that targets misconceptions or preconceived notions of those individuals. 

An allied reconnaissance patrol could be supported by feints or appropriately timed artillery strikes: distractions meant to focus the attention of adversarial forces from allied information-gathering sources. Of course, this must be balanced with holding random artillery strikes so that an artillery strike does not become a signal of an intrusion, and it must also be balanced with the costs involved with such strikes, and the likelihood of harm to civilians, neutral elements or allied elements.

Sabotage

Sabotage is a deliberate action taken against an adversary and initiated within an area controlled by that adversary with the objective of reducing the effectiveness of that adversary through subversion, obstruction, disruption, or destruction. An artillery strike against a targeted crossroads is not an act of sabotage, while a covert agent detonating an explosive on that same crossroads would be an act of sabotage. 

Terrorism

Terrorism is a deliberate action taken against an adversary's population with the intent of obtaining its objective of reducing the effectiveness of that adversary indirectly through fear. Terrorism can be initiated from outside the area controlled by that adversary, so the London and Dresden bombings can be considered terrorism, as could an event like 9/11 where the flights were international flights.

Covert operation

A covert operation is any action taken against an adversary where deception is used to prevent that adversary of becoming aware of who initiated the action. The Battle of the Bulge was an example of a covert operation. 

Clandestine operation

A clandestine operation is any action taken against an adversary where that adversary remains ignorant of that operation. 

Espionage

A necessarily clandestine operation for the purpose of gathering information on an adversary whereby an individual (a spy) or group of individual (a spy ring) uses their position within the adversarial establishment or territory to obtain that information. 

Surveillance

The monitoring of activities for the purpose of gathering information in adversarial areas and the detection of espionage, sabotage, terrorism and clandestine operations within ones own area.

Intelligence-gathering disciplines

Within an intelligence agency are specialists who have a greater depth of knowledge with respect to the gathering, processing and analyzing of information to produce meaningful intelligence. Due to common skills required to be proficient within a range of related techniques, these specializations are identified as follows:

HUMINT or Human intelligence: information that is gathered from individuals through interviews or interrogations.

GEOINT or Geospatial intelligence: information that is gathered from satellite or aerial photography, or terrain data.

IMINT or Imagery intelligence: information that is gathered from satellite or aerial photography.

MASINT or Measurement-and-signature intelligence: information that is gathered from the capture of signals not including the visual spectrum, but including non-visual electromagnetic, radiation, acoustic, radar and materials.

OSINT or Open-source intelligence: information that is gathered from publicly available sources including the Internet, publications, and public interactions with individuals (which overlaps with HUMINT).

CYBINT or Cyber intelligence: a subdiscipline of OSINT that focuses on gathering information from digital networks.

SIGINT or Signals intelligence: information that is gathered from the interception of electromagnetic signals.

COMINT or Communications intelligence: a subdiscipline of SIGINT that focuses on signals carrying communications between parties.

ELINT or Electronic intelligence: a subdiscipline of SIGINT that focuses on signals  not carrying communications.

TECHINT or Technical intelligence: information that is gathered from weapons and equipment used by an adversary.

MEDINT or Medical intelligence: medical information that is gathered about individuals within an adversary.

FININT or Financial intelligence: information that is gathered from records of financial transactions.

Partisans

Clandestine​ individuals or group of individuals operating within an area conquered by an adversary who engage in espionage and sabotage, usually presenting as civilians.

Interior operations

In the military, operations where there is some form of boundary that is either being defended or penetrated constitute the majority of the operations in question when dealing with infantry, armor, artillery, etc. Thus, the attack, defence, patrolling and withdrawal can all be considered different aspects of boundary operations.​ For the defence, this could include the defence of national boundaries, a cordon around a high-value pipeline, or the boundaries of installations being defended. Defence in these situations involves positions that are deemed likely to repel an enemy attack, including possibly trenches, bunkers, sensors, etc. This all falls within the realm of classical military studies.

Looking through the literature, however, one notes there are numerous counter operations: counterintelligence, counternarcotics, countersurveillance, counterterror, counterdeception, etc. The operation that is being countered is one that does not have boundaries, and so they can be described  or grouped as interior operations. These could include operations related to:

  1. surveillance,

  2. terror,

  3. reconnaissance,

  4. intelligence,

  5. cyber,

  6. target acquisition,

  7. narcotics,

  8. espionage,

  9. sabotage,

  10. space, and

  11. deception.

If you require an anagram for this, you can use STRICTNESS'D. As these operations do not have boundaries, it requires significantly more resources to defend if one is prepared to create a static defence: the failure of the so-called war-on-drugs is an example of this. The area of operations include larger interior regions, either in friendly or adversarial territories, or as Item 10 indicates, outer space. One interesting question is whether or not if a national authority engages in these activities, is this considered an act of war? Currently, incursions in cyberspace have been suggested to be acts of war, but the detection of such activities does not lead to a general state of war.

Countrance support of the operational environment

As soon as:

  1. the directing authority indicates that the operation will include sabotage, surveillance, target acquisition, or terrorist strikes (unlikely...),

  2. an information source is tasked with gathering information for a priority intelligence requirement, or

  3. the intelligence estimate and likely courses of actions (COAs) determines that the adversary will be engaging in sabotage; reconnaissance, espionage, or some other form of intelligence collection; surveillance; target acquisition; or terrorist targeting,

it may be determined that it is necessary to engage in counter-measure operations, or countrace operations. 

The requirements of

  1. countering adversarial, or

  2. protecting friendly

activities such as sabotage, surveillance, target acquisition, terrorist strikes, or information gathering requires potentially simultaneous protecting numerous targets, including 

  1. targets in our area of control from adversarial activities, and

  2. our operations against targets in the adversary's area of control,

respectively. Such targets are usually widely dispersed within the areas of operations and interest and generally cannot be protected by the standard perimeter defences.

Perimeter defence from a military point-of-view would include the forward edge of the battle area (FEBA), while for the national level would include border security or a pair of guards standing sentry over a bridge, and for a corporation would include building and Internet security. On the other hand:

  1. Surveillance is the monitoring of general behavior, disposition or actions from which relevant information can be obtained (contrasted with reconnaissance which is more targeted);
    while countersurveillance seeks to understand, detect and reduce the risk of adversarial surveillance operations, although one could also include within the scope of countersurveillance techniques to protect ones own surveillance operations and mitigate adversarial countersurveillance activities against friendly surveillance operations.

  2. Intelligence collection is the monitoring of targeted behavior, disposition or actions from which relevant information can be obtained specifically to aid in the decision-making process of the directing authority;
    while counterintelligence seeks to understand, detect and reduce the risk of adversarial intelligence operations, while simultaneously protecting ones own intelligence operations and mitigating adversarial counterintelligence activities against friendly intelligence operations.

  3. Target acquisition is the detection and sufficiently precise locating of specific targets to allow the effective application of force to destroy or debilitate that target when required;
    while counter-target-acquisition seeks to prevent adversaries from gaining such information.

  4. Terrorism is the use of fear for political goals through targeted application of violence;
    while counterterrorism seeks to understand, detect and reduce the risk of adversarial terrorist operations.

  5. Espionage is the targeted recruitment of an individual or group of individuals for the purpose of clandestine acquisition of information:
    while counterespionage seeks to detect such individuals and either stop,  deceive, or cause them to switch alliances..

  6. Reconnaissance is the targeted observation of specific points, routes or areas with a goal of gaining specific items of information;
    while security would seek to deter such incursions by either appropriate securing potential routes in or out or the targeting of potential hides, or by the appropriate application of deception.

  7. Sabotage is the targeted destruction or damage to specific targets with the goal of reducing the effectiveness of the adversary;
    while counter-sabotage is the protection of such targets from such damage.

Countrance (coun-trance, rhyming with entrance) operations deal with the

  1. understanding of adversarial capabilities in,

  2. the protection or mitigation of risk from the adversary engaged in, and

  3. the support of friendly forces in the engagement of

one or more of the following activities:

  1. surveillance,

  2. intelligence collection,

  3. target acquisition, and

  4. terrorist targeting,

  5. espionage,

  6. reconnaissance, or

  7. sabotage,

(anagram SITTERS) against

  1. point,

  2. route or

  3. area

targets that cannot be traditionally defended by perimeter or boundary defences. The anagram SITTERS is almost serendipitous, as those engaged in protecting friendly forces engaged in such activities may be occasionally referred to as babysitters.

Countrance operations

​​Countrance operational planning will begin as soon as:

  1. intelligence preparation of the operational environment tasks information gathering sources and allied intelligence agencies,

  2. the directing authority initiates any of the aforementioned activities, or

  3. the intelligence estimate determines that the likely adversarial course of actions includes any of the aforementioned activities. 

Part of the countrance operational planning includes:

  1. assessing adversarial capabilities and procedures in the SITTERS activities,

  2. determining likely targets of adversarial SITTERS operations and prioritizing and tasking appropriate resources to counter such operations, and

  3. determining likely countrance operations against friendly SITTERS operations and prioritizing and tasking appropriate resources to prevent detection of or provide protection for friendly SITTERS operations, or directly targeting adversarial countrance operations.

For example, adversarial reconnaissance or espionage assets need to be stopped, while friendly reconnaissance and espionage assets require protection from adversarial detection and countrance operations.

The steps of countrance include:

  1. Determining adversarial capabilities in:

    1. engaging in these types of activities, and​

    2. protecting themselves from these types of activities;

  2. Given these capabilities:​

    1. What are the likely point, route and area targets of these activities, and​

    2. What friendly forces engaged in these activities are at risk.

  3. Determine appropriate countermeasures.​

  4. Task the appropriate resources to engage in these countermeasures.

  5. Monitor and support these countermeasures.

Why introduce countrance?

While reading field manuals on counterintelligence, and considering why those versed in counterintelligence are also proficient in counterterrorism, it occurred to me that, at least, on the high level, all of these operations have the same goals: first, to protect friendly forces engaged in the above activities from adversarial countermeasures, while simultaneously engaging in countermeasures against adversaries engaged in such activities. Preventing an area from being surveilled is similar to preventing that area from becoming the target of a terrorist strike, or preventing that area from being acquired as a target for adversarial artillery, rocket artillery, air strikes or missile strikes.

To be expanded on....

Collection management

One major issue throughout the preparation and maintenance phases is that of collection management. The above process identifies Priority Intelligence Requirements; however, in addition to these, the Directing Authority may have additional questions that must be answered independent of this process. With multiple Operational Factors in play, and with perhaps many unknowns, the number of such Priority Intelligence Requirements will grow significantly, and almost certainly beyond the collection capabilities of any information-gathering sources or allied intelligence agencies. Thus, there must be some mechanism in place to determine which priority intelligence requirements should be pursued, and which should be delayed. One significant benefit of the approach of determining operational factors, then those that are of interest, then the attributes of those that are of interest, and then qualifying or quantifying those attributes is that the associated Information Requirements (see below) are likely to be independent. However, it may be possible that a specific source may still, never-the-less, be able to answer questions regarding multiple independent Priority Intelligence Requirements. For example, a reconnaissance detachment may be tasked with observing multiple different attributes, and a photo analyst may be tasked with qualifying or quantifying numerous attributes; however, this must be balanced with work load: a reconnaissance detachment is already overloaded (dealing with stealth and detection avoidance), and the greater the number of disparate attributes that must be observed, the greater the likelihood of detection. These problems may be solvable through the use of appropriate software, whereby Attributes are not only identified with the Operating Factor, but also associated with a location and time period, and an analysis of these may allow for the identification of attributes that may be simultaneously observed. Similarly, too many requests to allied intelligence agencies may result in an inability for them to process those that are of highest priority; remembering that allied intelligence agencies have their own responsibilities. 

Summary

In this section, we discussed the preparation, maintenance and transfer of intelligence support to an operation. During the preparation phase, the framework for information gathering and intelligence dissemination is established, and with the establishment of the intelligence estimate, list of potential adversarial courses of action, and lists of high-value targets, the products returned to the Directing Authority. During the maintenance phase, when the groundwork has been established, operational factors continue to be surveyed, and those that become of interest are elevated, and those that become irrelevant are disregarded. The attributes of operational factors of interest are observed and continuously qualitatively evaluated or quantified. Then, when the operation is handed over, either due to replacement or the termination of the operation, the intelligence database and holdings must be appropriately integrated or disposed of.

bottom of page