Open-source intelligence professionalism: Distinguishing ‘OSINT’ from ‘Pro-SINT’
Embracing a distinction between OSINT and Pro-SINT ensures intelligence collections by those paid for the work are professional, ethical and legally defensible.
There is a current chasm between multiple definitions of the term “open-source intelligence” (OSINT). For example, the U.S. Intelligence Community’s narrow legal definition of OSINT is perhaps the most highly regulated and rigorously overseen government function in America’s constitutional balance of powers, with potential impacts on individual civil liberties and privacy. Several varying concepts of OSINT are now shaping national-level and alliance strategies in intelligence, cybersecurity and defense. Just type in a search for “open-source intelligence” or “OSINT” on any internet search engine, academic database or non-paywalled news media online and you can immediately observe that OSINT is revolutionizing the landscape of national security and world affairs, across geopolitical areas from Ukraine to Taiwan, and across new industries from synthetic biology to space technology.
In March 2024, Central Intelligence Agency Director Amb. Bill Burns and Director of National Intelligence Avril Haines co-signed an Open Source Intelligence (OSINT) Strategy for 2024-2026 for the United States. The strategy committed to the value of, and modernizing the IC’s approach to, OSINT.
The strategy document and a series of subsequently released policies included a critical new inclusion of the term “commercially available information (CAI)” in its definition.
I propose a new subtle term of art to help bridge the important understanding gaps between allied governments, industry, academia and the public. As threats continue to converge across domains, the role of professional firms in intelligence collection, analysis and data ecosystem will likely continue to align around what I call “professional OSINT” (Pro-SINT). It is distinct from a growing set of crowdsourced, hobbyist and other unfiltered OSINT efforts using only publicly available information.
In the swiftly converging threat landscape, there is an undisputed need for allied OSINT practices to uncover threat data in the wild, provide cutting-edge collection capabilities, and accelerate information sharing for security in both public and private sectors. Several recent symposia and conferences have underscored the importance of these practices, emphasizing the necessity for robust public-private partnerships in intelligence gathering and dissemination.
July’s 2024 NATO Summit in Washington, DC, proved a timely opportunity to discuss and enhance these capabilities, particularly in light of the emergence of hybrid threats posed by nation-states like Russia, China, Iran, and North Korea, among other smaller rogue cyber actors and safe-havens for cyber criminals. In an illustration of the seriousness with which the alliance views these threats touching all sectors of free society, NATO in collaboration with the European Marshall Center’s Partnership for Peace Consortium of more than 800 defense training and security institutes released a new reference curriculum titled Hybrid Threats and Hybrid Warfare. That curriculum was the first in a long series meant for not only government trainers and course developers but also meant for commercial audiences.
The critical role of OSINT was also highlighted at a recent European OSINT symposium at King’s College London, where representatives from Sweden and Ukraine publicly shared compelling insights on the effectiveness of OSINT in their national security strategies, underscoring the importance of maintaining professionalism in OSINT. Similarly, a Canadian alliance workshop titled “Public Sources Secret Threats” held in Ottawa, Canada, by the Canadian Security Intelligence Service (CSIS) with Carleton University, gathered experts from academia, government and industry to discuss the evolving landscape of OSINT under an umbrella of OSINT defined as “intelligence derived exclusively from Publicly Available Information (PAI).” Observations from the Canadian workshop highlighted the importance of professionalism in OSINT — particularly for global governments and large multinational enterprises that are rightfully subject to public scrutiny concerning privacy, legal and ethical concerns.
For the purposes of common understanding and for distinction from non-professional OSINT practitioners, I propose organizing international professional open-source intelligence efforts around the following definition:
“Pro-SINT is open-source intelligence professionally derived from both publicly available information and commercially available information. Pro-SINT is distinct from several differing official and unofficial definitions of the term OSINT as used by governments and a more commonly understood general use of the term. Pro-SINT is a subset of the broadest possible definition of the term OSINT. Pro-SINT addresses specific client requirements and proprietary intelligence needs, whether for private use or public sector decision support. Client requirements for Pro-SINT are justifiably protected from public disclosure, with legal protections as government secrets or as proprietary commercial interests.”
To address the complexities of modern hybrid threats facing the whole-of-society, it is essential to differentiate between a general use of OSINT and Pro-SINT. Arriving at a narrower, commonly defined understanding of Pro-SINT can provide the starting point for a framework to have substantive, transparent policy conversations about professional, ethical and legally defensible virtual intelligence operations. This is crucial for maintaining trust and effectiveness in any allied nation’s intelligence services and for multinational corporations who also face legitimate demands for accountability by regulators and the public.
The U.S.-based OSINT Foundation, open only to U.S. citizens and U.S. companies, exemplifies a set of best practices and definitions that could benefit a broader international set of allies. Sharing these practices and fostering public-private partnerships using both CAI and PAI can enhance the professionalism and effectiveness of OSINT efforts worldwide.
Professionalism in OSINT means adhering to privacy laws, avoiding malicious use of information, and ensuring that all intelligence activities serve a legally justifiable and ethical purpose. This involves active participation in the development of policies, laws and privacy protections, in collaboration with stakeholders across Europe and NATO.
A few examples of why it is so critical that a public-private and international “Professional OSINT ecosystem” be developed and fostered specific to NATO and other likeminded nations include:
Governments must make informed decisions to safeguard national interests and those of their allies.
Private enterprises and corporate boards need insights to protect themselves from a growing field of e-crime actors and state-backed threats.
Universities and research institutions must protect intellectual property.
Global media entities need means to validate trusted information and to debunk false narratives that may be amplified with deepfakes and generative AI in a realtime global information environment.
By embracing a subtle distinction between general OSINT and Pro-SINT, we can ensure that intelligence collections by those paid for the work are professional, ethical and legally defensible. This approach will enhance trust and cooperation among allied nations and improve our collective ability to identify, address and mitigate hybrid threats effectively. Pro-SINT can help clarify those individuals, organizations and activities that we collectively want to see develop and adhere to rigorous standards and ethical guidelines, aligning with allied government values and the transparency demands upon publicly-traded firms and regulated industries.
Let’s continue to grow the diverse yet like-minded network of OSINT professionals who share our core values of human rights, freedom, democratic principles and transparent business practices. Sharing best practices and fostering public-private partnerships in Pro-SINT can enhance the professionalism and effectiveness of OSINT efforts worldwide, but we must start with a common understanding of the professional information trade.
Andrew Borene is executive director at Flashpoint, the world’s largest private threat intelligence firm. He is a former senior official in the Office of the Director of National Intelligence, where he led initiatives on counterintelligence, counterterrorism, open-source intelligence and advanced technology. Previously, he has been an advisor at the CIA, an associate deputy general counsel at the Pentagon, and he is a US Marine Corps combat veteran.
Open-source intelligence professionalism: Distinguishing ‘OSINT’ from ‘Pro-SINT’
Embracing a distinction between OSINT and Pro-SINT ensures intelligence collections by those paid for the work are professional, ethical and legally defensible.
There is a current chasm between multiple definitions of the term “open-source intelligence” (OSINT). For example, the U.S. Intelligence Community’s narrow legal definition of OSINT is perhaps the most highly regulated and rigorously overseen government function in America’s constitutional balance of powers, with potential impacts on individual civil liberties and privacy. Several varying concepts of OSINT are now shaping national-level and alliance strategies in intelligence, cybersecurity and defense. Just type in a search for “open-source intelligence” or “OSINT” on any internet search engine, academic database or non-paywalled news media online and you can immediately observe that OSINT is revolutionizing the landscape of national security and world affairs, across geopolitical areas from Ukraine to Taiwan, and across new industries from synthetic biology to space technology.
In March 2024, Central Intelligence Agency Director Amb. Bill Burns and Director of National Intelligence Avril Haines co-signed an Open Source Intelligence (OSINT) Strategy for 2024-2026 for the United States. The strategy committed to the value of, and modernizing the IC’s approach to, OSINT.
The strategy document and a series of subsequently released policies included a critical new inclusion of the term “commercially available information (CAI)” in its definition.
I propose a new subtle term of art to help bridge the important understanding gaps between allied governments, industry, academia and the public. As threats continue to converge across domains, the role of professional firms in intelligence collection, analysis and data ecosystem will likely continue to align around what I call “professional OSINT” (Pro-SINT). It is distinct from a growing set of crowdsourced, hobbyist and other unfiltered OSINT efforts using only publicly available information.
Get tips and tactics to make informed IT and professional services buys across government in our Small Business Guide.
In the swiftly converging threat landscape, there is an undisputed need for allied OSINT practices to uncover threat data in the wild, provide cutting-edge collection capabilities, and accelerate information sharing for security in both public and private sectors. Several recent symposia and conferences have underscored the importance of these practices, emphasizing the necessity for robust public-private partnerships in intelligence gathering and dissemination.
July’s 2024 NATO Summit in Washington, DC, proved a timely opportunity to discuss and enhance these capabilities, particularly in light of the emergence of hybrid threats posed by nation-states like Russia, China, Iran, and North Korea, among other smaller rogue cyber actors and safe-havens for cyber criminals. In an illustration of the seriousness with which the alliance views these threats touching all sectors of free society, NATO in collaboration with the European Marshall Center’s Partnership for Peace Consortium of more than 800 defense training and security institutes released a new reference curriculum titled Hybrid Threats and Hybrid Warfare. That curriculum was the first in a long series meant for not only government trainers and course developers but also meant for commercial audiences.
The critical role of OSINT was also highlighted at a recent European OSINT symposium at King’s College London, where representatives from Sweden and Ukraine publicly shared compelling insights on the effectiveness of OSINT in their national security strategies, underscoring the importance of maintaining professionalism in OSINT. Similarly, a Canadian alliance workshop titled “Public Sources Secret Threats” held in Ottawa, Canada, by the Canadian Security Intelligence Service (CSIS) with Carleton University, gathered experts from academia, government and industry to discuss the evolving landscape of OSINT under an umbrella of OSINT defined as “intelligence derived exclusively from Publicly Available Information (PAI).” Observations from the Canadian workshop highlighted the importance of professionalism in OSINT — particularly for global governments and large multinational enterprises that are rightfully subject to public scrutiny concerning privacy, legal and ethical concerns.
For the purposes of common understanding and for distinction from non-professional OSINT practitioners, I propose organizing international professional open-source intelligence efforts around the following definition:
To address the complexities of modern hybrid threats facing the whole-of-society, it is essential to differentiate between a general use of OSINT and Pro-SINT. Arriving at a narrower, commonly defined understanding of Pro-SINT can provide the starting point for a framework to have substantive, transparent policy conversations about professional, ethical and legally defensible virtual intelligence operations. This is crucial for maintaining trust and effectiveness in any allied nation’s intelligence services and for multinational corporations who also face legitimate demands for accountability by regulators and the public.
The U.S.-based OSINT Foundation, open only to U.S. citizens and U.S. companies, exemplifies a set of best practices and definitions that could benefit a broader international set of allies. Sharing these practices and fostering public-private partnerships using both CAI and PAI can enhance the professionalism and effectiveness of OSINT efforts worldwide.
Professionalism in OSINT means adhering to privacy laws, avoiding malicious use of information, and ensuring that all intelligence activities serve a legally justifiable and ethical purpose. This involves active participation in the development of policies, laws and privacy protections, in collaboration with stakeholders across Europe and NATO.
Read more: Commentary
A few examples of why it is so critical that a public-private and international “Professional OSINT ecosystem” be developed and fostered specific to NATO and other likeminded nations include:
By embracing a subtle distinction between general OSINT and Pro-SINT, we can ensure that intelligence collections by those paid for the work are professional, ethical and legally defensible. This approach will enhance trust and cooperation among allied nations and improve our collective ability to identify, address and mitigate hybrid threats effectively. Pro-SINT can help clarify those individuals, organizations and activities that we collectively want to see develop and adhere to rigorous standards and ethical guidelines, aligning with allied government values and the transparency demands upon publicly-traded firms and regulated industries.
Let’s continue to grow the diverse yet like-minded network of OSINT professionals who share our core values of human rights, freedom, democratic principles and transparent business practices. Sharing best practices and fostering public-private partnerships in Pro-SINT can enhance the professionalism and effectiveness of OSINT efforts worldwide, but we must start with a common understanding of the professional information trade.
Andrew Borene is executive director at Flashpoint, the world’s largest private threat intelligence firm. He is a former senior official in the Office of the Director of National Intelligence, where he led initiatives on counterintelligence, counterterrorism, open-source intelligence and advanced technology. Previously, he has been an advisor at the CIA, an associate deputy general counsel at the Pentagon, and he is a US Marine Corps combat veteran.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
How 21st-century data management can help leaders provide more effective correctional healthcare services
Breaking down barriers: The challenges of federal micro-purchases for small businesses
The push to upskill the technology workforce in federal agencies