Presented at "Terrorism 98" Conference, April 16, 1998 , Marborough, MA

Military, police, diplomatic, and other government agencies of many "nation-states" have been engaging in what is commonly called "intelligence" for many centuries. Sun Tzu speaks extensively of the importance and value of intelligence and counter-intelligence operations in 2nd Century (B.C.) China, in his book, The Art of War.

As the world has grown more populated and it systems and problems have grown larger, more complex, and more difficult for both the individual participant and the decision-maker to understand, the need for more and better intelligence capabilities have become evident. As various kinds of threats to the collective community continue to evolve and devolve, it is our belief that the issues concerning the effective gathering, analysis, and reporting of intelligence issues will continue to become more important.

A basic problem seems to involve the fact that many current U.S. governmental systems are just too slow to respond to a rapidly evolving world environment. Information and decisions must pass through many "channels" and specialist "cubbyholes" (as described by Toffler, et al), each with their own priorities and bits of the total picture. The overall system then hopes that all of these "bits and bytes" will get put back together into a comprehensive picture higher in the chain of command. Some experts today question even this basic premise.

"The system" hasn't evolved much as overall information management capabilities have advanced and grown. Pertinent information needs to flow more rapidly down to the "manager" at the scene of the incident; be it a disaster or major military confrontation (and those two may become intertwined and concurrent as time goes on). Vital information is of little use until it is applied to the problems that actually exist on the ground. Our "information system" should allows leaders to anticipate, plan, obtain logistics, and effectively implement sound tactics and strategies...in a more rapid and effective manner.

We should preface the remainder of this article by saying, to the best of our knowledge, that it was not developed by using existing intelligence gathering and analysis methods, and may not be in concurrence thereto. Although there are certainly some similarities in the way we practice our process and methodology, there are also many differences that may prove foreign to those military and intelligence professionals who review this work. Further, it should be noted that nothing contained herein should be construed as a recommendation for the reader to violate any law, or policy, procedure, rule or regulation of the agency for which they are employed. Prohibitions against certain types of collection and analysis behaviors and law enforcement procedures may exist in both military and federal law enforcement agencies.

News/Events/Circumstances

This is raw data regarding an a report of an actual event, an observation of an informed viewer, a situation report, a threat warning, or other similar communication regarding a matter of importance to the agency/group gathering the data. News is generally not "intelligence" in a best working definition of the word. It is raw information that must be studied, researched, refined before it can be called intelligence or knowledge. (Editor's note: for the remainder of this discourse, we will use the words intelligence and knowledge in a largely interchangeable way.)

Information/Reference Resources

This is a historical/chronological/alphabetic cross-referenced database(s) of past events or related information that may pertain to a specific type of event, issue, group, individual, or problem. It is this information that allows the analyst to begin to note similarities and dissimilarities (often just as important), draw inferences, note patterns and reach conclusions about future events...based on a historic knowledge of past events, personalities, circumstances, and cascading effects. Some typical examples of these kinds of information, already generated within emergency services, might include dispatch reports, after-action reports, citizen reports and complaints and other pertinent documents.

Another key to referencing and utilizing large amounts of information is to leverage data resources and assessments already developed by others. A natural extension of this idea is to exploit the knowledge and expertise that has already been gained by others through years of study and experimentation. As the saying goes, it makes sense to "learn from the mistakes of others...as we may not live long enough to make them all ourselves." All too frequently, in many public service agencies, there seems to be a tendency to try to "re-invent the wheel," rather than leveraging already existing knowledge, technologies and "data-mines" that may contain already developed solutions to newly realized problems.

These external organizations should NOT act as a substitute for in-house analysis and the final production of an integrated intelligence product, but rather as pre-filter and distribution channel through which on-demand experts/ information can be easily accessed. The primary value of these outside sources is that they may enable you to rapidly identify the latest, best and brightest information assets that pertains to your specific decision-making need. They allow information to be rapidly acquired, evaluated, and integrated into an "all-source" intelligence product.

Collective Collection Efforts

Diamond versus Linear Paradigm

Distributed/G2I/ERRI "Chaos" Method of Collection and Analysis

Recent innovations in collective information gathering and analysis may suggest the viability of a concept that goes even one step farther than the "diamond paradigm" offered bny Steele. It embraces a completely non-linear, non-hierarchical, non-directed, and multi-source "real-time" approach to intelligence/knowledge gathering and analysist. Both the Emergency Response & Research institute (ERRI) and a group of military, law enforcement and intelligence officials informally called "G2I," (Get the Word Out, Intelligence) have been experimenting with this newest method and have found it viable in several recent circumstances and situations. The concept involves a distributed "Chaos-like" theory that facilitates the virtual participation of academics, operations personnel, tactical experts, and others in simultaneous collection, analysis and dissemination activities. More and thorough studies remain to prove the overall viability of this concept.

Analysis

Need for analysis

Analysts are "Born," not Made

Implementing The Analysis program

Secondarily, and dependent upon on the ability and experience of the analyst(s), emergency leaders should realize that even the best analysis may be inaccurate or flawed. The quality of the input information and evolving circumstances may make even the best "guesses" imprecise or unworkable. Assessments are often based on uncertainties and variables that are beyond the control of the analyst. Therefore, it is incumbent on managers not to overly criticize or impede the analysis process, even when it appears to fail. As long as analysts are providing the best intelligence product that they can produce, given the circumstances, time constraints, and logistical support, it is recommended that they be allowed to proceed without prejudice. In fact, we would recommend that it is necessary that they be regularly rewarded and promoted for their diligent efforts.

Intelligence Value = content + context + time

As noted elsewhere in this report and other reference documents, the value of intelligence is determined by it's timeliness, the accuracy of it's content, the context in which it is presented.

As the concept of "stateless warfare" continues to emerge, and its implications better understood, it would appear the greater the need for closer cooperation between emergency service, federal and military agencies. Greater collaboration between Fire/Police/EMS and Military agencies may become mandatory in domestic terrorism circumstances, for instance in those incidents involving Chemical/biological/Nuclear materials. Over-lapping and concurrent responsibilities could become apparent...as multiple terrorist acts could cause interdependency in civilian/military chains of command. Certainly, at a bare minimum, direct interaction and communications between these vital civilian and military agencies must take place.

Terrorist events currently seem to move faster than responses...leading to decision-makers being forced into uneducated "guesses" about what to do next. Information may not only be slow, but also irrelevant to those that need it to make decisions. The real requirement is to acquire and analyze pertinent data, in as close to real-time as possible, to speed the decision-making loop.

B. Databases and "information mining" (dispatch, after-action report analysis)

C. Open source documents produced by other organizations and research on World-Wide-Web

D. Artificial intelligence/intelligent agents/inference engines

E. Maximizing existing private and public resources and capabilities

The Emergency Response & Research Institute has been experimenting for the past two years with what we call an "inference engine," which is computer software that essentially attempts to accomplish two goals:

1. Use multiple refined keyword search engines to constantly gather Open Source Intelligence (OSINT) documents from a variety of sources, including Internet based assets.

2. Use a series of verbal algorithms (if, and, but, not, then, etc.) to draw inferences from the raw data collected above and that could lead to preliminary conclusions about the possibility of future events. (in other words; if "A" occurs + "B" occurs + "C" occurs = then "D" COULD occur)

To date, this "cobbled together" patchwork of artificial intelligence (AI) and "expert agent" technology, compiled by ERRI, continues to remain proprietary and not commercially available. Although probably inferior to similar systems already developed by U.S. federal agencies, it does point out the utility of such schemes to both gather and analyze emerging patterns and threats. We would strongly recommend further study in this area.

We Don't...

One of the primary problems that we see as a major impediment in our collective move to become evolved and make better choices is the fact that we DON'T SHARE information. According to interviews with dozens of members of members of local, state, and federal agencies, common complaints include:

Allegedly, Federal intelligence agencies DON"T talk to each other.

Allegedly, Federal agencies DON'T talk to local law enforcement agencies.

Allegedly, Information passed up the chain of command by local agencies to federal agencies is never reciprocated and feedback rarely come back down to them.

Allegedly, Local law enforcement agencies DON'T talk to Local Fire/EMS agencies.

AND, more importantly, it seems nobody seems to talk to everday tactical commanders, who will be faced with making actual decisions on the street...before the incident happens.

One of the most viable things that police and intelligence agencies do to help to prevent unnecessary injuries or deaths is to gather intelligence about potential perils and develop policies, procedures, tactics and strategies to help thwart the planned attacks. According to a variety of reports, the use of similar techniques has reportedly been successfully used by the Federal Bureau of Investigation (FBI) on at least thirty occasions in the past year. Although often not public knowledge, good intelligence about planned terrorist events and other plots against the United States has allowed law enforcement agencies to infiltrate radical cells and arrest those responsible, before they have had an opportunity carry out the act.

Unfortunately, with very few exceptions, most Fire and EMS agencies do not spend time or energy in gathering or analyzing information in regard to threats to their employees or community. Most Fire/EMS administrators seem to think that in the event of a threat involved potential violence that their local police agencies will provide them with adequate warning and preparatory measures, should that become necessary. Sadly, and historically, in all too many jurisdictions this assumption may be badly mistaken.

It would also appear that the problems described above are also being exacerbated by the fact that much data is being "compartmentalized" and not enough shared between military, intelligence, law enforcement, and other agencies, largely due to questions about security classification and "need-to-know." Open source intelligence might be a better alternative, as it is easier, faster, doesn't share the same security concerns. "Sanitized" intelligence reports, using OSINT data,   would seem inherently better than no sharing of information.

But, effective analysis of OSINT is often much tougher to accomplish due to the massive amounts of data that are available, and the fact that some of it is of questionable quality. It has, however, been demonstrated in several arenas that open source collection and analysis can be done more rapidly than the existing systems and that it may be more appropriate when brought to bear on commercial, industrial, and in certain situations where classified products are inappropriate. We, at ERRI, believe that American and her leadership might be best served by a synthesis of both wide-spread open source collection and analysis and a continuation of the necessary covert and traditional, classified methods.

In light of these circumstances and currently evolving tactical situations "on the streets", it may become necessary for many jurisdictions to establish formal liaisons between Federal law enforcement, Fire, Police, and EMS departments. This relationship should be supported at the highest levels of each department and utilized on a "real-time" basis to share intelligence assessments that may affect all of those responding to an emergency. What appears to be an extremely workable solution has been found to this problem in the Los Angeles area, where federal, state, and local fire/police/EMS agencies all participate in what is called a "Terrorism Early Warning Group." Others may want to study this concept and adopt it for local use.

Short of such a formally acknowledged system, it is highly recommended that firefighters and EMTs develop informal information-sharing relationships with their counter-parts in various levels of law-enforcement. It might be prudent to invite local patrol officers, supervisors, and agents to lunch or dinner at the station, on an on-going basis, and exchange the kinds of information that could prove beneficial to both groups.

Tactical Intelligence

Some typical examples of this short-term shared tactical intelligence might include, but not be limited too:

* Any unusual series of events that could be considered "out of the ordinary"

* Location of drug houses/"shooting galleries"

* Locations of caches of weapons, ammunition, drugs

* Locations of "radical groups" or streetgang safe houses

* Locations of the scene of multiple single incident shootings or repeated shooting incidents

* Locations of gang gathering places or "street corner" drug dealerships

* Locations of known or suspected "foreign dissident" organizations

* Movements of known or suspected criminal or terrorist organizations

* Planned or scheduled Rallies/Demonstrations/Civil disobedience

* Hazardous materials and other potential threats against fire/police/ems personnel.

Strategic Intelligence

Some typical examples of this longer-term shared strategic intelligence might include, but not be limited too:

* Overall planning of allocation/reallocation of departmental and personnel resources

* Proper placement of emergency response units to minimize response times

* Planning/evaluations of multiple simultaneous tactical incidents which may or may not be part of a larger or emerging "pattern"

It should be noted that the most successful examples of the sharing of tactical and strategic information are those that involve an actual exchange of data that flows in both directions...making the realitonship beneficial to all concerned.

If domestic civilian emergency service agencies have been deficient in recent years in regard to their preparedness for natural or man-made disasters, it is probably due to a failure in the process of tracking trends or proactively gathering information and responding to prevent or minimize evolving circumstances. The biggest problem in this regard is the fact that most fire/ems and disaster agencies do not have an intelligence gathering capability, and even if provided with data regarding an emerging trend, do not have people engaged in the process of analysis of its potential future ramifications and manifestations.

A fairly typical "real world" example of the utility of "trend tracking" and analysis might include a review of a slowing evolving disaster that took place in the Chicago, IL. area in 1995. It involved a building heat wave, with extreme temperatures and oppressive humidity that moved from the southwestern part of the United States into the Midwest over a period of time. Reports were received from numerous open sources in regard to the deaths of both people and livestock and multiple heat-related injuries in several areas south and West of Chicago.

In light of these developing conditions and noting an evolving trend, the Emergency Response & Research Institute, on July 12, 1995, issued the following warning to both emergency service agencies and the local and national press. "...conditions are ideal for heat cramps, heat exhaustion, and even heat stroke", the veteran (retired) paramedic said in an interview today. "This is the kind of weather that is dangerous to the elderly, children, and those that have diseases that prevent them from regulating heat well", he continued. "People with cardiac, respiratory, diabetic, asthmatic, and seizure problems should be warned to use extreme caution when exposed to this type of hot weather...it can aggravate their condition and even result in death", Staten added. The article went on to provide the signs and symptoms of heat cramps, exhaustion, stroke and offered some treatment and preventive measures.

In short, this incident and subsequent study of other incidents prompted ERRI to formulate this hypothesis that the impact of many natural or man-made disasters could be lessened or prevented altogether by the implementation of an effective intelligence gathering and analysis effort within federal, state, and local emergency services/disaster agencies.

Finally, it should be remembered that fully developed Intelligence assessments that are sitting in a drawer, sitting on a shelf or that reside in an obscure computer file someplace are of little use to anyone. They are only useful when they are disseminated to decision- makers and those "on the ground" that might need them, be they at the tactical or strategic level. Presently, the most difficult aspect of developing an operational intelligence gathering and analysis program is getting the relevant knowledge to the people that need it...when they need it.

Constantly interactive cooperation and communications between all levels of government are a necessity in today's dynamic environment. It is believed that better interaction and expanded sharing of intelligence products by all levels of government will benefit the overall preparedness and response to terrorist threats and other emergencies within the United States. It is also recommended that an officer be designated in every emergency service agency with a primary or secondary duty of collecting, analyzing and disseminating fully developed intelligence analysis products to those that may need them. It is believed that the use of these intelligence assessments combined with effective trend tracking will better enable us to anticipate and respond to extraordinary events that can detrimentally affect our resident populations. Finally, we would respectfully suggest that we need to develop and implement additional technological advances to assist us in the preparation of intelligence assessments.

References:

1. Webster's Universal College Dictionary, Pg. 426

2. "Strategic Knowledge; Preventing the Bombing of the Bridge to the 21st Century," by Staten, C. L., ERRI, on the Internet at: http://www.emergency.com/stratknw.htm

3. "Investigator's Guide to Sources of Information," Government Accounting Office, GAO/OSI-97-2, on the Internet at: http://www.gao.gov/special.pubs/soi.htm

4. "Private Enterprise Intelligence: Its Potential Contribution To National Security," by Robert D. Steele, President - OPEN SOURCE SOLUTIONS, Inc., on the Internet at: http://www.oss.net/Proceedings/ossaaa/aaa3/aaa3aj.htm

5. "Military Forces In Bosnia; Intelligence Overload," by Macko, S., ENN DAILY INTELLIGENCE REPORT-Saturday, April 12, 1997 - Vol. 3, No. 102

6. "Competitive Intelligence; How to Gather, Analyze, and Use Information to Move Your Business to the Top," by Kahaner, L., Touchtone Books/Simon and Shuster - 1997, Pg. 96-98

7. "ERRI Announces Terrorist Watch Chart," by Macko, S., ERRI, on the Internet at: http://www.emergency.com/putrtrnd.htm

8. "Caution Urged During Heat Wave." By Staten, C., ERRI, on the Internet at: http://www.emergency.com/heatwave.htm

 (c) Copyright, EmergencyNet NEWS Service, 1998. All Rights Reserved. Redistribution or republication without permission is prohibited by law.