Guest Article: A Primer on Tactical Intelligence Collection, by Samuel Culper

Tornadoes, flooding, and wildfires are just three examples of localized and very personal emergency events that we saw last year, and they illustrate the devastation by an event for which there is immediate early warning. We can be alerted to a tornado warning and seek cover. We can vacate our homes in case of flooding or an approaching wildfire. As we deal in the likelihood of SHTF scenarios, the likelihood of natural crisis events is 100%.

However, on a regional or national scale, we’re looking at more unpredictable events for which there is little to no early warning: an electromagnetic pulse, or perhaps a cyber or physical attack on critical infrastructure, or a financial or monetary breakdown that plunges millions into a very real emergency scenario. A cyber attack on the New York Stock Exchange will have no direct effect on your safety, but the second- and third-order effects will be felt on every level and generate threats to your community. So what we should be preparing for is not the cyber attack itself but for the follow-on effects of that cyber attack that will affect your community.

Regardless of the event, we need to be able to collect information to support decision making so we can keep our families safe. Should we bug in or bug out? If bugging out, which route should we take? If bugging in, how can we get early warning of approaching threats?

I’m going to break down a few ways that we can reduce the uncertainty in an emergency situation. I spent three years in Iraq and Afghanistan, and both of those countries were real life or death, 24/7 emergency situations. As an intelligence analyst, my job was to keep the commander informed on the security situation and threat environment. The commander’s responsibility was to make decisions based on the intelligence we provided. If we had no incoming information, then we couldn’t produce intelligence. This is why information is the basic building block of intelligence, and therefore community security. If we want security in a volatile and potentially violent scenario, then we need to know more about the threats. What we need is real-time intelligence.

In 2014, a small group of volunteers and I battle tracked the Ferguson riots. The first step of battle tracking began with a process I call Intelligence Preparation of the Community, or IPC. (You can watch the entire IPC webinar here.) We analyzed the strength, disposition, and capabilities of local security forces. Knowing what equipment they had enabled us to better understand how they would react to unrest. We similarly analyzed the protest groups and identified associated individuals.

What these groups— both security elements and protest/riot elements— had in common is that they were both producing information of intelligence value, much of which was available through open sources. Through something as simple as listening to the police scanner, our team was able to plot out the current reported locations of law enforcement and the National Guard. Meanwhile on Twitter, we scanned the accounts of known protesters for real-time information.

In the image below, we took information reported on local emergency frequencies and plotted those locations on the map using Google Earth. “Warfighter 33” was the call-sign for the National Guard Tactical Operations Center, which was set up in the parking lot of the Target shopping center. We also pinned several National Guard posts as they reported their locations. It wasn’t rocket science, but it started to help us understand the security situation. This is a very rudimentary form of signals intelligence, or SIGINT.

Through the night, we continued to use photographs uploaded onto social media sites and news articles in order to identify the photos’ locations. Then we plotted them on a map. Pretty soon, we had a very good idea of which areas were generally safe and which areas had the most activity as the riots progressed and eventually burnt out. Had we lived in Ferguson, we could have used this intelligence to navigate our way to friends and family or to help friends and family navigate away from the threats. All this information was publicly available, so we call it Open Source Intelligence, or OSINT.

(And with some very basic equipment, anyone can replicate this process for their own communities. Be sure to check out the Ultimate ACE Startup Guide for additional information.)

So what do I do if there’s a grid-down situation where there’s no electricity?

That certainly complicates things. Before I answer that question, I want to ask you one: on a scale of 1 to 10, how important is intelligence in a emergency situation? (I would say 10, but I am admittedly a bit biased.)

First, understand that there may still be electricity in a grid-down environment. As long as there are generators and given that there’s not been an EMP, then someone somewhere will have electricity. My local law enforcement agency claims to have enough fuel for two weeks of backup power were things to go sideways. That’s good to know, and it’s the benefit of intelligence collection before an event as opposed to a post-event scramble. If they’re powered up and communicating during an emergency, or perhaps some Ham radio operators are, then we still need the capabilities to listen in. Otherwise, we’re going to be at a severe disadvantage.

If there’s no power, then we’ll have to rely on Human Intelligence, called HUMINT. That means getting out and talking to people. It could mean a reconnaissance patrol. For hundreds of years before the advent of collection technologies, the horse-mounted cavalry were the eyes and ears of the commander. Snipers and forward observers sitting in hide sides had the responsibility to get “eyes on target”— in other words, observing and reporting enemy activity— and they’re often excellent intelligence collectors. An observation post equipped with a field phone, sending back intelligence information, is another example of observing and reporting; in other words, they’re collecting and reporting intelligence information without electricity. A grid-down scenario certainly limits our collection capacity, but it shouldn’t negate it altogether.

What are some considerations for human intelligence collection?

Consider this: technology is a force multiplier. With SIGINT or OSINT, we can be very wide and very deep in our intelligence gathering. That’s a 1:n ratio. We have one collection platform, in this case maybe a radio receiver, and we can quickly scan radio frequencies to collect real-time or near-real-time information from anyone who’s transmitting. But when we deal with human intelligence, we’re often operating on a 1:1 ratio; that is, one collector is speaking to one source at any given time. That’s a very slow and difficult way to do business.

So instead of 1:1, I want you to consider the scalability of that ratio. If one person is limited to gathering intelligence information from one person at at time, wouldn’t it makes sense to scale the number of collectors upward? It absolutely would. Every set of eyes and ears is a sensor, so we as an intelligence element tasked with providing intelligence for community security should absolutely be interested in encouraging community members to passively collect lots of information. Every member of our community is a passive intelligence collector. They may not target individuals for recruitment or conduct source meetings, but we’re cutting ourselves short if we’re not consuming what they see and hear. All that information is reported back to us, and then we’re engaged in the arduous task of compiling and evaluating that information in order to create intelligence.

Intelligence doesn’t produce itself, so it’s incumbent on us to build that capability. The more accurate information we have, the more well-informed we can be. Without first being well-informed on the situation, making high-risk, time-sensitive decisions just got a whole lot more complicated.

Samuel Culper is the director of Forward Observer, a threat intelligence service that focuses on domestic security and conflict risk issues. He’s a former military and contract intelligence analyst, and author of SHTF Intelligence: An Intelligence Analyst’s Guide to Community Security.