Wednesday, December 26, 2012

Intelligence Analysis Tools- Patterns and Links

There is so much that goes into intelligence that it is not going to be covered in a single post. Today I want to talk about managing intelligence (information really) and making sense of it.

Obviously any good organization is working hard to find out information about their surrounding area, people and of course enemies. Snipers are doing over watch and pattern of life analysis on high payoff targets as well as whomever happens to be around. Patrols are  tracking enemy movement/ operations and actively engaging key leaders (both hard and soft power*) as well as the populace at large. Aside from the standard listening shop keepers are noting when soldiers come in to buy 2 cartons of smokes instead of a pack or two and weeks worth of snacks instead of something to tide them over till dinner chow. Retirees and other folks with a decent reason to be hanging around near key choke points are counting numbers and types of vehicles that cross their path. All sorts of folks are sitting in coffee shops, restaurants and bars listening to the chatter. A few pretty girls, potentially willing to 'take one for the team' (sorry I couldn't resist) are spending time with the rank and file and well as key leaders when the opportunity arises. Tech geeks are listening to radio frequencies. They probably can't pick up the encrypted stuff but the walkie talkies used for admin stuff on base might be interesting to listen to. Some computer folks will probably be doing their thing also. The point is that any organization with a few members and a semi decent axillary plus a few basic resources will quickly get overwhelmed with information.

As we have seen in the last few years in intelligence the issue isn't so much the gathering of information but rapidly analyzing it, figuring out it's meaning and passing that info through command channels to the shooters. What we will discuss today is a framework for this analysis. A series of products that can be created to make sense of all the chatter by slicing it up in terms of time, individuals involved, events and space. It is important to note that these products are largely looking at the same information just from different angles.

First we will look at time. The two products we will talk about are the threat wheel and the event timeline.

Threat Wheel- I could not find a good picture of this. Imagine a bicycle wheel. The spokes are the hours of the day so obviously there are 24 of them. Next we are going to make concentric circles from the inner hub all the way out to the rim. These are days. The amount can vary by what you are doing but a month isn't a bad place to start. Every action goes onto the threat wheel. You place index the appropriate time to the day and mark what it is. A could be ambush, B could be bombing, c for snap checkpoint, whatever works.

The point of this tool is to see fairly short term patterns. Example Cool Guy in black helicopters conduct raids between 1 and 3 in the morning while conventional guys hit at more like 6 in the morning. Checkpoints get set up about 7 in the morning and run till 1 or 2 in the afternoon. You get the idea. It is important to realize that your insurgent forces actions can affect the threat wheel. If you run operations in the morning then they will look for you in the morning, raids will be conducted in hours of darkness when they suspect your force will be resting, etc.

It also might not be a bad idea to keep a threat wheel (maybe call it a friendly forces activity wheel or something) of all of YOUR actions. The reason is to avoid setting patterns that can be targeted. The other guy will be looking for those patterns to set up an ambush or drop some bombs so you better not set any obvious ones.

Event Timeline- This is just that a timeline. It is better for longer term stuff. Showing how two sides got to fighting or whatever. These are good for seeing big picture patterns. These typically focus on months and years while the threat wheel is more about days and weeks.

Example: A fellow I know was an intelligence officer who worked in South America in the 80's. He ended up advising a friendly Banana Republic in their fight against an insurgent communist group. When they looked at it this group had a pretty set pattern for moving into an area. They would send a few guys in to look around and ask questions. What were the local grievances, who were the power players, that type of stuff, next they would damage the roads, bridges and train tracks (isolating the objective) which inconveniences the people and made them dislike the police and army who could not stop this. After that they would conduct a few attacks hurting a few people and destroying most of the police vehicles to stop the lazy police from patrolling and they would move into the jungles outside the city in force. Some folks would then come in and talk about how the regime was corrupt and incapable of providing basic services. By the time they got to actually going into town the police were incapable of maneuvering, it was difficult for regime reinforcements to get there and the people were largely on their side. Information like this allowed the regime to much more effectively mass their forces (instead of guarding everything) and defeat the insurgents. Remember that patters will be exploited by people who find them. End example.

Next we are going to look at people.

Association Matrix- This is a pretty simple document. It is a triangle with a bunch of names going down the angled side.


The point is simply to show which players know each other. Here is an example.Typically one symbol will be used for suspected association, another for confirmed association and a third when one of the parties is dead.

Activity Template- This is a simple square divided by lines. On the left side we have the names of all our players from the association matrix and on the bottom we have a whole bunch of activities. Some will be key events like Regime puppet forces assassinating a local power broker and others will be broad like 'intimidation' or 'information operations'.
The same known, suspected, KIA code (the examples from the FM don't have it but it's smart to include so you don't get all whipped up about finding a connection to then realize one of them is dead) will be used here. The point is to link our players with activities. This can also feed back into our association matrix. If Bob and Jim are both confirmed to have participated in the death squad that offed a town council member they know each other. Be sure to adjust the association matrix accordingly.

Next we put this stuff together.

A product omitted from the manual but useful none the less is an Intel Analysis map overlay. Taking the people and activities and plotting them onto a map. Think of it like a threat wheel slapped onto the map. You can also incorporate a variety of other useful info like ethnicity, religion, income as needed, whether an area is pro regime, neutral, contested or pro insurgent and whatever other info you deem pertinent. I do not think this is necessarily essential but it depends on how many visual learners are in your target audience.

Link Diagram- The link diagram shows activities, players involved and the connections between them. An event will be a square, people are circles, confirmed connections are solid lines and suspected ones are dashed lines. You can use another key system but this one works fine and is easy.

The link diagram is really what all of the work we have done is building up to. It should (if you have a decent amount of info) graphically depict who is doing what and the connections between them. Also this is where this whole process really starts giving back to you.

This process is pretty helpful for managing a lot of information during a complicated situation. If you haven't figured it out yet Insurgencies are complicated situations. The Regime has conventional forces, paramilitaries, auxiliaries, folks actively and passively supporting it. Local power brokers are out doing their thing and supporting one side or both, sometimes switching back and forth as conditions change.  A variety of thugs and criminal organizations exploit the vacuum to ply their trades. The insurgent groups have a slew of loosely organized, sometimes even competing, groups, auxiliaries and supporters.

I said before that this analysis is a way to manage information. That is the most basic function for sure but it also brings up questions when you see the picture more clearly. Seeing everything put together will make connections or holes in your information become much more apparent than if they are stuck in a huge stack of reports. This will lead to new PIR (Priority Intelligence Requirements) to answer the questions that come up. Is a person who seems to be involved with every cell but not directly in any operations a courtier, some sort of specialist (explosives, commo, medical, etc) or a leader? Is the Mayor a Boss Hog style crook, a Grey Man, playing both sides or a full out regime stooge? Are the local chapter of the Masons running a pro regime death squad?

The relationship between intelligence collection and operational command is a complicated one. Way more than can be addressed in a paragraph. Simply put the Commander will give guidance on operational plans which will be supported by intelligence collection. Intelligence collection will then lead to focusing or adjusting the operational plans to suit the situation. I guess you could say that operations drive intelligence and intelligence focuses operations. Done right it is a positive feedback loop of butt kicking.

*Hard power would be established positions of authority, not necessarily of arms, such as tribal leaders, mayors, police chiefs and whatnot. Soft power folks can be just as influential but do not have a formal title parse. Think village elder, influential businessman, religious leaders and such. Their power is just as real but varies more depending on the individuals involved. If you have ever seen a Mayor make a 180 degree policy turn overnight after the town doctor and Preacher spoke against it you have seen soft power.

For further info refer to http://www.globalsecurity.org/intell/library/policy/dod/part4_ct_analysis_course.htm , http://www.globalsecurity.org/intell/library/policy/dod/ct_analysis_course.htm and FM 3-07.22 particularly Appendix F where the example images came from.

I hope this is interesting to a few of you. Anyway happy day after Christmas.

1 comment:

Anonymous said...

Good stuff. Thanks for posting.
g

Related Posts Plugin for WordPress, Blogger...

Popular Posts