OSINT Applications in Public Sector Security

By Charli Foreman

Public sector OSINT blog image
Contents

    Get the latest news and insights sent straight to your inbox

    Open-Source Intelligence (OSINT) has long been an important resource for the public sector – and since the advent of the internet, public sector OSINT usage has only grown.

    The internet contains large volumes of readily available, open-source data which can be leveraged by investigators for a wide range of public sector use cases. Although the insights drawn from this data must often be combined with other types of intelligence for the best results, OSINT provides valuable context to help public sector bodies make informed decisions.

    A major concern for the public sector is ensuring national security – and OSINT also has a significant role to play here. In this article, we’ll explore the impact of OSINT on public sector security, looking at how it assists a wide range of use cases and how the public sector can optimise their use of OSINT.

    OSINT for Public Sector Security: Use Cases

    OSINT has important applications across a large number of public sector security use cases. To highlight just how effective and versatile OSINT is, we’ve summarised some of the key use cases below.

    Vetting

    As recent cases within law enforcement have shown, vetting procedures within public sector recruitment need to be robust.1 In order to do the work that they do, public sector organisations – and law enforcement in particular – need to uphold a positive, trusted reputation in the eyes of the general public. The actions of an individual employee can impact this reputation and, as a consequence, the organisation’s ability to operate efficiently and effectively. This means that public sector organisations need to be able to trust their staff, and vetting is a crucial step in facilitating this.

    Integrating OSINT into vetting processes allows for more informed decisions to be made, as it can reveal information about an individual that’s not available through other checks. It’s important to note that where newer, tighter vetting procedures are introduced, they shouldn’t apply only to new hires. Indeed, regular vetting of all staff is the best way to ensure trustworthiness. Whilst this might seem daunting, OSINT is easy to use and readily available when accessed through the right tools, allowing for more comprehensive and regular vetting within public sector organisations.

    Suggested reading: Public sector OSINT use regarding security isn’t limited to these use cases. Learn how it’s used to combat cybercrime by reading our blog, Applying Open Source Intelligence to Cyber Crime Investigations.

    Counter-Terrorism

    A major focus of public sector security is counter-terrorism. Similarly to crimes such as human trafficking, recruitment to terrorist groups often begins online. Although conversations will be moved to private channels as soon as possible, signs of engagement with extremist material and vulnerability to radicalisation are often apparent from publicly available content on social media and forums. For example, connection and interaction strength can be used to identify vulnerability by examining who a known terrorist communicates with regularly and how close they are to certain individuals. Likewise, investigators can gather intelligence about public perception of terrorist groups from these sources.

    Another important public sector OSINT use within counter-terrorism is geolocation and identity verification. Extremist groups operate in secrecy to limit outside knowledge of their operations. However, previous Bellingcat investigations have been able to uncover the location of extremist meetups and,2 in one case, the real-world identity of the leader of a prominent extremist group.3

    Public Unrest

    It’s important for public sector bodies to monitor public unrest effectively. Not only can large-scale protests cause significant disruption for members of the public, but public unrest also introduces a higher risk of violence and other criminal activity such as looting.

    Now that the majority of communication happens online, OSINT has become an even more crucial resource for monitoring and investigating public unrest. For example, protests are often promoted and discussed publicly online in order to encourage attendance. By monitoring OSINT sources such as publicly available social media and forums, public sector bodies can gain an accurate picture of the scale and tone of a protest, and gauge the level of response required.

    When an incident has occurred as a result of public unrest, these same OSINT sources, alongside reporting from media outlets, can be extremely helpful. Participants or bystanders might share clips and accounts of the event online which help investigators to identify key players and analyse their connections to see which other individuals or wider groups might be involved in criminality.

    Why OSINT for Public Sector Security?

    Beyond providing crucial context and direct insights that aren’t apparent from other sources, OSINT has further tangible benefits when compared to other techniques. However, that’s not to say that public sector security should rely on OSINT alone. Any investigative technique generates the most intelligence when combined with others, and the unique benefits that OSINT brings to the table include:

    Digital investigations for a digital world

    With the amount of internet data available growing every day and increasing communication happening via open sources, it would be foolish to overlook the direct insights OSINT can provide.

    Moreover, if public sector organisations don’t use OSINT adequately, it could lead to a loss of trust in these organisations. OSINT sources are out there for anyone to access, including the general public and media. Neglecting to make the most of OSINT can lead to scandals where key intelligence is spotted by journalists or hobby investigators, undermining confidence in organisations that are meant to ensure public security.

    Information sharing

    Public Private Partnerships (PPPs) are important to public sector security, as they allow for harmful crimes to be countered more effectively. However, a common barrier they face is information sharing – because some information comes from privileged or human sources, it’s not always clear what’s appropriate to share. With OSINT, these challenges are reduced, as any intelligence is drawn from publicly available sources.

    Ethics

    Whilst OSINT isn’t ethically infallible, it is often more defensible and more proportionate than other intelligence techniques. Since the information used to generate OSINT is publicly available, breaching privacy is less of a concern in  public sector OSINT investigations.

    Enhancing Effectiveness in Public Sector OSINT Use Cases

    It’s clear that OSINT is crucial to ensuring public sector security across a range of teams. To facilitate more effective use of OSINT for public sector security, investment is needed in several key areas:

    Centralised training

    Good training on best practices and common pitfalls is key to ensuring success within public sector OSINT investigations. Since it’s used so broadly, there’s a real opportunity for the UK national security community to invest in standardised OSINT support structures.4 A centralised structure would allow for the sharing of expertise and experience, facilitating more effective use of OSINT.

    Crucial topics to cover in training include:

    • Disinformation: Open-source data isn’t always reliable, as it often comes from less official sources. To add to this issue, misinformation and disinformation are often perpetuated in online spaces. Investigators need to be aware of this and have sufficient training on sorting fact from fiction.
    • Ethics: Although there may be fewer privacy concerns when it comes to practicing OSINT, it’s still important to educate investigators on ethical best practices, such as only collecting relevant information.
    • Best practices: Keeping investigators up to date on best practices means that OSINT can be used more effectively and efficiently.

    Effective tooling

    Public sector OSINT investigators need to have the right technology to support easier navigation through large volumes of publicly available information. Regardless of use case, there are several things to look out for in a good tool:

    • Features to enhance, not replace, the investigator: Humans provide crucial insights that can’t be replaced by technology – these insights will be missed in tools promising full automation.
    • A range of sources: Look for software that allows users to access all the necessary sources in one place, optimising the efficiency of an investigation.
    • Smooth onboarding and full support: Tools with good customer support allow public sector organisations to start leading better investigations sooner.
    1. Police vetting: Thousands of staff members not properly checked – BBC News
    2. From Pixels to Punches: Geolocating a neo-Nazi and White Nationalist Combat Event in Los Angeles – bellingcat
    3. Texas Active Club Leader Blurred His Face But Forgot to Scrub His Socials – bellingcat
    4. Unleashing Open Source Intelligence for UK National Security (Guest blog by PUBLIC) (techuk.org)

    More insights