TYB
Assessing the Tradecraft of Intelligence Analysis
A RAND Technical Report
Most public discussions of intelligence address operations—the work of spymasters and covert
operators. Current times, in the wake of September 11th and the intelligence failure in
the runup to the war in Iraq, are different.1 Intelligence analysis has become the subject. The Weapons
of Mass Destruction (WMD) Commission was direct, and damning, about intelligence analysis
before the Iraq war: “This failure was in large part the result of analytical shortcomings;
intelligence analysts were too wedded to their assumptions about Saddam’s intentions.”2 To be
sure, in the Iraq case, what the United States did or did not collect, and how reliable its sources
were, were also at issue. And the focus of post mortems on pre-September 11th was, properly,
mainly on relations between the Central Intelligence Agency (CIA) and the Federal Bureau of
Investigation (FBI) and on the way the FBI did its work. But in both cases, analysis was also
central. How do the various agencies perform the tradecraft of intelligence analysis, not just
of spying or operations? How is that task different now, in the world of terrorism, especially
Islamic Jihadist terrorism, than in the older world of the Cold War and the Soviet Union?
The difference is dramatic and that difference is the theme of this report. The United
States Government asked RAND to interview analysts at the agencies of the U.S. Intelligence
Community and ask about the current state of analysis. How do those analytic agencies think
of their task? In particular, what initiatives are they taking to build capacity, and what are
the implicit challenges on which those initiatives are based? Our charter was broad enough
to allow us to include speculations about the future of analysis, and this report includes those
speculations. This report is a work in progress because many issues—the state of tradecraft and
of training and the use of technology and formal methods—cry out for further study. This
report was long delayed in the clearance process. It has been updated and remains a useful
baseline in assessing progress as the Intelligence Community confronts the enormous challenges it faces.
> '''→ PDF attached ← "' <
Learn Intelligence Analysis…
Critical Thinking and Intelligence Analysis (2nd printing) by MooreDavid T.
Sensemaking: A Structure for an Intelligence Revolution by MooreDavid T.
Structured Analytic Techniques for Intelligence Analysis by HeuerRichards J.Jr., PhersonRandolph L.
Cases in Intelligence Analysis: Structured Analytic Techniques in Action by BeebeSarah Miller, PhersonRandolph L.
A Tradecraft Primer: Structured Analytic Techniques for Improving Intelligence Analysis
The Investigative Analytical Process by SuggIrvin D.Jr.
An Introduction to Intelligence Research and Analysis by ClauserJerome, GoldmanJan
Bringing Intelligence About
Practitioners Reflect on Best Practices by SwensonRussell G.
Analyzing Intelligence: Origins, Obstacles, and Innovations (2nd ed.) by GeorgeRoger, BruceJames
Reducing Uncertainty: Intelligence Analysis and National Security by FingarThomas
La Boîte à Outils de l’Intelligence Économique by DeschampsChristophe, MoinetNicolas
Strategic Intelligence: A Handbook for Practitioners, Managers, and Users by McDowellDon
There is Open Source Data
And there are Open Source Tools to
All freely available
If you put the data that you collect
Into an SQL database
Like PostgreSQL
Then you can use Business Intelligence tools
Like BIRT
To help you analyze it,
Just like business people do.
https://download.eclipse.org/birt/downloads/
Get the All-In-One BIRT Designer
If you don't have PostgreSQL already running
The easiest way to get it installed is to use 2UDA here
https://www.2ndquadrant.com/en/resources/2uda/
This gives you a professional database server that supports
Business/Financial data
XML encoded data
JSON encoded objects from web applications
NoSQL data (but you can use SQL to query it)
What if you've got PostgreSQL running using 2UDA
https://www.2ndquadrant.com/en/resources/2uda/
But you decide BIRT is not the tool for you.
There are other choices
Orange3 from Slovenia is a good one
It's geared towards data mining
https://orange.biolab.si/
The diagrams that you create showing how to process the data
Are the executable code as well
But if you are a coder, you can add your own modules too.
The diagrams are all explained on this page
https://orange.biolab.si/workflows/
An alternative to Orange3 or BIRT
Is to use an automated Scientist's Notebook
Such as Jupyter
This allows you to write notes
Describing your data collection,
You plan for analyzing it
And the code you intend to use
So it forms a complete set of documentation
Of what you did
But,
Since it is automated,
You can tell it to run the code, in place
And include any output tables, charts, diagrams
Right in the notebook page
https://jupyter.org/
This is a popular tool for all kinds of scientists
And since Intelligence Analysis
Is very similar to Data Science
This tool works very well.
When you get comfortable with it, you will find deep capabilities
It is not just for Python code
It can integrate code in R, Java/Groovy, Scala and other languages
Like all the other software I mentioned
It is Open Source and free to use as much as you like.
Some Jupyter images
Articles
Threat Hunting with Jupyter Notebooks
https://posts.specterops.io/threat-hunting-with-jupyter-notebooks-part-1-your-first-notebook-9a99a781fde7
Using Python for sentiment analysis in Tableau
https://www.tableau.com/about/blog/2016/12/using-python-sentiment-analysis-tableau-63606
Installing Python Packages from a Jupyter Notebook
https://jakevdp.github.io/blog/2017/12/05/installing-python-packages-from-jupyter/
While Jupyter is great for organizing and managing your own code and projects, it can be useful to have something wrapped around Jupyter to manage all the Python components, and other tools that you use. Anaconda works well for this.
https://www.anaconda.com/distribution/
Install this first, then use it to install Jupyter
The Five Habits of the Master Thinker
-
Establish a culture of challenging key assumptions
-
Always consider alternative explanations (including the null hypothesis and deception)
-
Instinctively look for inconsistent data to discard candidate hypotheses
-
Focus on key drivers that best explain what has occurred or what is about to happen
-
Anticipate a customer’s needs and understand the overarching context for the analysis
The attached PDF has 71 slides
The Five Habits of the Master Thinker
-
Establish a culture of challenging key assumptions
-
Always consider alternative explanations (including the null hypothesis and deception)
-
Instinctively look for inconsistent data to discard candidate hypotheses
-
Focus on key drivers that best explain what has occurred or what is about to happen
-
Anticipate a customer’s needs and understand the overarching context for the analysis