Shared Intelligence Image

In the land of the blind, the one-eyed man is king: Why intelligence gathering should underpin your security strategy

December 1, 2015 9:00 am
14 Flares 14 Flares ×

The recent terrorist attacks have thrown into sharp focus the impact that intelligence gathering has on our lives.  We don’t notice it of course, but every day intelligence agencies both foreign and domestic, friend and enemy gather intelligence in order to prevent terrorist attacks.

It doesn’t matter whether you work for the French Direction générale de la security intérieure hunting Daesh in 2016, or whether you work for Sir Francis Walsingham in 16th Century England; there are only three ways of gathering intelligence.

Firstly, you can intercept communications; tap mobile phones, hack email and social media accounts.

Secondly you can carry out surveillance operations, following people or things on foot, in cars, or by using drones, CCTV or satellites.     Finally, you can insert undercover operatives or informants into the target organisation.   All of these things the DGSI will have done in the months leading up to the attacks, the problem is that they were targeting the wrong people.

Even though the terrorists involved were known to the authorities, they were not subject to any close scrutiny using any of the aforementioned techniques.  This will have been because whilst they were suspected to be what they were, nothing linked them to an imminent plan to carry out the atrocity they did.

The public, the media and others who are unaware of how information is collected, analysed, shared and turned into actionable intelligence will want to lay the blame at the door of the DGSI.    Not so those who know that in the land of the blind the one-eyed man is king.     They understand that if you don’t comprehend, you can’t apprehend.

As a mission statement, “Stopping Terrorists Killing People” is a cruel master.  No-one knows or cares when you’re successful, but fail and the whole world wants to lay blame.

Everyone will expect the intelligence agencies to ‘learn lessons’ from these attacks.  But whether it’s Charlie Hebdo, a Tunisian beach, the Russian MetroJet airliner or the Bataclan theatre, there is no lesson, just the knowledge that these tragedies will provide intelligence that may prevent a future attack.

Once it’s on your radar, either because you receive a snippet of information or because the event has occurred, it changes from an intelligence operation to an intelligence-led operation and it becomes much easier to track the culprits.

The French intelligence community working alongside criminal investigators used the tiniest pieces of evidence to direct a formidable intelligence-led investigation.   The finger of a suicide bomber provided DNA, a mobile phone dumped in a garbage can by one of the attackers and an abandoned hire-car planted as a getaway vehicle led the authorities to Belgium.

All the time, the cell-phones, email addresses and social media accounts of anyone identified in this fast-moving investigation would have been intercepted.  Every phone call, every ‘check-in’, ‘tag’ ‘like’ or ‘fave’ would have been scrutinised.  Every GPS position of every friend and follower number-crunched to provide the Case Manager with clues not only about those responsible, but also about other terrorists they may have had contact with.

The takedown of this cell is not the end result; there is no such thing when you gather intelligence in order to save lives, just a change in direction, a change of priority, a change of focus.  If some small scrap, fed into the system months ago, had made a connection between seemingly random entities, people, vehicles or incidents, the citizens of 26 nations would have enjoyed just another Friday night in Paris.

Morally, it is very difficult for me to use Paris 2015 when making analogies about the way nation-states gather intelligence in order to save lives and the way that commercial organisations can use intelligence to reduce risk.   But risk reduction; to prevent loss, reputational damage, theft and fraud is so glaringly metaphorical that it needs highlighting.

A retailer with global reach attempting to minimise risk is no different from a nation protecting its citizens.

The retailer needs to gather information about every single incident that might affect their staff, customers, reputation and bottom line.     To do this there are a number of requirements they must satisfy.  They need an intelligence management system that anyone, from the assistant on the shop floor and the driver in the supply chain, to the warehouse manager and head of security, can feed raw information into from any part of the world.

This raw data, the information is not yet valuable enough to call ‘intelligence’, must be processed.  An understanding of the process of turning information into intelligence will certainly help a commercial organisation grasp how it will help reduce risk.

Information is raw unfiltered data, untested when received and from a wide variety of sources.  The information may be true, false, misleading, incomplete, relevant or not.

By evaluating both the information and the source of the information, trained analysts can distil the raw data into ‘intelligence’ that is accurate, as complete as possible and relevant, before being disseminated to those who can use it in time for it to be of use.

There are a number of rules governing intelligence gathering and rule number one is that it must always be in response to a customer need.    Whether internal or external there is no point expending resources on collecting information that is neither relevant or timely.

A gang of ram-raiders attack a retail outlet in Edinburgh.  The manager reports the matter to the regional office.  Two weeks later, their York branch suffers the same fate.  A similar report is filed with a different regional office.   The staff at head office in London are aware of both incidents but don’t understand that along with attacks on their competitors, a pattern is emerging.  They certainly don’t think about the fact that the same gang may be responsible for all attacks, or that the incidents are slowly moving south.   By the time all the dots are joined the Birmingham branch has been subjected to the same raid.

The collection of information needs to be as detailed as possible.   The analysis of the information may produce a profile of the gang.  The examination of the CCTV, the geography, the type of goods stolen may expand that ‘profile’ to include an inference that the gang are moving south.

Sharing what is now ‘intelligence’ with the whole retail group, with competitors, with the local police, will allow the risk to be managed.     This might include posting extra security staff on those stores along the anticipated route, if only for a couple of weeks, or fixing the CCTV in those stores that have always had problems.

To demonstrate how well a simple system can work consider that in 2012 a parish in rural England suffered a number of thefts of religious artifacts from their churches.  At 10am a theft took place from St Bartholomew’s.  At 12pm a theft from St Mark’s three miles away.  At 4pm the police stopped a van outside St Mary’s, church number three.   The contents of the first two thefts were in the back of the van.   It took just three phone calls between a couple of Churchwardens, a Vicar and the local police for the criminals to be detained.

To conclude, the success of the intelligence agencies in keeping citizens safe from terrorist attack, and the reduction of risk to commercial organisations through the use of formal intelligence gathering, analysis and dissemination cannot be understated.

  • Intelligence management systems do not have to be complicated.
  • Intelligence sharing does not involve limitless resources.
  • Collaboration reduces risk.


About the Author

Cameron Addicott is an independent security, investigations & intelligence consultant, former undercover officer with H.M. Customs and the Serious Organised Crime Agency. He spent nearly twenty years working as a Criminal Investigator, Covert Surveillance Operative & Commander, Informant Handler and Undercover Officer.

In 2010 Cameron published “The Interceptor” which went straight to #1 in the Amazon True Crime Bestseller list. The rights to the book was later bought by BBC to produce a crime drama series of the same name.

To find out more information about investigations and intelligence solutions contact us at or call 0115 907 8030.

14 Flares Twitter 0 Facebook 0 LinkedIn 10 Google+ 4 14 Flares ×
Tags: , , , , , , ,

Categorised in: ,