Editor’s Note: This is a guest article by Samuel Culper, Director of Forward Observer, a threat intelligence service that focuses on domestic SHTF issues.
Introduction to Intelligence
Tornadoes, flooding, and wildfires are just three examples of localized and very personal SHTF events that we’ve seen in the past month, and they illustrate the devastation of an event for which there is immediate early warning. We can be alerted to a tornado warning and seek cover. We can vacate our homes in case of flooding or an approaching wildfire. As we deal in the likelihood of SHTF scenarios, Mother Nature is 100%.
But on a regional or national scale, we’re looking at more unpredictable events for which there is little to no early warning: an electromagnetic pulse, or perhaps a cyber attack on critical infrastructure, or a financial or monetary breakdown that plunges millions into a very real SHTF scenario. The cyber attack on the New York Stock Exchange will have no direct effect on you, but the second- and third-order effects will be felt on every level and generate threats to your community. So what we should be preparing for is not the cyber attack itself, but for the follow-on effects of that cyber attack that will affect your community.
Regardless of the event, we need to be able to collect information to support decision making so we can keep our families safe. Should we bug in or bug out? If bugging out, which route should we take? If bugging in, how can we get early warning of approaching threats?
I’m going to break down a few ways that we can reduce the uncertainty in a SHTF situation. I spent three years in Iraq and Afghanistan, and both of those countries were real life or death, 24/7 SHTF situations. As an intelligence analyst, my job was to keep the commander informed on the security situation and threat environment. His responsibility was to make decisions based on the intelligence we provided. If we had no incoming information, then we couldn’t produce intelligence. And this is why information is the basic building block of community security. If we want security in an SHTF scenario, then we need to know more about the threats. What we need is real-time intelligence gathering.
In 2014, a small group of volunteers and I battle tracked the Ferguson riots. The first step of battle tracking began with a process I call Intelligence Preparation of the Community. (You can watch the entire webinar here.) We analyzed the strength, disposition, and capabilities of local security forces. Knowing what equipment they had enabled us to better understand how they would react to unrest. We similarly analyzed the protest groups and identified associated individuals.
What both of these groups had in common is that they were both producing information of intelligence value. Through something as simple as listening to the police scanner, our team was able to plot out the current reported locations of law enforcement and the National Guard. Meanwhile on Twitter, we scanned the accounts of known protestors for real-time information.
In the image below, we took information reported on local emergency frequencies and potted those locations on the map using Google Earth.’Warfighter 33′ was the callsign for the National Guard Tactical Operations Center, which was set up in the Target parking lot. We also pinned several National Guard posts as they reported their locations. It wasn’t rocket science, but it started to help us understand the security situation. This is a very rudimentary form of signals intelligence, or SIGINT.
Through the night, we continued to use photographs uploaded into social media and news articles in order to identify the photos’ locations. Then we plotted them on a map. Pretty soon, we have a very good idea of which areas were generally safe and which areas had the most activity as the riots progressed and eventually burnt out. Had we lived in Ferguson, we could have used this intelligence to navigate our way to friends and family, or to help friends and family navigate away from the threats. All this information was publicly available, so we call it Open Source Intelligence, or OSINT.
So what do I do if there’s a grid-down situation?
That certainly complicates things. Before I answer that question, I want to ask you one: on a scale of 1 to 10, how important is intelligence in a SHTF situation? (I would say 10, but I am admittedly a bit biased.)
First understand that there may still be electricity in a grid-down environment. As long as there are generators, and given that there’s not been an EMP, then someone somewhere will have electricity. My local law enforcement agency claims to have enough fuel for two weeks of backup power were things were to go sideways. That’s good to know, and is the benefit of intelligence collection before an SHTF event, as opposed to a post-SHTF scramble. If they’re powered up and communicating in a SHTF situation, or perhaps some ham radio operators are, then we still need the capabilities to listen in. Otherwise, we’re going to be at a severe disadvantage.
If there’s no power, then we’ll have to rely on Human Intelligence, called HUMINT. That means getting out and talking to people. It could mean a reconnaissance patrol. The horse-mounted cavalry were the eyes and ears of the commander before collection technology. Snipers and forward observers sitting in hide sides, whose responsibility it is to observe and report enemy activity, are often excellent intelligence collectors. An observation post equipped with a field phone, sending back intelligence information is another example.
While these are all military examples, there are similar community equivalents. Consider this: technology is a force multiplier. With SIGINT or OSINT, we can be very wide and very deep in our intelligence gathering. That’s a 1:n ratio. We have one collection platform, in this case a radio receiver, and we can scan a very wide band to collect information from anyone who’s transmitting. But when we deal with human intelligence, we’re often on a 1:1 ratio; that is, one collector speaking to one source at any given time. That’s a very slow and difficult way to do business.
So instead of 1:1, I want you to consider the scalability of that ratio. If one person is limited to gathering intelligence information from one person at at time, wouldn’t it makes sense to scale that ratio to 10:10 or 100:100? It absolutely would. Every set of eyes and ears is a sensor, so we as an intelligence element tasked with providing intelligence for community security should absolutely be interested in encouraging community members to passively collect lots of information. All that information is reported back to us, and then we’re engaged in the arduous task of compiling and evaluating that information in order to create intelligence.
Intelligence doesn’t produce itself, so it’s incumbent on us to build that capability. The more accurate information we have, the more wellinformed we can be. Without first being well-informed, making high-risk, time-sensitive decisions just got a whole lot more complicated.
About the Author: Samuel Culper is the director of Forward Observer, a threat intelligence service that focuses on domestic SHTF issues. He’s a former military and contract intelligence analyst, and author of SHTF Intelligence: An Intelligence Analyst’s Guide to Community Security. You can find out more about the SHTF Intelligence Center at his website.