A similar version of this article appeared on AMU’s sister blog, In Homeland Security.
By Erik Kleinsmith, Staff, Intelligence Studies, American Military University
The aftermath of almost any spectacular terrorist attack follows a predictable pattern. Once the immediate shock of the barbarity wears off, there is the inevitable media scramble for information about the perpetrators. During this time, a parallel search for information is happening within the U.S. intelligence community (IC).
Unfortunately, it is often true that the intelligence community had some pieces of information about the attackers readily available. This is true for every recent attack including San Bernardino, Paris, Fort Hood, London, Madrid, and Mumbai. As I have testified, some of us had warnings before the attacks of September 11, 2001, as well.
Information about the perpetrators and their insidious plans are often hidden among varying reports, databases, and even open-source outlets, whether it’s news media reports or information on social media. If put together correctly, these bits and pieces of information together can tell intelligence analysts much about the attackers, including who they are, how they chose their targets, and, in some cases, their motivations.
It is the enduring challenge of intelligence analysts to discover and analyze such information ahead of time, to predict and preempt such an attack. It is always easier to find this information afterward. But there are some ways to try to get a step ahead of those who would attack.
The Benefits of Threat Profiling
One of the predictive analysis tools that intelligence analysts have available is threat profiling, which can help organize intelligence information related to different threat groups. This technique is simply a way to help collect relevant information about a group, prioritize analysis, and present the analysis within a common framework so the information can be widely shared and understood.
In 1999, I began building threat profiles when I was the Chief of Intelligence of a U.S. Army unit known as the Land Information Warfare Activity (LIWA). Working with some of the brightest analysts I’ve known, we started building profiles of cyber-threat groups in order to better identify the people behind the 1s and 0s who were attempting to hack Army networks.
This nascent methodology was later used during our support of the now well-known Able Danger program, attempting to map and profile Al Qaeda prior to the September 11 attacks. It has since been incorporated into several different Army Joint Intelligence training courses and taught to many thousands of analysts in both the government and commercial sectors.
On February 4, I will be presenting on the benefits of using threat profiling and mapping during a presentation at the U.K. Defence Academy’s Countering Extremism Symposium.
What Threat Profiling Is Not
Threat profiling can often be confused with other forms of analysis. When discussing threat profiling, it is important to acknowledge that the word “profiling” often triggers concern about legality or political correctness. It can sometimes be inaccurately associated with the biased and bigoted thought process known as racial profiling. Threat profiling is not racial profiling – in fact its intent is to combat it.
Rather than making assumptions about a single person or group solely based on race, ethnicity, religion, or skin color, threat profiling looks at an entire set of social demographics and psychographics of a group. It also analyzes this in the context of other factors like motivations, leadership, targets, etc. Instead of making generalizations, threat profiling is designed to help identify trends and exceptions equally.
Threat profiling can also be confused with behavioral profiling, a type of psychographic analysis of a single perpetrator used by law enforcement and made popular by movies like Silence of the Lambs and just about every current crime drama on television now. Where behavioral profiling is conducted on a single individual, threat profiling is designed to help analysts understand entire threat groups whether they are terror cells, gangs, organized crime syndicates, militias, or cyber organizations.
Steps to Building a Threat Profile
Organize into components
Virtually every piece of information about a group can be organized into a category or component. To create a threat profile, an analyst collects and organizes all information related to a particular group into a defined set of components that can be more easily analyzed. There are normally between six and eight components. The threat profile components I’ve used and taught over the years have evolved slightly to the current set of eight components:
- Motivations, Goals, Objectives
- Demographics and Psychographics
- Organization and Leadership
- Methods of Operation
- Strengths and Capabilities
- Weaknesses and Vulnerabilities
The beauty of using this technique is in its simplicity. Each component can be further sub-categorized and tailored to a specific group, while still keeping to a small set of main components that aids memorization and recall of the information. It’s also a fairly universal way to analyze different types of extremist groups along a common baseline. So whether an analyst is researching a terror group, organized crime syndicate, gang, insurgents, hacker group, or even spy network, they can always profile the group using these components and techniques.
[Related Article: When Intelligence Assessments Conflict]
Using threat profiling to analyze an extremist group is beneficial for a number of reasons. For starters, it helps to organize collection efforts on a particular group. Analysts can take all the information they have on that group, which may seem like disparate pieces of information, and categorize it into one or more of the eight components. Organizing this information can help analysts prioritize where to start their analytical process.
[Related Article: Terrorist Brothers: A Common Bond in Extremist Circles]
Such a strategy is particularly beneficial when analysts only want to look at a particular aspect of the group. For example, analysts can get a better understanding of which websites a hacker group may be targeting by understanding the demographics of the group or the hacking capabilities they’ve already demonstrated.
Building a Common Framework
Perhaps most importantly, threat profiling will help establish a common framework of understanding about a group within an intelligence organization. Often, conducting analysis about a particular threat group is a large-scale effort involving many analysts. Using a common framework as an accepted standard combats duplication of effort. It also helps to identify gaps in analysis among different people working on the effort.
Finally, using a standard threat profile framework will help in the presentation of analysis – whether it is through a briefing, discussion, presentation, or in a published product. This framework can be especially useful when communicating an assessment to those outside of the world of intelligence.
Intelligence analysis can be an extremely complex undertaking. It can be a daunting task to use the scant bits and pieces of information available to understand a threat group and then predict their future actions. Such efforts can lead to broad estimations, misconceptions, false positives, leaps of logic, and flat-out errors in analysis. However, threat profiling is designed to help make the analytical process more manageable. While it’s not an analytical process in itself, it does help analysts organize and conduct their analytical processes, as well as present their findings, more effectively.
About the Author: Erik Kleinsmith is the Associate Vice President for Strategic Relationships in Intelligence, National & Homeland Security, and Cyber for American Military University. He is a former Army Intelligence Officer and the former portfolio manager for Intelligence & Security Training at Lockheed Martin. Erik is one of the subjects of a book entitled The Watchers by Shane Harris, which covered his work on a program called Able Danger tracking Al Qaeda prior to 9/11. He currently resides in Virginia with his wife and two children.