When Russia launched its latest invasion of Ukraine early in the morning of February 24, 2022, we were serving as information operations planners for the US European Command Information Operations and Special Activities Division. Army reservists, we had arrived at EUCOM in September 2021 and soon after were assigned to help develop response plans in case of a Russian invasion. When that invasion occurred, our task shifted to rapidly operationalizing those plans. These efforts included working with interagency partners both before and after the invasion to combat Russian disinformation and help inform international audiences of Russian activities, in what some considered a “ramped up” US information warfare effort.
Throughout this process we routinely faced challenges in maximizing the value of open-source information. More specifically, we encountered problems in three areas: collection, vetting and analysis, and sharing content. We attempted several methods to address these deficiencies, with varying degrees of success, but our experiences laid bare a fundamental truth: better solutions are required to ensure US and ally information warfare capabilities are prepared for future crises.
As the war began it was critical to collect, rapidly vet, and then share open-source content that would support US and partner messaging efforts. A subset of this task came through our work with members of EUCOM’s judge advocate general—collecting, vetting, and properly storing content that could serve as evidence of possible Russian war crimes. Using online content as evidence in international legal tribunals is relatively new, and collecting it quickly became an interesting, but often disgusting, part of our work. Teaming with the judge advocate general also assisted us as we navigated the Geneva Conventions’ messaging-related restrictions, which our leadership had strongly emphasized.
As we set out to collect, vet, and share information, we quickly realized the scope of the challenges we faced in each of those three areas.
Problem One, Collection
Content on Russian activities was flooding social media even before the invasion, and the rate at which it appeared exploded once the invasion occurred. Tools to collect this content are widely available and often free or very low cost. Unfortunately, as anyone who has ever used a government computer can attest, loading social media and related software on an official computer is rarely an option. Instead, we had to rely on requests for intelligence support and, despite herculean efforts by members of our intelligence team and others in the interagency, we were collecting only a fraction of what was needed. This was not a surprise—with the largest war in Europe since World War II occurring, intelligence capabilities were in high demand. This did not, however, diminish the frustration of walking out of the SCIF, turning on our phones, and gaining access to more (and more relevant) open-source content than we had at our workstations.
On our personal laptops, using systems and practices from our civilian work lives, accessing the stream of content was not difficult. At the most basic level this meant following new sources on Twitter and other social media. At a more advanced level it meant automated web scraping and text analytics. But we still encountered challenges—one a function of the sheer amount of data and another related to language. First, the amount of content was so large, and occurring across so many channels, that automated tools were required to collect and store the information—open-source collection goes far beyond simply assigning a few analysts to monitor feeds. Second, the content was rarely in English. To properly capture relevant content, the tools (and the people training the tools) need to understand the target languages—Ukrainian and Russian in this case, but conceivably Chinese, Korean, or any of a range of others in future cases.
We ultimately received content, but only a fraction of what was available. What we did receive led to the second problem—analysis and vetting.
Problem Two, Vetting
The second problem occurred upon receipt of seemingly relevant content—how to analyze it to determine authenticity? While our partners in EUCOM intel and at NGA (National Geospatial-Intelligence Agency) were able to devote some resources to this task (for which we were very grateful), it was not their primary mission. Unfortunately, despite much effort to find support, this appeared to be no organization’s primary mission. Perhaps even more frustrating than not having content was having a video or image perfectly aligned to a messaging goal but not being able to use it because we could not vet it. While part of the vetting process can be automated, this typically requires a human (or dozens of humans) in the loop, as so effectively demonstrated by Bellingcat and the Institute for the Study of War in their analysis of the war in Ukraine. Though few would suggest the EUCOM (or any other) information operations directorate should be tasked with vetting open-source content, someone needs to do it. Organizations and commands need access to an effective mechanism for analyzing a piece of content (tweet, text, video, image, etc.), including for use in messaging activities.
Problem Three, Sharing
The third problem we encountered was that once we had collected a piece of content, there was no readily available means of storing it and sharing it with DoD, interagency, and international partners. For example, when someone (or some system) surfaced a potentially useful piece of information, we needed a shared space to host it. In the shared space we could:
- catalog the material (content, languages used, date, source, location, etc.);
- indicate whether it was vetted (and who vetted it, in case of questions);
- offer checkout functionality to indicate if an organization was working to vet it and, once vetted, to indicate which organization was using it for messaging (to deconflict multiple organizations unwittingly publishing the same content); and
- provide feedback on published content (e.g., how many likes or retweets) so those who collected and vetted the content could quantify successes and refine their efforts based on these reflections.
Such a system and process would, over time, create a searchable database of cataloged content for use by public affairs personnel, psychological operations units, and other US government organizations and international partners. The database would also support legal efforts to catalog evidence of possible war crimes.
Initially, we had no system capable of this functionality, while civilian organizations with nowhere near DoD’s funding were able to rapidly crowdsource, iterate, and verify the (in)authenticity of content to create useful, interactive reporting systems and maps.
The Search for Solutions
As the war started, we worked with our partners to establish a method for sharing unvetted, possibly relevant content by email. Partners on the collection side (primarily intelligence organizations) would attach open-source content, tweets, images, or videos to emails; we would forward this content to partners on the messaging side. Then we removed ourselves as intermediaries and created an email distribution list that allowed both sides to directly interact.
The outbreak of the war also brought additional attention and offers of support from other US government and international partners. For this we were grateful, but it highlighted two key points: (1) there was a need for an easy-to-use, shareable content repository and (2) some organizations are unfortunately out of touch or uncomfortable when it comes to open-source content.
A particularly salient example of the latter was one US intelligence organization that regularly emailed useful, relevant content—but only on JWICS, the top-secret system. Even when content is unclassified, getting it from JWICS to an unclassified network requires a written request, making the process time-consuming and administratively demanding, especially at scale. Given that the content was originally open-source and that we needed it for public messaging, delivery would have been much more efficient on NIPRNet, the unclassified system. But when we asked for that, the organization refused. It is hard to imagine a less useful distribution method than social media content provided solely on a classified system, without any added analysis or intelligence that would make it classified.
Overall, at this early stage, our main finding was the prescience of DoD’s 2018 Joint Concept for Operating in the Information Environment. It described the US military as a force “hampered by its policies, conventions, cultural mindsets, and approaches to information,” one that had built barriers that inhibit adaptation and synchronized approaches to information warfare. These were precisely the barriers we were running up against.
After meetings and requests for a better solution, we attempted to create one. In our civilian careers we conduct marketing campaigns, teach data analysis in public policy, and are comfortable with cloud-based software tools and crowdsourced project iterations. Searching for related options available through Army and government systems led us to create a SharePoint site on the unclassified version of Intelink. Though hindered by Intelink’s antiquated version of SharePoint, this existing, no-cost solution allowed us to quickly create a system for cataloging, storing, and sharing content, specifically including large video files. The system was immediately accessible to our US government partners.
This effort was entirely crowdsourced—no individual or organization was tasked with creating or managing the SharePoint site (members of the EUCOM Information Operations and Special Activities Division served this function as an additional duty), nor were any organizations tasked to collect, analyze, or use the content. We saw a need, leveraged an existing resource in conjunction with our partners, then advocated for its use. We achieved buy-in and the site’s capabilities were quickly operationalized.
Unfortunately, the system’s ad hoc nature—with no one tasked to collect, analyze, or provide feedback—was a key weakness. Those that collected and cataloged content could do so only when available. Those able to conduct analysis did so not as part of a requirement or a tasking, but as other taskings permitted. The consistent signal we received from those using the content for messaging was that it was valuable, but without formal support mechanisms we could not compel collection or analysis. All we could do was beg and proselytize.
The Way Forward
We see two broad options ahead—aside from stasis, which would effectively guarantee others will continue to encounter the same challenges and limitations that we did and, from our vantage point, is a nonstarter. The first option is simply to let the private sector handle open-source material. To date, the private sector has proven itself more dynamic, flexible, and capable of harnessing open-source content than government organizations. In our own office, for example, our contracted assessments team offered excellent analysis of sentiment and trending topics from traditional and social media. With some changes to funding and contract requirements, this could have addressed at least part of our collection problem (vetting would likely have required greater contract changes). With this option, government organizations would primarily rely on private entities for open-source collection, vetting, and sharing. While this solution would be quick to implement, and possibly efficient, there are issues with it—not least of which is that many of the leading open-source practitioners are civil society organizations that actively seek to distance themselves from governments. In addition, relying primarily on an outside resource, rather than developing the capability in-house, means the knowledge gap between the public and private sectors will only grow, leading to follow-on problems with program oversight, management, and needs assessments.
The second option is to adapt, for the federal government to clearly designate an organization to take on the role, funding, and responsibilities of open-source lead. In academic, organizational theory terms, open-source collection, analysis, and sharing needs to become the “organizational essence” of an agency. This organization would require personnel with strong foreign language and data analysis skills, but in a post-Covid world of work-from-home preferences, it may have recruiting advantages compared to organizations working principally with classified material. The idea of creating a new intelligence agency, on top of the dozen and a half that already exist, might seem ridiculous—perhaps the very last thing the US military or government needs is to create more bureaucracy. And yet there is a reasonable argument for doing just that: establishing a new open-source intelligence agency. Someone, somewhere needs to take the lead on open-source intelligence, and if not an entirely new agency perhaps it could be along the lines of the CIA’s former Foreign Broadcast Information Service or a better-resourced Open Source Center/Enterprise. Another possible model would be cross-organizational, something similar to the National Counterterrorism Center, established after the 9/11 Commission recommended it as a means to ensure unity of counterterrorism effort across the federal government.
The question of how to adapt aside, there is wide agreement, from RAND to the Center for Strategic and International Studies to others who have studied the problem, that improvements need to be made in open-source intelligence. The challenges we outlined above are neither new nor unique to Russia’s invasion of Ukraine and the ongoing war.
We advocate the adaptation option and make the following recommendations, which come from our experiences at EUCOM but mirror those made by experts at organizations and in outlets cited previously:
- To avoid the problems outlined here and elsewhere, an organization needs to be tasked to collect, analyze, and share open-source content as a primary function. US government elements capable of these activities exist, but too often they remain siloed or lack open-source intelligence as their primary mission. This new organization would manage the shared database(s) described above, vet relevant content in coordination with other agencies, and provide a surge capability for users to rapidly create requirements during crises. Reserve component organizations can and should assist with this surge capacity.
- Crowdsourcing the SharePoint site through Intelink was well received and a similar functionality should continue, though with a system that allows access for international partners (Intelink is typically reserved for US entities).
- Messaging organizations, whether interagency partners, public affairs offices, psychological operations units, or others, need to provide feedback when they use a piece of content, including popularity (likes, shares, etc.) and other reflections. This is vital for two reasons: to assess the content most engaging to various audiences, and to signal refinement requirements to collection entities. Properly operationalized, this creates the fast, powerful, data-driven engagement loop required for modern information warfare.
In response to the latest Russian invasion of Ukraine, the EUCOM Information Operations and Special Activities Division and partners quickly created a system for collecting, vetting, and sharing publicly available content that supported goals outlined in preinvasion planning. The system was created with what was on hand, using existing personnel and technical capabilities. Unfortunately, a lack of dedicated resources for collection and analysis, dated technical tools, lack of a feedback mechanism for gauging success and refining requirements, and an inability to integrate international partners limited the system’s effectiveness.
In terms of open-source intelligence, many small, private organizations outperform US government entities with only a fraction of the funding available to DoD and the intelligence community. Traditional media organizations, often under the rubric of data journalism, also demonstrate capabilities that exceed those of the government, again with a fraction of the funding of government organizations.
Improvising tools and capabilities in response to an attack is part of the military profession and a challenge we readily accepted. This is why an information operations office built and managed a SharePoint site focused on open-source intelligence collection and analysis. We do not begrudge the work; our frustrations came from trying to solve problems that have been known for years and highlighted in multiple studies. Adapting how we approach open-source intelligence in the way outlined above is neither difficult nor expensive—private organizations conduct these activities cheaply and effectively every day. The signals are clear that changes are necessary. It’s time to respond to them.
Major Brian Cheng, US Army Reserve, is the 301st Information Operations Battalion operations officer. He holds a BS from Saint John’s University. During his career, he served as an information operations planner with Special Operations Command Forward – North and West Africa (SOCFWD-NWA) and with SOCFWD – East Africa. He recently served as the current operations officer for US European Command’s Information Operations and Special Activities Division. As a civilian, he works for the New York City Police Department.
Major Scott Fisher, US Army Reserve, is special projects officer for the 151st Theater Information Operations Group. He holds a BA from the University of Michigan, MA degrees from Seoul National University (South Korea) and Georgetown University, and a PhD from Rutgers University. During his military career he has supported US Special Operations Command as an information operations planner in Afghanistan and East Africa and worked for the 301st Information Operations Battalion. He recently returned from serving as an information operations planner for US European Command. As a civilian, he is a professor of security studies at New Jersey City University.
Major Jason C. Morgan, US Army Reserve, is currently the military deception and OPSEC planner for the 151st Theater Information Operations Group. He holds a BS from Northeastern University and a JD from Benjamin Cardozo Law School. During his eighteen-year career, he served with the 10th Mountain Division in Afghanistan (twice), the 8th Theater Sustainment Command, the 77th Sustainment Brigade, the 99th Readiness Division, the 301st Information Operations Battalion, Special Operations Task Force – East Africa FWD, and US European Command. He also owns a Coffee House (Breukelen Coffee House) in Brooklyn, New York, a restaurant (Suya Guys) in Brooklyn, New York, and a watch company (TRU-TIME) in Astoria, New York.
The views expressed are those of the authors and do not reflect the official position of the United States Military Academy, Department of the Army, or Department of Defense.
Image credit: Staff Sgt. Chad Menegay, US Army