Open-source Intelligence and North Korea: An Interview With UK Air-Vice Marshal (Ret.) Sean Corbett
Open-source intelligence (OSINT) for some time has been a widely used term among North Korea watchers, not just in governments, but also academia and think tanks. There seem to be multiple definitions of the term OSINT, however, with some challenging its raison d’être. What is OSINT exactly, and what are its uses and limitations for “hard targets” like North Korea? 38 North met with Sean Corbett for a discussion on these issues, with a focus on the use of satellite imagery to enhance our understanding of North Korea.
Sean retired from the Royal Air Force in September 2018 as a two-star general after a 30-year career as a professional intelligence officer. His last appointment in the military was in Washington, DC, as the first non-US deputy director of a major US intelligence agency. He is currently the chairman of the Janes National Security Advisory Board and is a senior associate fellow of the Royal United Services Institute (RUSI).
38 North: OSINT has a long history, but it seems to have become a more prevalent theme in recent years. What is your definition of OSINT?
Sean Corbett: Without making this an essay on definitions, to an extent, the answer depends on how you define the broader term of “intelligence” within a national security context.
For me, intelligence comprises the ethical and legal collection and analysis of often incomplete, “actionable” information that needs to be validated. It also informs decision-making that benefits the organization conducting it, giving insight into issues that the subject does not want to reveal. An analogy I like to use is trying to complete a jigsaw with several pieces missing, pieces of a different puzzle mixed in, and several pieces where the image on the front has been peeled off.
It is important to distinguish between information and intelligence. Information collected must be applied to a specified and specific problem set or requirement, which cannot be fully addressed or answered without research, analysis and assessment. Intelligence must provide added value to what would be provided by the raw information: the “so what?” For example, a commercial satellite image of a military cantonment area may reveal numbers and even types of military vehicles present. To be characterized as true intelligence, however, it requires an assessment, for example, of the overall capability of those vehicles, the readiness state, and even the intent of the deployment.
OSINT, simply put, is derived from information that is publicly or commercially available to all. It may need to be paid for or require specialist tactics, techniques, and procedures to collect and analyze it, but any member of the public must be able to access the source information. Responsible OSINT must also be obtained from legal and ethical means and applied in legal and ethical ways. Within those definitions, there is an implied imperative that OSINT must be subject to rigorous tradecraft and analytical standards.
38 North: The definition of “open-source intelligence” seems somewhat challenged these days, with some even asserting there is no such thing as OSINT. What is your view on this?
Sean Corbett: It is a great question, and as you indicate, not as simple to answer as it may first appear. There is no universally established definition of OSINT as an intelligence discipline, although the Intelligence Community has now updated and published its definition, which is helpful. This may be in part because, unlike the other single source disciplines—for example, signals intelligence (SIGINT), geospatial intelligence (GEOINT), and human intelligence (HUMINT)—it encompasses elements of each, the difference being it is derived from publicly or commercially available information. That is one reason why some still do not recognize OSINT as a separate category; instead, they link the respective specializations with their classified counterparts, for example, commercial imagery analysis coming under GEOINT. There are even those who consider that, for a dataset to be defined as intelligence at all, it needs to be from classified sources and under direct governmental control.
In my view, however, OSINT is not only a legitimate intelligence specialization but is also an increasingly important one. The sheer amount of information now available at the unclassified level is simply too great to be ignored and can provide a broader perspective than that provided by classified intelligence and to a wider audience. At some stage in the future, the use of open-source material may be normalized and fully integrated into government organizations. We are starting to see signs of that, such as the new guidance just released by the US Office of the Director of National Intelligence.
It should be noted that comparing OSINT with the other types of intelligence is a false comparison. OSINT comprises each of the disciplines listed above but at the publicly or commercially available level. The specific advantages of OSINT, though, are clear: It encompasses a much broader spectrum of data points than are available within the classified domain, and being unclassified (which does not necessarily mean not sensitive) can be disseminated and shared far more easily. This includes dissemination by governmental organizations that may wish to share assessments with “non-traditional” partners without revealing highly classified sources or techniques. It is worth reinforcing the fact that OSINT is not a substitute for classified intelligence, derived from exquisite and highly classified collection capabilities, but complementary.
38 North: What does the OSINT process or cycle look like? For example, by what process would you produce an intelligence report on a North Korean weapons production facility?
Sean Corbett: Another insightful question, as the traditional model of the intelligence cycle is now being challenged by the sheer volume of data available and the way we access it.
Traditionally, the intelligence cycle is how intelligence has been managed. It is a pretty much universally agreed model that, to this day, provides a useful, standardized framework through which the function of conducting intelligence is described. Doctrinally, it has been adopted by intelligence organizations internationally, as well as by many law enforcement and other security-related organizations. As the name suggests, it comprises a cyclical, repeatable process with four basic steps: direction, collection, processing, and dissemination. Although there are nuances with the way these are articulated, they can be applied to any form of intelligence and are as applicable to OSINT as other disciplines.[1]
Turning to your specific example of a North Korean weapons production facility, the question implies that the facility is already known, although there is often new construction at existing facilities, and the building of new facilities is not uncommon.
If I were addressing it as a new intelligence target, I would first review all available existing source data and reporting to determine what is already known and assess the function and output of a particular site. Once you have a good understanding of what data already exists and, more importantly, the knowledge gaps, source validation and content are absolutely essential. Regardless of the provenance of existing analyses, it is not good enough to take reporting at face value. Every report needs to be critically evaluated.
You will have heard me say many times that North Korea is arguably the hardest intelligence target due to the closed and controlled nature of the regime and North Korean society.[2] That puts a premium on reliable, assured source data, and the analyst needs to be very aware of circular reporting (i.e., the same few reports being referenced and considered as new material). Specifically, from a satellite imagery point of view, the North Koreans are extremely adept at counter-surveillance and masking what they are doing, to the extent that many of their more sensitive facilities are hidden underground. The scale of underground and buried facilities throughout North Korea is quite extraordinary. However, for something like a weapons production facility, even if built underground, there will be telltale signs such as access points, ventilation points and roads, and probably associated air defense sites, all of which may be identifiable on commercial satellite imagery. For uncovered facilities, of course, the challenge is more straightforward, although it still takes a high degree of specialist imagery analytical techniques, an understanding of the processes involved in weapons manufacture, and a familiarity with the layout of the respective functional areas and component buildings.
Moreover, analyzing a single facility in isolation will only get you so far in characterizing a particular capability. An end-to-end systems approach, from raw material and component importation to production, testing and fielding, and an analysis of other associated facilities, will give you a much better idea of the overall capability.
38 North: Let us pull on the thread of satellite imagery in the context of North Korea. What are the applications of satellite imagery to North Korea research, and how does satellite imagery complement other types of intelligence on North Korea?
Sean Corbett: As I alluded to above, North Korea is an extremely difficult intelligence challenge that offers two primary sources of publicly available information: a) what the regime allows to be carried via its propaganda outlets; and b) intelligence collected through commercial earth observation capabilities, predominantly space-based. A sizeable amount of foundational intelligence available at the unclassified level also comes from historical defector reporting, much of which is now very dated or, as is common with most HUMINT, is not always reliable and, therefore, can no longer be relied upon.
The acceleration in commercial satellite remote sensing capabilities has been of great benefit for the OSINT practitioner over recent years. Image resolution, frequency of cover (revisit rates), and the increase in sensor types have all been pivotal. Advances in synthetic aperture radar (SAR), for example, have been particularly useful in notoriously cloudy regions, such as North Korea. Future developments in hyperspectral and infrared sensors will also provide new perspectives. Despite the unfavorable atmospheric conditions in North Korea, there is still a lot that can be determined from satellite imagery and the country is extensively covered on a regular basis. This has helped us to create a comprehensive imagery baseline. Having that allows us to focus on what is new or what has changed.
The principles of imagery analysis are the same regardless of the area or point of interest, and the tried and tested approach is to use the Hamshaw-Thomas technique that focuses on eight factors: location, size, shape, shadow, color and tone, texture, patterns, and associated objects. A particular challenge with analysis of North Korea is their often dated and non-standard equipment and the unique nature of the defense industrial base. This can make positive identification difficult. An excellent case in point is in trying to identify processes and outputs from their heavy industrial sites. These are hard subjects anyway due to the multi-role utility of materials and equipment, made even harder by the bespoke nature of much of their construction because of international sanctions and other import constraints. However, at the strategic level, characterizing the national infrastructure provides invaluable insight into defense capabilities. By taking a systemic approach and focusing on likely processes, e.g., identifying raw materials and connectivity with processes (heating, fractional distillation, drying, packaging), it is possible to build up a picture of likely production capabilities.
Earth observation capabilities, however, can only reveal so much, and as previously stated, the North Koreans are very surveillance-aware. As an overall rule, it is dangerous to rely on a single data source when making an assessment of any capability, and every piece of information needs to be considered and weighted for accuracy and relevance.
38 North: What types of training are needed for up-and-coming OSINT analysts?
Sean Corbett: The pursuance of rigorous and auditable tradecraft and analytical standards should be common to all analysts, and a coherence of techniques and procedures between the intelligence community (IC) and industry will go a long way to integrating “trusted” commercial OSINT into the mainstream.
There is a debate within the IC that is starting to be reflected in industry with respect to the skills and training required. Is it now better, for example, to have a “subject matter expert” with a deep understanding of the geopolitical, economic, military, and cultural situation of the region or country under consideration, or is it better to have someone who understands analytical techniques, data analytics, and how to best use large language models to make the best of the huge amounts of data available? The answer in a perfect world, of course, would be both, but individuals with that range of skillsets or who can learn them are few and far between.
In terms of specific training, responsible OSINT is very much more than learning how to effectively search the Internet; it involves a plethora of different activities. Internet searching is obviously one element, but analysts need to be trained in doing so effectively (an ability to data mine the full spectrum of online data sources), safely and legally, and without being compromised by potential hostile intelligence services or bad actors.
Once the data has been collected, often in an automated manner, it needs to be assured, and misinformation, disinformation, and bad data must be filtered out. It needs to be wrangled and triaged to facilitate analysis of the most applicable data. To be done effectively, all of this requires specialist training and the use of ever-expanding tools and applications.
Further specialist training is required, for example, in the analysis and interpretations of earth observation. This is, again, not a simple case of “looking at an image.” Basic imagery analyst courses for the IC typically involve monthslong intensive training, and additional specialist training on topics such as SAR and infrared imagery (IR) analysis is added on. Only when all of this has been conducted can the analytical “so what” be applied. This requires the application of structured analytical techniques such as reframing, forecasting, and backcasting, although there are many others. Finally, education in legal and ethical constraints in the conduct of responsible OSINT is essential. The bottom line is that being an effective and credible OSINT analyst requires significant specialist training.
- [1]
While the intelligence cycle describes the steps involved in the production of intelligence in an easily understood way, it has received its fair share of criticism as a model for being overly simplistic and assuming intelligence challenges exist in a closed loop environment. The cycle starts with a deliberate, conscious, and proactive demand signal from the consumer. This is relevant for routine and deliberate intelligence problem sets over a protracted period, in which the demander is proactive and focused on the requirement and elements of the process can be reviewed, adjusted, and repeated. However, it is less relevant when more urgent security challenges may require a prompt response. And even where the process is deliberate, the intelligence cycle can rapidly get overtaken by events in an age in which politicians, policymakers and planning staff have a relentless appetite for instant information. Requests for information (RFIs) can be submitted at any time, and subjects of intelligence interest can quickly divert. To an extent, this has always been the case as the process, particularly during the collections stage, can lag the consumer’s delivery requirement, which may also change part way through the process. That could be seen simply as a limitation of the speed of the process, but in this respect, it may be more relevant to think of the process as an intelligence spiral rather than a cycle.
- [2]
For more on deciphering North Korea’s public messaging, see Rachel Minyoung Lee, “Understanding North Korea’s Public Messaging: An Introduction,” in Understanding North Korea (paper series, National Committee on North Korea and the Wilson Center’s Hyundai Motor-Korea Foundation Center for Korean History and Public Policy, 2022), 9-10, https://www.wilsoncenter.org/sites/default/files/media/uploads/documents/FINAL-NCNK-WWC-RMLee-UnderstandingNorthKoreasMessaging.pdf.