january 2023
Special Report - Security Strategy
By Maggie Shein, Editor in Chief
Developing an intelligence model for your security function will drive value to the organization and aid in operational continuity.
The Case for Security Intelligence
Intelligence plays a vital role in any business or organization. For security functions, intelligence informs staffing, personnel and technology needs and investments, as well as enables decision-making in mergers & acquisitions, business expansion, travel support and executive protection. Intelligence is undoubtedly critical for business resilience and operational continuity, but it’s equally as critical to showcase some of the value that mature, informed security teams bring to the table.
“Intelligence aligns with our operating model because, as a security function, we regard ourselves as being proactive, risk-based and intelligence-led, which allows us to support our business,” says Andrew Tosh, Security Director for Enterprise Security at Baker Hughes. “Intelligence is a part of everything we do to support our business. Without intelligence, we strongly believe our business would not be able to operate in some of the more challenging environments that we do today.”
Dr. Matthew Hollandsworth, Director, Corporate Security, Facilities & Safety at AMERICAN SYSTEMS, says that intelligence empowers security to be proactive in its defenses. “Implementing intelligence programs really allows security to be seen as a better business partner rather than a stove-piped department with a reputation for saying no,” he says.
Paul Houston, Deputy Assistant Secretary and Assistant Director of the Diplomatic Security Service for Threat Investigations and Analysis for the U.S. Department of State, says that intelligence is a business and operational enabler. “For the Diplomatic Security Service, we have over 270 locations around the world, and [intelligence] helps us provide a safe platform for diplomacy and foreign affairs. We can’t just say, ‘no, we can’t go there or engage [in a particular location]’; we have to find different ways of engaging by using our model of pulling in information and helping to fill in the gaps of knowledge,” Houston shares. “[Intelligence] provides more information to base decisions on and perspective that sometimes helps answer a question.”
Some of the areas where intelligence has the most tangible, demonstrative value to an organization is for decision-making regarding operational continuity from political unrest, geopolitical issues, conflicts or pandemics, as well as business expansion and support. “In 2008, for example, having reliable and credible intelligence allowed Baker Hughes to make business decisions to start up operations in Iraq. COVID is another great example of the value of intelligence,” Tosh says. “During the peak of the pandemic, our [Global Intelligence & Travel Security Operations Center] GITSOC played a significant role — through up-to-date information on travel restrictions and country border closures — to support our employees returning back home safely and securely.”
Intelligence is an incredibly broad term here, but purposely so. In the context of security functions, intelligence comes in many forms and, ultimately, is about informing stakeholders on what is important to the specific business, agency or organization. “To say, ‘Well, this is what we understand is happening,’ is only part of it; I would argue that the value is in understanding the impact or potential impact,” Houston says.
Organizations gather intelligence from a number of sources, including on-the-ground internal and external employees and stakeholders; open-source information such as news, weather information and social media; subscription and other targeted information and analysis services; and peers and partnerships from working groups, industry associations and public/private agencies. What individual security teams and organizations collect depends on their resources, maturity and needs.
For organizations looking to increase or grow their intelligence, security leaders offer the following tips:
1. Develop a model relevant to your organization.
Houston says that organizations must develop a model or process for gathering, analyzing and disseminating intelligence with flexibilities built in. “Information can help answer a question or be a base for a decision. With that information, it’s then about identifying those risks to determine what mitigation measures we have in place to address them,” Houston says.
Gathering the information is a part of that model of intelligence, but so is the analysis of the information. “That piece of how can we interpret or assess this intelligence is much more important than getting the intelligence,” Tosh says. “Only through intelligence and proper analysis are we better informed in our posture to provide our leadership with an understanding of existing or potential risks, as well as where and how we can respond to a situation or do business in a particular area.”
In the context of security functions, intelligence comes in many forms and, ultimately, is about informing stakeholders on what is important to the specific business, agency or organization.
A vital part of this step is ensuring that the ways information is obtained, gathered and analyzed are all relevant to the organization. Without relevancy, a well-meaning intelligence program falls apart, security leaders say.
“There are certainly tools that can help you figure out how to apply X, Y or Z to your organization, but in my opinion, it’s really about understanding where your business is headed, what your organization is doing, and the goals they are trying to achieve,” Hollandsworth says. “Once you understand that, you can filter through the waves of intelligence coming in and then apply what is most important based on the business and where it wants to go; that is going to be different for every organization.”
2. Vary your intelligence.
Another component of a successful intelligence program is ensuring the variety — and credibility — of intelligence coming in. For Baker Hughes, Tosh says the company’s GITSOC and security function use a combination of on-the-ground intelligence, collaboration and information sharing with other departments and company stakeholders, open-source information, subscription services, and networking with industry groups and peers to inform the company on risks, potential threats and decision-making. “I believe it’s vital to have multiple streams of intelligence to make good decisions,” he says.
But, he adds, it’s up to the security team to determine and ensure the credibility of that intelligence. “The credibility piece plays a vital role; without that credibility, we could place employees or operations in harm’s way, and that’s not what we are here to do,” Tosh says. “In my experience, a lack of credible information can make a difference between life or death.”
In addition to software, subscription services and open-source information, Hollandsworth says that security leaders can beef up their intelligence by developing relationships inside and outside the organization, including federal and local agencies and professional networks.
Inside the organization, communication and relationships with sales, legal, marketing, operations and others can give security teams insight into current and future plans for the organization and how security functions can enable those plans.
“There is a lot of information out there that is free, including leveraging your contacts,” Hollandsworth says. “It’s certainly a good way to start if you are just beginning to enhance your intelligence, and if you are going to make a big impact within your organization, you have to develop and expand those internal and external partnerships.”
3. Be open and flexible.
Of course, expanding your sources of intelligence gathering can lead to the complexities of information overload, Houston says. “You need to look at the sources of information and where that information is coming from, even if you don’t agree with that information,” Houston says. “Eventually, that information will filter itself, and it’s surprising to see how quickly you can see information validated or not.”
Just as critical as information filtering, Houston says, is ensuring that your team looks at incoming information with an open mind and without preconceived judgment. “You have to be careful. We need to look at information as it is and not look for information that is going to answer a question in one way that we want the question answered,” he says.
Houston adds that organizations need to have an open, unbiased analysis built into their intelligence model from the start. “If the security environment you are looking at changes, you have to be willing to adjust your model and look at other sources of information; you can’t be wedded to one source [or idea] because that wouldn’t do a service to ourselves.”
After the intelligence process is assessed, one of the often-overlooked components of any intelligence program is ensuring that your team has the business acumen to translate intelligence to other stakeholders. In other words, if you can’t explain the intelligence — and its corresponding analysis, potential repercussions, and mitigation measures or investments — to the appropriate stakeholders within the organization, the value proposition may be lost.
“There’s value in the raw information, but you cannot put a price tag on the value of someone taking that information and explaining the impact,” Houston says. “It’s that perspective of being willing to develop a trend or understanding of that information that has the value.”
Video / gorodenkoff / Creatas Video+ / Getty Images Plus / via Getty Images
january 2023 / SECURITYMAGAZINE.COM