Intelligence Glossary

Points to Note

Many terms used in the context of intelligence are either exclusive to the intelligence industry or have a different meaning in this context compared to their regular meetings.

Becoming familiar with the intelligence vernacular will help you get the most out of this course and go on to become a capable intelligence practitioner.

Definitions

Actor

Someone or something is conducting, has conducted, or is going to conduct an activity.

For example, somebody purposely carrying out an activity detrimental to you or your customer could be described as a hostile actor.

Agency

A source with the ability to produce its own intelligence.

For example, MI5, the Met Office and Google Maps are all agencies as they all have the ability to produce intelligence.

Agent

An individual that conducts intelligence activity for an intelligence agency.

For example, a collections agent, an intelligence analyst, and a source handler are all agents as they all conduct some kind of intelligence activity for an intelligence agency.

Area of Intelligence Responsibility (AoIR)

The subject matter or geographic area an intelligence agent or agency is responsible for producing intelligence on.

For instance, MI5 is responsible for producing intelligence on matters related to UK national security. Therefore, their AoIR is UK national security.

The Met Office is responsible for producing intelligence in relation to the weather and therefore its AoIR is the weather.

Area of Interest (AoI)

The subject matter or geographic area customer is interested in.

For example, an AoI for an information security officer would be cyberthreat intelligence (CTI).

An AoI of a diplomat stationed in Iraq would be Iraq and the Middle East.

Area of Operations (AO)

The space a customer or intelligence capability is operating in.

For example, an AO of a cyber threat actor would be the internet.

The AO of a maritime security company would be the shipping routes taken by its clients.

N.B. I have no idea why there is no “o” for “of” in this abbreviation when there is one in AoI and AoIR – please let me know if you do and you will win yesterday off.

Bottom Line Up Front (BLUF)

A summary at the beginning of a document or brief which informs the reader or audience of the main points or requirements it is making

For example, a Pen Test report detailing a successful red team attack on a customer's network may begin with the BLUF:

“Due to the advancements in brute-force hacking capabilities, passwords are no longer adequate on their own. Therefore, all employees must enable multi-factor authorisation on their accounts.”

Capability

Something possessed by an actor that gives them the ability to do something

For example, surface to air missiles (SAMs) are an anti-aircraft capability as they allow an actor to shoot down hostile air assets.

MI5 is an intelligence capability as it gives the UK the ability to produce intelligence.

Cell

A small group of individuals working together towards a common goal.

Most commonly, this is used in relation to intelligence analysts (an “Intelligence Cell”), and terrorists (a “Terror Cell”).

Classification

The assessed level of sensitivity of a piece of information or intelligence.

For instance, highly sensitive piece of information may be classified as “Top Secret”.

A document with a low level of sensitivity may be classified as “Official”.

Consumer

A consumer is an individual or organisation that reads, listens to, views, or otherwise, digests a piece of information or intelligence.

Customer

The intended consumer of a piece of intelligence.

Note the difference between a consumer and a customer:

A customer is the intended consumer of a piece of intelligence, whereas a consumer is anyone who consumes it.

For example, if a business intelligence agency produces a report for the CEO of a supermarket chain, the CEO is the customer.

If the CEO is careless in disposing of that report, and it ends up in the hands of a rival supermarket chain’s business intelligence department, anyone in that department reading the report would only be a consumer rather than a customer. This is because they are consuming the intelligence, but they were not the intended audience.

Information Cut-Off Date (ICOD)

The time that an analyst stopped collecting information for use in the production of the intelligence product the ICOD applies to.

For instance, if the ICOD of an intelligence summary is 0800hrs, it will not contain any information about events that took place after that time.

Exploit

To produce intelligence from something which belongs to another actor or entity.

For instance, a law enforcement agency studying a suspect's financial records to understand where they're likely to be hiding could be said to be exploiting that suspect's financial records.

Fusion

The processing of information and intelligence from all available sources and intelligence disciplines in order to create a new, more comprehensive product.

For instance, an all source analyst processing images of a village that has been devastated by a hurricane (IMINT) in addition to interviews with inhabitants of that village (HUMINT) produce a damage assessment, would be conducting intelligence fusion.

GSOC (Global Security Operations Centre)

An all-source intelligence cell which centralises information from a variety of sources and provides a holistic view of unfolding events and potential threats for the organisation it is a part of. Usually manned 24/7 to provide constant coverage.

Indicator

A piece of information which suggests that a certain event or activity is likely or about to take place.

Note that it is often used in the context of an actor, in which case it is a piece of information that reflects the ability or intent of an actor to conduct a certain activity.

For example, the presence of bridging capabilities in the vicinity of a river would be an indication that the force is likely to attempt to cross it.

Materiel

The materials, equipment and supplies of an organisation.

The term is most frequently used in the context of a military.

Note that materiel is spelt with an E before the final L, not an A.

For example, rations, ammunition, and medical kit can all be described as materiel.

MDCOA/MLCOA

The assessed most dangerous course of action/most likely course of action that an adversary or competitor will conduct.

A football coach for a lower league team preparing to play a Premier League team in the cup may assess the most likely course of action by the opposing coach is that he will put out his fringe players to give them a run out.

The most dangerous course of action the opposition coach could take would be to decide he has to win this match at all cost, and there for puts out his best starting line-up.

Metadata

Information contained within a document that refers to the document itself.

For instance, the title, the date of publication, the author, the subject matter, the contact details etc.

The Probability Yardstick

An arbitrary scale used to apply quantitive value to words of estimative probability (WEPs). For more information on The Probability Yardstick, read our article on conveying probability.

Product

A vector through which intelligence is conveyed

This includes intelligence reports, briefings, models or any other type of media which contains intelligence in a format designed to be consumed by a customer.

Request for Information (RFI)

A time-sensitive ad-hoc requirement for intelligence information or products necessary for the production of further intelligence or to inform a decision.

Situational awareness (SA)

An understanding of what is going on and the reasons why.

An individual with good SA of the Middle East would know who the main actors in the area were, the historic events that shaped the situation in the region today and the events currently taking place in the region.

Source

A person, organisation, object, process or system from which information can be obtained.

For example, an eyewitness to a crime would be considered a source to investigating authorities.

Note that source and agency are often incorrectly used interchangeably.

An agency is a source that has the ability to process information into intelligence, whereas a source only provides raw information.

Target

The person or thing about which information is being collected or intelligence is being produced.

For example, if a police officer is tasked with tailing a suspect in order to discover where they lived, the suspect would be considered the target.

Threshold

A set of rules which determine whether an event is considered worth reporting on.

For instance, if a customer says they only want to be informed on cyber attacks that threaten critical national infrastructure, the breach of a local charity shop’s website would not meet their threshold. However, a cyber attack on the national grid would meet their threshold.

Understanding

The perception and interpretation of a particular subject or situation which provides the context, insight and foresight required for informed decision making.

For example, a military commander with a good understanding of their adversary would be well informed about their intent and capabilities, and can therefore make informed decisions about how to counter them.

Words of Estimative Probability

Words used in assessments to indicate the likelihood something is true or may occur. Examples include Likely, Realistic Possibility, Almost Certain, and Unlikely. For more information on Words of Estimative Probability, read our article on conveying probability.

Found this interesting? Feel free to follow me on LinkedIn for more intelligence content