In Feb. 2025, the House Permanent Select Committee of Intelligence (HPSCI) officially formed an OSINT subcommittee headed by Representative Ann Wagner (R-MO). The development of the HPSCI OSINT subcommittee is an additional marker highlighting the importance of OSINT in the modern intelligence domain. In Dec. 2024 the Director of National Intelligence (DNI) presented a new Intelligence Community Standard (ICS) covering how to cite and reference publicly available information (PAI). ICS 206-01 is intended as a supplement for the long-standing Intelligence Community Directive (ICD) 206, which discussed how to appropriately source and qualify analytic products. Since May 2024, the US State Department, along with nearly every intelligence agency has released or adopted an updated OSINT strategy. In the DNI’s 2024 OSINT strategy, released and promoted with the CIA director, identified that OSINT is the priority as the “INT of first resort”. Relying on various intelligence agencies, the House and Senate Armed Services Committees presented the 2025 National Defense Authorization Act which included a section that authorizes the US Army to establish a Program Executive Office for managing OSINT and the associated tools.
Today, there is a real push from the highest levels of the US Government, the Intelligence Community, and the Department of Defense to emphasize the importance, value, and cost effectiveness of relying on PAI and OSINT practitioners. I am going to let you in on a secret, OSINT has existed for a lot longer than the word for it has. So, what makes today’s OSINT different from the small PAI department first established within the Office of Strategic Services in 1947? The answer to that is discipline and tradecraft. Finding information is easy, anyone can use google, bing, yandex, startpages, or Baidu, but not everyone can find the information that meets customer requirements while protecting the question, the questioner, the answer seeker, and the system.
Artificial Intelligence is subject to being biased if the right propagandist puts the wrong information in the right places. Botnets are capable of rapidly spreading dis-information and mal-information (don’t worry humans, we spread our own fair share of mis-information) which generate actual in-real-world action. Advanced Persistent Threat Groups (APTs) are well versed in “barraging” the information sphere, “trend hijacking”, and traditional hacking to disrupt, control, and overwhelm the digital environment. The digital environment is dangerous; these threats don’t include the USG “whole-of-government” approach issues. In the USG, there are currently too many information silos which create redundancies in work and in some agencies paying various or the same vendors for the same information.
Modern OSINT work requires specialized practitioners that first and foremost are curious individuals and secondly expert source evaluators. Next, these practitioners get to gain working knowledge of imagery intelligence, netflows, breach data, darkweb forums, mobile advertising, cyber threats, cultures, languages, and a cornucopia of other fields. Simply put, all of this requires training and forward thinking. The USG and the IC are just now starting to put out policies, strategies, and develop appropriate committees for OSINT. Unfortunately, nearly every domain policy and strategy has lagged behind the ground truth, in the information age where new is now and old is five seconds ago, the policy will likely never catch-up. However, policies and strategies suggest an emphasis of time, man-power, and dollars which means the OSINT future is probably bright, if we can learn to navigate. Oh, and just for fun here’s an OSINT tip that almost all practitioners use in some form or another. CRAAP and BS, which is aptly source validation and information verification Mnemonic.
| C – Currency R – Relevancy A – Authority A – Accuracy P – Purpose |
| B – Bias S – Source |