Cybersecurity practitioners have long exploited open-source intelligence, or OSINT, to safeguard data. But increasingly, businesses have started to recognize the benefits of OSINT for physical security, too.
And for good reason.
The best OSINT programs help leaders understand what is happening and see around corners to predict what will likely happen next.
And thanks to the explosion of data you can find publicly online, more organizations have adopted OSINT as a part of their risk management programs.
So how can corporate security leaders get started?
Here is what you need to know about open-source intelligence and how to apply OSINT for physical security.
1. What is OSINT?
Simply put, OSINT is the collection, analysis, and dissemination of intelligence gathered from public sources.
Technically, you could call any intelligence gathered from open sources – books, newspapers, television, magazine articles, or radio broadcasts – OSINT.
In practice, however, OSINT is primarily gathered online. Analysts increasingly rely on digital sources of information, such as blogs, forums, message boards, and social media.
Savvy OSINT analysts are also experts at extracting intelligence from less conventional digital sources, such as chan boards, data leaks, and the dark web.
2. Why is OSINT important?
OSINT allows organizations to identify risks, continuously monitor for emerging hazards, and validate identified threats.
Additionally, OSINT can also identify information threat actors might use to attack your business.
What vulnerabilities does your company have out in the open? Could an adversary use this information to access secured facilities, launch a phishing attack, or disrupt operations?
Once you know what data is exposed, you can use this intelligence to develop better defensive strategies.
All of which can go a long way towards keeping people safe and ensuring business continuity.
3. What is OSINT used for in physical security?
Organizations can apply OSINT for many physical security applications from investigations and executive protection to crisis response and travel security.
Let’s break down some of these specific use cases:
- Executive Protection: OSINT represents an essential tool for security details when conducting an initial threat assessment. Continuously monitoring open sources could also reveal new risks to a principal, such as stalkers, doxxings, misinformation, and violent threats.
- Crisis Response: Continuously monitoring open sources can alert security teams of an emergency situation, such as a natural disaster, workplace violence, or industrial accident. Further intelligence gleaned from public data could prove essential when planning a response or coordinating relief efforts.
- Loss Prevention: Criminals are experts at exploiting technology to conduct their operations. Monitoring open sources can allow asset protection teams to learn about new shoplifting tactics, upcoming “flash mob” raids, or particular products thieves like to counterfeit (and where they distribute them online).
- Data Leak Detection: From time to time, company insiders may publish photos online that expose the organization to new risks. For example, criminals can exploit pictures of tickets and work ID badges to create fake credentials — thereby gaining access to secured facilities. A single post on social media could accidentally expose the location of a VIP or reveal confidential company data. Continuous monitoring of open channels can allow security teams to spot and address these incidents before they become serious security risks.
- Event Security: Savvy venues have started to employ open-source intelligence to protect attendees, prevent data leaks, and keep events running smoothly. That’s why OSINT has become a key tool for sports teams, concert promoters, and trade show organizers.
- Asset Monitoring: Organizations can employ OSINT to proactively identify operational disruptions at remote facilities. For example, this might include incidents of trespassing or unsanctioned gatherings.
- Travel Security: Teams can obtain real-time updates of global travel advisories by monitoring RSS feeds. Analysts can then get a better sense of what’s happening on the ground by reading forums, news reports, and social media posts.
- Investigations: As we conduct more of daily life online, OSINT has become an increasingly common skill set for investigators. It now represents an essential tool when investigating fraud, theft, or other types of crimes.
4. What is business OSINT?
In addition to physical security threats, open source intelligence can also play a critical role in helping organizations address other types of business risks.
For example, this could include:
- Ensuring employees, contractors, and suppliers comply with industry regulations.
- Investigating the potential risks of entering a new market, launching a new product, or expanding into a new geographic region.
- Monitoring for incidents that could negatively impact the company’s reputation.
- Assessing the impact of a company’s PR messaging on its brand image.
- Watching out for and assessing supply chain disruptions.
- Assessing public sentiment in a region towards construction of a new expansion project.
- Monitoring for interruptions to core operations.
- Conducting due diligence and background checks on new partners, suppliers, or executives.
OSINT helps organizations mitigate these risks by uncovering relevant public information on social media, or in lesser-known parts of the internet like chan boards, paste sites, and the dark web.
With this business OSINT on hand, executives are more likely to have all the information they need to make informed decisions, mitigate risks, and avoid financial losses.
5. Who uses OSINT?
Historically, OSINT represented the purview of the defense and intelligence communities. Today, however, all types of organizations now employ open-source intelligence, from NGOs and businesses to journalists and armchair analysts.
Diving into the private sector specifically, here’s a quick breakdown of the type of companies that use OSINT for physical security.
- Oil & Gas: Energy companies typically have many assets spread out over a wide geographic area. OSINT allows oil and gas firms to monitor and respond to workplace incidents or disruptions. Gathering open-source intelligence also plays a vital role in executive protection and travel security.
- Sports & Entertainment: Venues use OSINT to watch for violent threats against staff, VIPs, buildings, and spectators. Teams also use open-source intelligence to spot potential disruptions, such as trespassers, medical emergencies, fan misbehavior, inclement weather, or leaked credentials.
- Health Care: Health care providers have to tackle an assortment of security challenges such as theft, medical misinformation, and workplace violence. In recent years, COVID has amplified these problems. OSINT represents a key tool for security teams at these businesses to spot and address those risks.
- Manufacturing: Like energy companies, manufacturers generally have many assets spread over a wide geographic area. OSINT allows security teams to watch for natural disasters, workplace violence, or other operational disruptions. Monitoring supply chain partners can also allow organizations to respond quickly and effectively to unexpected events.
- Finance: OSINT helps financial institutions ensure the safety of customers, employees, and property. Increasingly, banking and insurance companies have also started to exploit open-source intelligence to investigate fraud and leaks of private customer information online.
- Hospitality: OSINT has long represented a tool for hospitality businesses to proactively identify risks to business continuity, such as violence or inclement weather. More recently, teams have exploited open-sourced intelligence to spot incidences of human trafficking at company properties.
- Mining: OSINT represents a tool for establishing regional intelligence in areas where the organization does business. Other uses include preventing incidents of workplace violence or investigating theft of company equipment.
- Property Management: Property owners use OSINT tools to monitor for threats to the safety of their tenants and property, such as riots, crime, or natural disasters. Teams also use open-source intelligence to detect unsanctioned events occurring at a company property.
- Retail: Retailers use OSINT to uncover stolen items for sale online. Intelligence gathered from social media is also used to identify incidents that could cause business disruptions.
- Television and Movie Studios: Television and movie studios need to monitor for violent threats against celebrities. These organizations also use OSINT to spot content leaks and disruptions to upcoming events, such as a film premier or recording shoot.
6. Is OSINT legal?
OSINT is legal. But when using OSINT for physical security, organizations need to define a clear framework regarding how data is gathered and used.
First off, consider where you collect information.
Investigators generally won’t encounter too many issues when collecting data from areas of the web where there is a reasonable expectation of public access.
For example, this might include a LinkedIn profile, blog article, or social media posts.
That said, security teams can run into legal or ethical issues when collecting data from password-protected sites or through the use of deception.
Additionally, also consider why your organization wants to gather this intelligence.
Are you using OSINT to monitor for natural disasters that could impact operations? You likely won’t encounter any ethical issues.
Are you using OSINT to stalk an ex online? That’s a problem.
At the moment, investigators are working to create a worldwide standard for the ethical use of OSINT for physical security.
But until the community establishes such a framework, the Berkeley Protocol provides some guidelines for analysts.
7. What is an OSINT tool?
Analysts use OSINT tools to monitor the web for potential threats and collect information about a person or entity of interest. Such applications streamline all aspects of the intelligence cycle, allowing teams to accomplish far more than what could be done manually.
Teams today have hundreds of applications from which to choose.
Of course, a complete list of OSINT tools for physical security goes far beyond the scope of this article. That said, here are the most common utilities analysts use to gather intelligence.
- Consumer Search Engines: Search engines, like Google, Bing, and Yahoo!, represent core tools of OSINT research. Savvy analysts can narrow and widen their search results with tactics like “Advanced Search Functions” – sometimes referred to as “Boolean Operators.”
- Specialty Search Engines: Specialty search engines allow analysts to find more obscure data from around the web – such as online forums, photos, metadata, financial reports, patent filings, or social media posts. All of which can aid analysts during an investigation or research assignment.
- Image Applications: These tools create graphical illustrations, helping analysts visualize relationships between individuals and topics of interest.
- Internet Archives: Internet archives allow users to see how a website looked in the past. That makes it possible for analysts to find information that has since been hidden or taken down.
- Web Monitoring: Monitoring tools, such as TweetDeck, Brand24, and Google Alerts, allow users to monitor the web for mentions of particular key phrases. Physical security teams can use this feature for many use cases, such as mentions of a VIP online or monitoring the web for emergency events.
- Data Aggregators: Numerous sites aggregate data from multiple sources and display this information on a single page. HealthMap, for instance, can be used to track the outbreak and spread of diseases around the world. Transportation apps, such as Marine Traffic and FlightRadar24, track global shipping and flight traffic in real-time.
When conducting OSINT for physical security, most organizations patch together a collection of free resources.
That strategy has one obvious advantage: the low price tag.
Free OSINT tools allow companies to start gathering relevant intelligence without much of a financial investment.
That said, free applications have some disadvantages.
Firstly, free OSINT tools rarely cover more obscure corners of the internet, such as chan boards, the dark web, and alt-tech social networks. That means security teams relying on these utilities could overlook threats to their organization.
Moreover, most free applications have long delay periods. Sometimes hours or days could pass between when a news article or social media post is published and when it’s collected by these tools.
That might not be an issue for general research purposes. But in the world of physical security, where seconds count, that can present a big problem.
To address these issues, many vendors have released comprehensive OSINT applications to automate web monitoring and investigations.
These tools often combine technologies, such as artificial intelligence and advanced filtering, with access to more obscure data sources.
Such features allow analysts to conduct more thorough investigations, reduce alert fatigue, and automate routine, time-consuming processes.
Additionally, these advanced OSINT tools often combine multiple utilities into one platform.
That can reduce the time analysts spend learning how to use new applications to solve a particular problem.
8. Where should I start with OSINT?If you’re a physical security professional looking to develop your OSINT skills, here is where we would suggest getting started.
- Learn the Basics: The OSINT community has created a wonderful collection of educational resources. Maverick Adams, the host of the Cyber Mentor YouTube channel, provides a free five-hour class for beginners. Open Source Intelligence Techniques by Michael Bazzell also represents one of the definitive books on this subject.
- Create a Safe Work Environment: When gathering intelligence online, you have to remain anonymous. After all, you don’t want to tip off targets that they are the subject of an investigation. This will require practicing basic operational security, such as setting up a virtual machine and shielding your online activity through a VPN service.
- Apply Your Skills: One of the easiest ways to get started with OSINT is to conduct a mock investigation on yourself. It can be eye-opening to see how much information is already out there. From there, you can sharpen your skills further by conducting a mock investigation on a topic of interest or participating in online “capture the flag” competitions.
- Collect Resources: Improve your OSINT skills by reading blogs, articles, and papers on new OSINT techniques. As you discover new applications, keep these in a well-organized bookmark folder.
- Network with Peers: The OSINT community is very open towards newcomers. Enthusiasts have groups across social media, including Twitter, LinkedIn, and Reddit.
- Earn Certifications: Attending formal training sessions is a great way to take your OSINT skills to the next level. Completing a formal certification program also demonstrates to employers that you possess basic investigative skills.
The Bottom Line on OSINT for Physical Security
For a short staffed physical security team, OSINT can represent a huge force multiplier.
Savvy security leaders have figured out that a small investment in threat intelligence upfront is far less expensive than getting caught flat-footed and responding to an incident after the fact.
And each day, practitioners find new ways to apply OSINT for physical security.
All of which can go a long way towards keeping people, operations, and property safe.