OSINT in the FY23 Defense and Intelligence Authorization Bills

We break down the intelligence authorization bills currently moving through the U.S. House and Senate. If passed, they could help bolster the intelligence community's open-source intelligence programs.

Provisions concerning the use of open-source intelligence are peppered throughout recent legislation authorizing activities for the Department of Defense (DoD) and the intelligence community (IC).

Congress is in various stages of moving these authorizing bills for fiscal year 2023, the National Defense Authorization Act (NDAA) and the Intelligence Authorization Act (IAA). Each chamber drafts its own version of the bills, with the House and Senate Armed Services Committees responsible for the NDAA and the House and Senate Intelligence Committees handling the IAA.  The legislation ultimately signed into law is an amalgamation of the House and Senate versions. That is to say, some of the provisions discussed below may not make the final cut and if they do, could be altered in some fashion as a compromise.

The NDAA is seen as “must-pass” legislation, and while it doesn’t appropriate funding, it provides oversight and sets policy for the DoD. The IAA, also a non-funding bill, flies a bit under the radar and for the past few years it has been tacked on to omnibus spending bills in lieu of receiving the more public debate and consideration the NDAA garners.

The legislative language outlined here covers a variety of national security issues with an open-source intelligence nexus. Some of these provisions simply direct the use of open-source information in furtherance of other national security requirements, while others focus directly on improving open-source as a function. (Direct quotes from the bills are in italics).

FY23 NDAA

The House NDAA (H.R. 7900) is the furthest along in the legislative process, passing the House July 14th by a vote of 329-101. It also contains the most provisions relevant to open-source intelligence. The following are from the Report accompanying the bill and fall under TITLE XVI—SPACE ACTIVITIES, STRATEGIC PROGRAMS AND INTELLIGENCE MATTERS.

Leveraging Commercial Crowd-Sourced Data

This provision acknowledges the value and efficiencies of using commercial, open-source and crowdsourced data to augment traditional sources of intelligence while emphasizing the importance of protecting the civil liberties of U.S. citizens.

“The committee encourages the Defense Intelligence Enterprise to continue to acquire and use open source, commercially available data, to include crowd-sourced data, to augment traditional sources of intelligence and enable warfighters to more thoroughly and quickly understand complex national security challenges.”

Open-Source Intelligence Management

Recognizing the growth of open-source intelligence and the need to synchronize and coordinate OSINT activities across the Defense Intelligence Enterprise, the bill directs the Undersecretary of Defense for Intelligence and Security to report to Congress on those efforts.

“The report shall include a description of the roles and responsibilities of the DIA as functional manager for OSINT across the Department of Defense; a breakdown of Department of Defense OSINT components; a description of the tiers of activity for each OSINT component within the defense intelligence enterprise and how that information meets intelligence requirements; and the extent of commercial contracts supporting the OSINT mission by component and with identification of any overlap or duplication of efforts.”

Report on the Analysis of Information from the Dark Web

While expressing concern about adversarial capabilities to communicate using the dark web, this provision encourages DoD to up its level of engagement to monitor and utilize this open-source information. The Secretary of Defense is directed to report to Congress on the following:

“(1) An evaluation of Department of Defense’s current collection efforts and exploitation of information found in the Dark Web;

(2) Plans to develop tactics, techniques, and procedures to properly analyze Dark Web information for use in open-source intelligence reports;

(3) Department of Defense’s use of existing commercial capabilities currently available to collect and analyze Dark Web data in real time;

(4) An analysis of the challenges facing the Department of Defense in terms of developing and implementing strategies to effectively use Dark Web information, including funding limitations and required policy changes, or barriers in utilizing commercially available technology for collection; and

(5) Any other relevant matters the Secretary of Defense deems appropriate."

The Senate NDAA (S. 4583) was just recently approved by the Senate Armed Services Committee and will next head to the Senate floor. And while the bill doesn’t call out OSINT specifically, there is a provision regarding online information operations.

Sec. 353. Limitation on funds for the Joint Military Information Support Operations Web Operations Center

The committee proposes withholding funding from the Joint Military Information Support Operations Web Operations Center (JMWC) until more clear policy guidance on the mission is put in place.

“The committee strongly supports efforts by the Department of Defense to conduct and improve operations in the information environment, including through web-based military information support operations. However, the committee is concerned that without clear policy guidance and procedures from the Secretary of Defense, the activities of the JMWC will not appropriately focus on clearly defined foreign target audiences, support valid military objectives, and balance the risks associated with the conduct of such operations.

FY23 Intelligence Authorization Act

The House Permanent Select Committee on Intelligence (HPSCI) released their FY23 Intelligence Authorization Act (H.R. 8367) last month. HPSCI has been very forward leaning on the use of open-source intelligence and continues to recognize its importance.

Sec. 309. Measures To Mitigate Counterintelligence Threats From Proliferation And Use Of Foreign Commercial Spyware.

The committee recognizes the threat foreign commercial spyware poses both to U.S. national security interests and the digital privacy of U.S. citizens. In response to the unique counterintelligence threat to national security and intelligence personnel, the Intelligence Community is directed to report to Congress on the foreign commercial spyware threat landscape, utilizing both classified and open-source information to inform their analysis.

“the Director of National Intelligence, in coordination with the Director of the Central Intelligence Agency, the Director of the National Security Agency, and the Director of the Federal Bureau of Investigation, shall submit to the congressional intelligence committees a report containing an assessment of the counterintelligence threats and other risks to the national security of the United States posed by the proliferation of foreign commercial spyware. The assessment shall incorporate all credible data, including open-source information…

(F) An assessment by the intelligence community of any relationship between each such foreign company and a foreign government, including any export controls and processes to which the foreign company is subject.

(G) To the extent such information is obtainable through clandestine collection or open source intelligence, a list of the foreign customers of each such foreign company, including the understanding by the intelligence community of the organizations and end-users within any foreign government that procured the spyware of that foreign company.“

Sec. 618. Sense Of Congress On Provision Of Support By Intelligence Community For Atrocity Prevention And Accountability.

This provision recommends the Department of Defense and intelligence community increase focus and support to the Atrocity Warning Task Force to prevent genocide and atrocities utilizing open-source data.

“The Director of National Intelligence and the Secretary of Defense should, as appropriate, do the following:

(1) Require each element of the intelligence community to support the Atrocity Warning Task Force in its mission to prevent genocide and atrocities through policy formulation and program development by—

….(B) preparing unclassified intelligence data and geospatial imagery products for coordination with appropriate domestic, foreign, and international courts and tribunals prosecuting persons responsible for crimes for which such imagery and intelligence may provide evidence (including genocide, crimes against humanity, and war crimes, including with respect to missing persons and suspected atrocity crime scenes); and…

(2) Continue to make available inputs to the Atrocity Warning Task Force for the development of the Department of State Atrocity Early Warning Assessment and share open-source data to support pre-atrocity and genocide indicators and warnings to the Atrocity Warning Task Force…“

The Senate Select Committee on Intelligence (SSCI) also approved their version of the Intelligence Authorization Act (S. 4503) in July and now awaits a vote on the Senate floor.

Section 317. Assessing intelligence community open-source support for export controls and foreign investment screening

This section requires the DNI to implement a pilot program to assess the feasibility of sharing open-source-derived intelligence with the Department of Commerce.

“(1) PILOT PROGRAM AUTHORIZED.—The Director of National Intelligence shall carry out a pilot program to assess the feasibility and advisability of providing intelligence derived from open source, publicly and commercially available information to the Department of Commerce to support the export control and investment screening functions of the Department.

(2) AUTHORITY.—In carrying out the pilot program required by paragraph (1), the Director—

(A) shall establish a process for the provision of information as described in such paragraph; and (B) may—

(i) acquire and prepare data, consistent with applicable provisions of law and Executive orders;

(ii) modernize analytic systems, including through the acquisition, development, or application of automated tools; and

(iii) establish standards and policies regarding the acquisition, treatment, and sharing of open source, publicly and commercially available information.”

Sec. 404. Intelligence Community Working Group For Monitoring The Economic And Technological Capabilities Of The People’s Republic Of China.

This provision would establish a cross-intelligence community working group to track the economic and technological capabilities of the PRC, utilizing open-source and commercially available information to prepare unclassified reports analyzing the extent to which those capabilities rely on U.S. or foreign investment, the links of those capabilities to the Chinese military industrial complex and the threats those capabilities pose to the U.S.

“(1) IN GENERAL.—Not less frequently than once each year, the working group shall submit to the congressional intelligence committees an assessment of the economic and technological strategy, efforts, and progress of the People’s Republic of China to become the dominant military, technological, and economic power in the world and undermine the rules-based world order.

(3) In preparing each assessment required by paragraph (1), the working group shall use open source documents in Chinese language and commercial databases.”

Passage of these provisions in their current form would contribute tremendously to the maturation of the U.S. Government’s open-source capabilities. While funding open-source intelligence programs and requirements is of course critical to carrying out these efforts, the encouragement and direction from Congress to leverage open-source information for a variety of mission sets should not be overlooked. Recognizing the value and shifting the perception of this still somewhat nascent discipline is key to cementing OSINT’s role in the future of America’s intelligence community.