Experience the ultimate flexibility with the Isolation API, allowing you to securely Quisque pellentesque id ultrices lacus ornare elit vitae ullamcorper. Learn More

Keys to success: agency’s PAI program and DOD directive implementation

Publicly available information (PAI) is a valuable resource in day-to-day work and intelligence gathering for sensitive missions. That’s why the Department of Defense (DOD) issued a directive for all personnel on accessing and using PAI. One affected agency has been exemplary in implementing the directive. Thanks to a structured approach combining user education, senior advocacy, compliance monitoring and more, the agency has maximized personnel protection while improving the use of PAI to support a variety of missions.
Intelligence and Evidence Gathering success story

Minimizing attribution risk in PAI collection

A major command in the U.S. military, this DOD component is responsible for organizing, training and equipping select combat forces. A portion of these forces are dedicated to intelligence and evidence gathering to inform sensitive missions, making PAI an important resource to complete their duties. Collecting PAI online presents cyber risk to the organization, as well as the risk of attributing research back to the agency and tipping off adversaries.

To safeguard against these risks, the DOD issued a directive concerning the Access to and Use of Publicly Available Information. The agency not only adopted the best practices laid out in the directive but also structured their implementation in such a way as to improve the quality, effectiveness and security of their PAI program.

While changing human behavior was crucial to adhering to the directive, the agency also needed a tool purpose-built to support best-practice PAI collection for sensitive missions. The ability to manage attribution (i.e., manipulate the digital fingerprint revealed to visited websites) is key to this end, and is a capability woven throughout the directive’s guidance.

Building a successful PAI program

DOD components are given wide latitude to implement the PAI directive, meaning the decision on how to implement can have a major impact on the program’s success. Below are key factors to the agency’s approach.


Education and training

The agency realized an important first step was to educate users. They provided training early and often on how to minimize risk in PAI research using tradecraft best practices and managed attribution capabilities.

The agency had also selected Silo for Research as its managed attribution solution and made it available to intelligence analysts across the agency. In addition to isolating online research from personal browsing and controlling the digital fingerprint, Silo for Research also provided built-in training to improve OSINT tradecraft as well as use of the product.


Command emphasis

Establishing senior advocacy for the PAI program was critical to its success. The agency’s leadership championed the adoption and use of tradecraft best practices and tools. With command emphasis, personnel quickly got on board.


Tools and tradecraft

The agency needed the right tools in place to enable analysts to safely collect PAI online while managing attribution during sensitive missions. Silo for Research proved pivotal to these goals.

With Silo for Research, analysts could browse for PAI in a 100-percent isolated, cloud-based environment from any computer, any network and any location. Isolation not only protected analysts from malware infection, it also segregated their personal browsing from mission-related research, helping to minimize the risk of attribution back to the agency

Silo for Research also gave analysts full control over their digital fingerprint and the ability to manipulate it with location-specific and context-specific settings. By blending in with the crowd, analysts could avoid tipping off investigative targets and limit attribution to themselves or the agency.

The solution’s suite of productivity tools also enabled the component to gain efficiency in day-to-day work and to automate research tasks in keeping with tradecraft. The agency could also maintain complete audit trails of every session and manage oversight with a compliance dashboard.


Monitoring for usage and compliance

An important element of the agency’s PAI program was monitoring for usage of the approved managed attribution solution, Silo for Research. If the solution had not been used in a designated timeframe, users were alerted they would lose access. This ensured that the approved solution — with its necessary safeguards for PAI collection — was being used by analysts and thereby minimizing associated risks.

The agency also monitored activity within Silo for Research to ensure compliance. The auditing dashboard and audit logs were regularly reviewed to ensure timely identification of problems, need for more training or need for changes in the training program.

Lessons learned from the agency’s success

For other organizations subject to the DOD’s PAI directive or simply looking to improve their PAI program, it’s important to remember these factors as the building blocks for success:

  • Educate personnel initially and provide ongoing training on the importance of limiting attribution during PAI collection
  • Secure the backing of command to ensure adoption and compliance
  • Ensure analysts know and leverage best practices and tradecraft, as well as proper tools
  • Implement a robust monitoring and compliance regime to quickly spot problems among users
  • Recognize the investment in PAI tools goes beyond the purchase — they must be used wisely, for the right missions and for the right purposes to justify the investment