Loading in 2 Seconds...
Loading in 2 Seconds...
Methodologies for Sorting Through the Chaff Presentation to: DHS/IAIP 27 January 2005. Pherson Associates, LLC • Email: [email protected] Recognizing the Good Stuff: Using What If? Analysis and Outside-In Thinking to generate generic Indicators or Signposts Empirically-derived Checklists
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Three years ago, terrorists just tried to crash a plane into the Eiffel tower. What if we had asked ourselves then: “Would they do something similar in the United States? How would they pull this off?”What If? Analysis
Assume that what might be the case, is the case.
Develop a chain of argumentation based on both evidence and logic explaining how this outcome actually could have come about. This is called “thinking backwards.”
Generate a list of signposts or “observables” that would indicate that this outcome is coming about.
Monitor the traffic for any evidence that relates to the signposts or indicators.What If? Analysis
In brainstorming how al-Qaeda elements are communicating with each other, are there any technological trends or new technologies that we need to consider (eg., use of “unsent” email messages, MP3, or IPods)?Outside-In Thinking
Monitor reporting for tipoffs/lead information.
Extrapolate patterns from reporting trends.
Identify relevant global trends.
Assess how they might affect when, where, and how a terrorist might launch an attack.Competing Approaches
Generate a generic description of the problem at hand.
List all the factors (social, technological, economic) that could have an impact (the subject usually has little influence over these factors but can exploit them).
Next list the factors over which the subject can exert some influence (choice of partners, methods of communication, capability to acquire feedback, etc.).
Assess how each of these factors could have an impact.
Look for data that suggests they actually have an impact.Outside-In Thinking
Establish categories of data (walk-ins, detainee reports, émigré reporting, human sources, etc.)
Review the reporting within each category and establish criteria for what turned out to be useful or not.
Develop a rough scale. For example, reporting that turned out to be useful usually met these criteria; bad reporting often fell into these boxes, etc.
Use these lists to rate the utility of incoming reporting.
Rate the new reporting based on these lists and revise/refine the lists over time.Empirically-derived Checklists
Accepting new information would require you to change your mind, alter a key assumption, or divert significant resources (protect all apartment buildings or shopping centers).
Your analysis hinges on a single or key piece of data.
The terrorists have a great deal to gain, or lose, if you take a specific action (discount a key source).
You know they have an effective feedback channel. (they are likely to learn of your reaction in the press).Detecting Deception
Examine the whole chain of evidence, including translations!
Does the critical evidence check out?
The subsource can be more critical than the source.
Does evidence from one source (HUMINT) conflict with another source (OSINT)?
Do other sources of information provide corroborating evidence?Tactical Indicators of Deception
Try not to rely exclusively on non-material evidence (verbal intelligence).
Check all instances in which a source’s reports that initially appeared correct later turned out to be wrong-- and yet the source always seemed to offer a good explanation for the discrepancy.
Heed the opinions of those closest to the reporting.
Know the enemy’s limitations as well as his capabilities.How to Avoid Deception
Selective perception (or coming to closure too quickly) that usually results from focusing on a single hypothesis.
A failure to generate—at the outset—a complete set of alternative hypotheses.
Focusing on the evidence that tends to confirm rather than to disconfirm the hypothesis.The Value of ACH
no diagnostic value.(that support all hypotheses)
5) Assess the relative likelihood of each
hypothesis. (try to refute each hypothesis rather
than confirm it)
6)Determine how sensitive the conclusion is
to just a few critical pieces of evidence.
(would the judgment still stand if the evidence
were wrong?)ACH: The Eight Step Process