The pending war with Iraq, and the military's method of intelligence collection and management, offer crisis managers from any organization some valuable lessons. As do mistakes made by the intelligence community prior to and during past conflicts – some of which might have been avoided altogether.
The Role of Intelligence
From this country's failure to detect warning signs of Japan's Pearl Harbor attack to the horror of 9-11, we have learned what happens when intelligence gathering is conducted poorly or, even when done skillfully, if information dissemination and analysis is incompetent.
My original career was in military intelligence, a fashionable oxymoron these days, and as an outside observer of wartime preparations I believe that the U.S. Intelligence Community has now learned a great deal from its mistakes and is better prepared than at any time in history. Perfect? No. Humans and machines can still err.
Non-military organizations need accurate intelligence for their decision making just as much as the military does. To base decisions solely on theory, best guesses and wishful thinking results in Enron-like situations. Here's the difference: from what I observe in the business world, most American organizations haven't yet learned from their mistakes, the mistakes which lead to crises, and which result in crises become disasters.
Classically, there are six forms of intelligence gathered by government agencies:
Signals Intelligence (SIGINT)
Imagery Intelligence (IMINT)
Measurement and Signature Intelligence (MASINT)
Human-Source Intelligence (HUMINT)
Open-Source Intelligence (OSINT)
Geospatial Intelligence (no acronym to my knowledge, another group already had "GI")
Private organizations are seldom able to use this full range of options to collect information relevant to decision making, but two of them -- HUMINT and OSINT -- are absolutely essential for ANY organization.
OSINT is publicly available information appearing in print or electronic form, including radio, television, newspapers, journals, the Internet, commercial databases, and videos, graphics, and drawings. The Internet, in particular, is a virtual Alice's Restaurant of information where, unlike that song, you can get ANYTHING (including Alice) if you know how. There is absolutely no sane reason, short of technophobia and wishful thinking, not to employ Internet-savvy staff, consultants and/or services to ensure that you truly understand the "battlefield" in which your organization competes for attention and revenue. Even if you're a small business, a teenager could probably help ensure that your Internet-centered data collection is competent.
HUMINT -- the intelligence community version -- amounts to identifying, recruiting, motivating, training, briefing and debriefing sources. Journalists do the same thing, with less bureaucracy and formality, hence the fairly easy transition I made from military intelligence to investigative reporting in the late 70's. However, while industrial espionage certainly exists, involving machinations sometimes as complex as the CIA's best efforts, for the most part an organization's best sources are right under their noses -- their own employees, customers, and anyone else who has a stake in their future.
Here's the catch: usually, if you want THOSE sources to give you information on what's really happening with your organization (so you can detect problems early on) and about how you're perceived by those important to you, you have to (a) ask them and/or (b) provide easy means for them to tell you without their own welfare being threatened.
Analyzing Intelligence
OK, now you have all this raw data, how do you use it to stay out of trouble or minimize the impact of crises when they occur? Or, as a CEO once asked me, "how can I avoid getting blindsided again?"
The governmental intelligence model, when it works properly, allows data to be evaluated by subject area and then for findings to be compared across subject areas to spot related information and see if, in some cases, 1+1=3. While also looking for trends in any subject area or across multiple areas.
That model is what led me to create our vulnerability audit process many years ago. Other crisis management professionals have their own, comparable processes. When we collect information in a vulnerability audit, we use HUMINT to focus first on different functional areas of an organization (e.g., human resources, legal, marketing & sales, information security, environment), while also using OSINT to collect everything we can find about the client organization, its industry, competitors, etc. We then bring all the results together in a process for comparative analysis. Sometimes, we involve subject-specific analysts (within the client organization or from outside, for more objectivity) to help us understand the data better.
The results allow us to recommend steps that organizational leaders can take to avoid or at least minimize the damage from the multitude of potential crises to which most of them are vulnerable.
Does it take time and resources to gather and analyze intelligence? You bet. Is it still one heck of a lot cheaper than the consequences of NOT doing so? Ask Ken Lay. Or the victims of 9/11.
