Are We Ready for an Open Source Revolution?

Hi, this is Lindy Kyzer, and welcome. I’m really excited today to have Matthew Scott, Senior Vice President of Avantus Federal, on the show. Matt and I have worked together on the Intelligence and National Security Foundation’s Future of the IC Workforce Series, and I can always count on Matt to be a strong voice for change within the intelligence community. He has a history of delivering and scaling data and capabilities within the IC, while also pushing for the government and industry to innovate, which I so appreciate. I appreciate your being on the show and I love your leadership around this topic, and I’d love to learn more about how this became a specific area of interest for you and became a passion point for you.

My first job in the Intelligence Community was as a platoon leader in Iraq. I graduated college, I attended my Army Intel Officer Basic Course, and I think three to four weeks later, I was in Iraq, and I took over a platoon that was already there. We’re flying UAVs, unmanned aerial vehicles, over a big chunk of the country, sort of Baghdad and north, and I won’t over dramatize it. That job wasn’t easy, and it wasn’t safe, it wasn’t comfortable, and the progress that we made day-to-day was a really hard one. Fast forward four years from that point, and I’m out of the Army, and I’m sitting in this nondescript office park in Northern Virginia. I’m working for a government contractor for the IC, for the Intelligence Community, and I’m wearing a green badge.

My assignment four years later is contributing to some of the first courses on social media and analysis, and so I’m sitting there and I have this aha moment, and I realize if we get this right, this being OSINT, then we don’t have to do that. That being Iraq or intelligence collection in the middle of a war zone. Fast forward, I got to this point today by working in the industry for the last decade plus all around open source and trying to get to this place where we do open source right so that we don’t have to do the harder things wrong later on.

I’m a sociologist at heart, so I generally always talk about defining the terms and framing the issues. So I did want to kind of start, if we’re going to talk about open source a little bit on the show today, how do you define open source and do you think the IC actually has a legitimate definition of what open source is?

This is such a super important question, but anytime that I hear it, I go on sort of red alert. So let me answer your question and then I’ll tell you why you’ve now got me alarmed. Open source intelligence, it’s intelligence that’s produced from publicly available information. There has been a great deal of debate and hemming and hawing over what publicly available information is, but it’s basically information that’s been published or broadcast for the use by the public, or it’s available on requests to the public. Could be accessible online to the public. You could buy it or subscribe to it. You could see or hear it if you’re just a casual observer or it’s made available at a public event or a meeting. And I would include that this also includes commercially available information, and that’s information that made available by a company; you can buy it, you can lease it, you can sell it. And these definitions I’m giving you, these are not Matt Scott’s definitions. These are the Department of Defense’s definitions, I think ODNI’s definitions. So this is well trod territory. What is it? What isn’t it?

But let me tell you why now you’ve alarmed me. And that’s because we’ve been working on open source and trying to advance the discipline now for at least a decade myself, two decades plus others. And this question of the definition is often a little bit of a… It’s almost like a bureaucratic maneuver to slow down whatever conversation we’re having. And I’ve been in tens of conversations, meetings, inside the government, inside industry, around industry. And we’re starting to make progress. We’re talking about tough issues, talking about the value of open source. And it almost never fails, someone sort of leans back in their chair, sort of stretches their decades of experience comfortably in government and they ask, “Well, what does this mean? What is open source? What is PAI?” And then we end up admiring the problem and progress halts, which is in a way the story, or my version of the story, of where we are with open source right now.

There’s the definition, it’s available in 10 different official publications across the IC and DOD. And if there’s a takeaway today, if you’re in a meeting and you’re trying to push something forward with open source and someone asks you what it is, don’t let them bog you down. It’s there, move forward, we’re past this.

I love that answer. I mean the red alarms though, I’m setting off red alarms with question number one, so I’m hoping this can be a five alarm interview if I play my cards right. So again, we clearly know that you don’t dance around the issues, that your recent op-ed for Cipher Brief, you literally outlined the failure of open source with a call for new IC leadership. I’m just curious, do you think the IC understands the failure point it is in, and is there momentum around that belief across the IC? Are you the only one sounding these alarms, Matt, or is the community behind you?

Well, I think the answer to your question is yes and yes, and I am not the only one. However, there are some bureaucratic, and I would argue, leadership reasons why that awareness and this group of people trying to push for change haven’t yet achieved it. I guess I would also, I love starting with context like you do, Lindy. I think the super important context with this conversation is the moment that we’re in, in the intelligence community; overwhelmed with data, we’re overwhelmed by threats. Many of those threats are from new places or they’re targeted at new places within our country. We’re in a competition to get to the truth first with media, with big countries, with small countries, with non-nation states. And that’s because of the democratization of intelligence capabilities and the commoditization of technology. But this is such a critical moment that Sue Gordon says, and I quote this whenever I can, but she says, “We’ve only had four moments of equal import to the one we’re in now and the entire history of the Intelligence Community.”

And she says, the first was World War II, so think Pearl Harbor. The second is the fall of the Berlin Wall, so think end of the Cold War. The third is 9/11, and the fourth is now. And so as we’re having this conversation, we’re asking ourselves, why aren’t we doing more with open source? I think we have to also just really take a step back and just appreciate the stakes. This is not a moment for the status quo. It’s not a moment to sort of sit and be happy with the progress today. It’s a moment for action, it’s a moment to roll up our sleeves and work. And despite the fact that I think there’s broad awareness that we’re not doing as much as we can with open source. On this topic, we just haven’t seen enough work accomplished over the last decade plus.

No, and I think you highlighted that in the article. You referred to it as a secondary end. In part because it’s one that no single entity wakes up thinking about. And I think I’ve heard you say that same phrase before. So why is that important? Do we need a single person who wakes up thinking about open source? Why can’t that just be everybody in the IC thinking about open source?

The short answer is because we’re in a race with our adversaries, and you don’t win races with federations and with volunteer coalitions deciding by committee what comes next. Quite frankly, organizationally, you don’t achieve change without leadership. And we’re not structured today with that leadership. And we’re certainly not structured today to achieve the change that we’ve got to accomplish. Yeah, you’re absolutely right. No senior intelligence leader wakes up in the morning each day and says, “How do I advance the open source discipline?” We have IC leaders that… The director of the CIA is by designation, by the Director of National Intelligence is the functional manager for open source in the community. This is publicly available information.

That gentleman today, it’s Mr. Burns, Director Burns, incredibly intelligent man, but he has other problems to deal with. He wakes up and thinks to himself, what does the president need on this topic? What’s the status of this operation in this country? Covert action, all source analysis. Open source is not even on that top list of priorities I would imagine. But we’re in this critical moment and we need open source intelligence to recapture and gain intelligence advantage over our adversaries, then we’re in trouble.

My favorite little phrase from the response you just gave was your disclaimer for ‘this is publicly available information’. This is how you know you’re talking to somebody within the IC. But it pivots also to the next thing. We find ourselves saying that, right? Because I do that all the time with ClearanceJobs. People are like, “Well, how did you get that?” Or, “Why did you publish that?” I’m like, “Well, I literally pulled it from a government website where it was published. It’s not classified, it’s not sensitive.”

I see OSINT and classification as equally important. But the fact that we have this kind of back and forth where we have to profess that what we found was publicly sourced and isn’t classified is kind of a weird point to be in. How do you see the marriage of these two topics? The need for a classification process, or that there is information that is Secret, Top Secret, sensitive, but also I think the vast majority of our insights within the IC now are coming from open source. How do we hold both of those things out?

That’s right. We keep hearing the statistic, 80 to 90% of the information that gets from the IC to the president every day into the critical leaders around the executive branch every day comes from open source. And yet here we are excusing the fact that we’re using open sources. I think we have this thing in the intelligence community where if you want to do something new or get it approved or funded, you have to go to the legacy people who are in all these leadership positions and positions of power, and you have to convince them that what you’re asking for will either help them or at least not threaten them. And we do that with classification, and we do that with the legacy intel, with open source. For the longest time, the narrative on open source is, look at this information or these tools, it’ll compliment your HUMINT, or OSINT is great for tipping and queuing or OSINT is great for adding color to all source analysis, or let’s use OSINT because we can share it a little bit more broadly, but then you keep all your secrets.

But I think we have to make a break, and this is also true with classification. We’ve got to stop doing things the old way. And just because the IC has done it that way for the last 75 years. OSINT moving forward is the foundational intelligence discipline. It’s where all intelligence requirements should start and it should take a big fat chunk out of the budget for the secret disciplines that hide behind the fact that they have been here forever and are doing it the way that they’ve been doing it forever.

Well, good luck with that, Matt. This is a very optimistic conversation, I realize as we’re having it. But hey, let’s dream big dreams. Why not? It’s the start of a new year, magical things can happen. You never know. We need open source information. We need open source innovation. Obviously, again, I’m ClearanceJobs, so I’ve got to talk talent management a little bit. And I know this is also a passion point of yours and something that you’ve talked about. How does our current talent government contracting experience exacerbate this issue around innovation? We just need to think through problems differently. I mean, we can apply this to OSINT, we can apply this to everything that the IC does, quite frankly, and take this maybe, I don’t know, I might be overstating it. But we need to think about things differently. What are some of the steps that the federal government could take today to actually improve its reality around OSINT and around other issues?

We might need a longer podcast.

This is my last question, I promise, Matt. This is it. The world is your oyster now.

Let’s end with what could we do next around open source? Because I have some ideas that I’m going to put out there. I think this again goes back to the moment in the criticality and how you motivate change in the IC. Once I was in a group, and we were listening to Michael Morales speak and he said something that stuck with me for now years. And he said, “Change is the easiest thing in the Intelligence Community.” I think he was speaking specifically about CIA at the time, but it’s broadly applicable to the entire IC. And he said, “To achieve a change in the IC, all you have to do is convince the workforce that that is what is required for mission accomplishment.” And I think that’s so true. If we convince people that this is the future and that if we don’t adopt open source, we’re going to continue losing our intelligence advantage, then we win and the change will happen. If we don’t convince them, then we lose. I’m not sure. I want to imagine what could happen if we continue down the current path.

What do we need to do next? We’ve got to put the right leadership in place. In my article, I argue that open source needs its own entity. It needs its own senior leadership. It needs people that wake up in the morning and think, how do I advance this discipline? How do I make the most of the world of publicly available information to make a difference for national security? So that’s the first step. I think the second step is once you have that leadership, you put this organization in place. I think it could go a couple different places, but it’s got to be its own thing. Got to have that senior leadership. And then third, from the beginning, you build the organization, not like a legacy intelligence organization, but you build it on the foundation of just true, incredible, deep partnerships with industry, with academia, with not-for-profits, with allied countries, incredibly important.

And then fourth, this gets to the secrecy and the classification, which are just a real threat, I think, to not just progress on OSINT but potentially to our country. We’ve got to share broadly and often what we’re doing. There’s no reason we should be afraid to share the fact that the government is looking at data around the world to answer questions, of course it is. When America lines up behind transparency and values, shared with our citizens, with our allies, and we execute the innovation available in industry, in our market economy, then we win. When we don’t do those things, then we lose. And open source is a place where all of that could line up and could create something really powerful for the country and not just for the intelligence community, I think for the whole government.

I mean, that’s a boiler plate. But I’m not going to let you off that easy. Is change really the easiest thing in the IC? How do we convince the workforce that this is critical to the mission? Does that tie back into the leadership piece of it? If we get the right leaders in there. I feel like we have this point A to C. What’s the B?

Well, I mean, I would argue that the workforce is there, the leadership is not. So I reject out-of-hand the premise that the IC workforce is not ready for open source. This is not a case of the frozen middle. This is a case of an active hot, ready-to-go workforce, and a frozen leadership. And the leadership is frozen because it’s not incentivized to work in a true community way, and it’s not incentivized to advance the open source discipline. It’s incentivized to advance whatever legacy discipline the leaders have come up through, and it’s incentivized to protect the rice bowls of those legacy intelligence organizations.