top of page
  • Julian Talbot

Threat, intelligence, and risk

Every year and in every nation, government and commercial intelligence agencies create and protect volumes of intelligence 'product.' The international intelligence community has innumerable agencies dedicated to collecting and analyzing data to produce finished intelligence products.

But how good is it, and how much ends up as dusty files in secure containers or warehouses full of spinning hard drives?

The CIA model identifies five main collection modalities: open-source information, human-source intelligence, signals intelligence, geospatial intelligence, and measurement and signature intelligence. These modalities involve collecting data from various sources, including publicly available information, human sources, intercepted signals, satellite and ground-based collection methods, and technical data from sources such as radar and nuclear intelligence.

There are no guarantees or consumer refunds for faulty intelligence product.

Most of this is classified, so we cannot know how many tonnes of material this amounts to in printed files. Estimating the exact amount of electronic classified intelligence product is even harder. Given the size and complexity of the intelligence community and the vast amount of data collected, the United States alone is likely to hold something in the petabyte or exabyte range.

This ranges from raw data to complex intelligence product. 'Product' can be in the form of a report, analysis, or another type of output that results from the collection, analysis, and interpretation of intelligence information. The purpose of an intelligence product is to provide decision-makers with the information they need to make informed decisions, develop strategies, or take action to mitigate risks.

And yes, as many of us can attest, intelligence product is rarely accessed or used for decision-making. In many circumstances, however, the product is faulty. There is no guarantee or consumer rights refund for faulty intelligence product. And when they are used, the results can be disastrous.

Throwing a curveball

Curveball was the codename given to an Iraqi informant who provided intelligence to the United States about Iraq's alleged weapons of mass destruction (WMD) program before the 2003 invasion of Iraq.

Curveball claimed to have worked on Iraq's mobile biological weapons program and provided detailed information about the program's structure and capabilities. However, after the invasion, it was discovered that his information was unreliable and based on hearsay, rumors, and his own imagination.

Curveball's information was initially believed to come from several independent sources because he claimed to be reporting on a network of Iraqi scientists and officials involved in Iraq's alleged mobile biological weapons program. The U.S. intelligence community received Curveball's information through a foreign intelligence service, which had obtained it from a German intelligence agency.

The German intelligence agency believed that Curveball was a credible source because he had a plausible story and had passed a polygraph test. They also believed that Curveball's information was corroborated by other sources, even though there was no direct evidence to support this.

Therefore, the U.S. intelligence community initially believed that Curveball's information came from multiple sources and was reliable. It was not until after the invasion of Iraq that it was discovered that Curveball's information was false and that he was the sole source of information.

The intelligence provided by Curveball was used by the U.S. government to justify the invasion of Iraq. Secretary of State Colin Powell cited it in his speech to the United Nations in February 2003. The intelligence was also used as a basis for the UK government's decision to join the invasion.

The credibility of the intelligence provided by Curveball was questioned before the invasion, but it was not fully investigated or substantiated. The case highlights the dangers of relying on unverified and unreliable sources of intelligence and the importance of thorough vetting and corroboration of sources before intelligence is used to inform critical decisions.

We would be unwise to believe that such mistakes no longer happen or that we have learned all the lessons from the Curveball debacle. A thorough risk analysis of Curveball's information and the acquisition process might have concluded the truth much earlier. Or, at the very least, identified a range of possibilities that were not fully evaluated then.

We need a better way

The fundamental requirement for good intelligence is not likely to go away or become less important with the advent of artificial intelligence or advanced surveillance technologies. In fact, many experts and analysts believe that the world is becoming more complex and that geostrategic and technology risks are increasing.

Several factors are driving these trends:

  1. Globalization: The interconnectedness of the global economy and society has made it easier for risks to spread rapidly across borders and regions. This means that local problems can quickly become global challenges, and it can be difficult to contain or address risks effectively.

  2. Emerging technologies: Rapid technological advances, particularly in areas such as artificial intelligence, robotics, and biotechnology, are creating new risks and unknown challenges. These technologies can potentially disrupt entire industries and reshape the global order, creating new geopolitical risks and vulnerabilities.

  3. Climate change: The effects of climate change, such as rising sea levels, extreme weather events, and food and water shortages, are increasing the risk of conflict and instability in many parts of the world. Climate change also exacerbates geopolitical and economic risks, such as resource scarcity and political instability.

  4. Political polarization: Growing political polarization in many countries makes it harder to address complex global challenges and increases the risk of conflict and instability. Populist and nationalist movements are challenging the liberal international order and promoting a more confrontational approach to global issues.

The implications of these trends are significant. They include:

  1. Increased uncertainty and volatility in the global system can create challenges for businesses, governments, and individuals.

  2. Growing competition and rivalry among major powers, particularly the U.S. and China, could lead to geopolitical tensions and conflict.

  3. The potential for new technological risks and vulnerabilities, including cyberattacks, artificial intelligence, and biotechnology.

  4. New forms of international cooperation and collaboration are needed to address global challenges, such as climate change and pandemics.

The increasing complexity and risk in the global system require a more sophisticated and nuanced approach to risk management and decision-making.

Reliable and consistent intelligence analysis is essential to develop a better understanding of the underlying drivers of these trends and to build more resilient and adaptable systems to manage the risks they present.

Threat, intelligence, and risk

Threat and intelligence analysis should rely heavily on thoroughly understanding the risk involved. This requires a sound analysis of the sources of risk and the assets at risk in the context of organizational or national objectives.

While investigations, threat assessments, and intelligence products are essential inputs to a risk assessment, it is equally crucial that the risks are understood to ensure the credibility of those products.

For instance, before initiating an intelligence-led investigation, it is essential to analyze it from a risk perspective to identify potential threats and risks to the investigation. Such an analysis can help inform decision-making, resource allocation, and mitigation strategies that ensure the safety and success of the operation.

Without a risk assessment, the investigation may face unforeseen challenges or dangers that could compromise its integrity and effectiveness. Therefore, a risk assessment is a critical first step in any complex investigation to ensure appropriate measures are taken to minimize risk and maximize success.


Risk, threat, and intelligence are interwoven because they are all related to identifying and mitigating potential harm or negative outcomes. To effectively manage risk and respond to threats, it is essential to have accurate and timely intelligence about potential risks and threats.

There is no perfect or ideal solution to these challenges. Other than recognizing that continuous improvement is often better than striving for perfection. Perfection is unattainable, and even thinking we have a near-perfect solution leads to stagnation and overconfidence.

By embracing a culture of continuous challenge and improvement, intelligence organizations remain agile and adaptable, responding quickly to changing circumstances and evolving to reflect the realities of a changing world.

Intelligence is critical for identifying potential risks and threats and understanding the nature and scope of those risks and threats. But intelligence doesn't stand alone. It needs to be based on a solid understanding of all likely risks in the context of objectives.

Once potential risks and threats have been identified, intelligence comes into its own. But this is an easier process to articulate than to implement. A good framework for improving outcomes in this area is the ISO31000 risk management process, but the core requirements are much simpler:

  1. a consistent risk management and intelligence framework

  2. skilled operators to implement that framework

I've written at length about the sort of tools that can improve intelligence analysis, so I won't go into them here. The important thing is that we must constantly be moving forward. And the improvement opportunity in the intelligence, risk, and threat world is to integrate those functions fully.


Some additional references

The Admiralty Scale is a well-regarded tool for intelligence analysis, as is Heuer's Analysis of Competing Hypotheses. ISO31000 also provides a systematic framework, principles, and process for threat assessment and risk assessment.

Recent Posts

See All


bottom of page