The story of unit 8200 and the unforgiving lessons for CI

Israel is one of the smallest countries in the world. By population size, it is in 98th place. If you take out smaller Caribbean islands, it is even lower on the list. Landmass-wise, it is tiny (number 46th on the list of the 100 smallest countries in the world.) In terms of impact on civilization, I would rank it 2nd (1st is China where we all know everything was invented 6,000 years before white people did it including AI, electric shavers, and the combustion engine.)

One thing is indisputable, though: The Israeli intelligence community has been revered around the world. Of special respect is its SIGINT collection unit, designated 8200, which spun the vast majority of cyber startups in Israel. Equivalent to the NSA, 8200 received a commendation from that same agency for its contribution to US security as well.

8200 oversees listening, SIGINT, and cyber intelligence within the Israeli Intelligence apparatus. It has a record of unbelievable achievements. Its task is central to Israel’s reliance on early warning against overwhelming larger enemy forces.

And then came October 7: 3500 Hamas fighters, thirty points of entry through the sophisticated barrier between Gaza and Israel with gliders, boats, pickups, and zero warning.

Now, a report by an internal committee of the 8200 analyzed the astonishing failure of early warning. I will not delve into it at great length – it was too painful for me to even read. I would have not even mentioned it except for the similarities (on a much smaller scale and with way, way, way less critical an effect) between the troubles of CI in corporations and 8200’s failure of early warning in Israel.

A failure, which turned out, was NOT a failure of intelligence.

Summary of events at the 8200

In April 2022, in a one-of-a-kind (still hush) operation, 8200 obtained Hamas’ plan for the attack on Israel. The plan, called Al Aqsa Flood, is dubbed Jericho Walls in Hebrew (an extremely apt name). Over dozens of pages, the plan details every move planned by Hamas for a breach into Israel.

The document is delivered to a noncommission officer “V” of 8200 who is in charge of covering Hamas. ?She does a fantastic job of studying its every aspect and developing signposts to track its progress. She follows up on clues, sifts through an enormous amount of tactical and meaningless communication messages between Hamas commanders, and doesn’t leave out even the slightest signals. In May 2023, Hamas practiced the plan in a large mock-up exercise on the barrier between Gaza and Israel, using everything it would use in October- motorcycles, Toyota pickups, boats, thousands of participants, and even the gliders. “V” started to send emails warning about Hamas’ planned attack. She sends emails repeatedly but – and this is important- not to her direct bosses at 8200, who were appointments from other military branches and not intel people. The internal investigation surmises that she didn’t trust them to understand the intel. Instead, she keeps badgering the intelligence hierarchy at the IDF’s southern command (in charge of Gaza) and they dismiss her warning, claiming Hamas is not capable of such large operations and is deterred by IDF’s might. Importantly, “V”’s warnings never make it to the top of 8200, or anyone else at the senior level of the larger Intel community. The 8200’s commander, a newly appointed Brigadier General, didn’t even know 8200 had Hamas’ detailed plan.

V's warnings never make it to the top

In incredible foresight, “V” intercepts Hamas’ communication involving passages from the Quran she hasn’t heard before. She studies them and finds out they are passages used before going to war. And still, her analysis is blocked from reaching the top. When she is at last able to present her analysis to the 8200’s commander, the meeting is scheduled for a week after October 7th.

The core factors behind the failure

Below are the report's assessments of the factors behind the EW failure. What I see in our CI community are faint echoes of these factors (with clearly way, way tinier consequences). ?

1.?????? The reliance on technology? The report outlines 8200 pivoting away from the interpretation of the SIGINT with the introduction of newer technologies for the collection of intel. While no details are provided (obviously) one can surmise the new tech involves AI. 8200 which was originally based on human expertise in understanding the opponents has devolved into a fascination with tech-dependent processes not only in the collection but in the machine translation of the communication as well. It saved on time and effort and devalued human expertise in understanding context and subtle meaning.

A unit originally based on human expertise devolved into fascination with tech instead

Sounds familiar?

2.?????? The devolution of insight. With technology replacing human expertise, the role of Network Insight Officer (loose translation from Hebrew), once the backbone of 8200, has become way less important. Instead of insights, 8200 (and the IDF and political top) were focusing on providing more data. Tons and tons of data.

Insight becomes secondary to data. More and more data.

Sounds familiar?

3.?????? The rise of the pull model The intel model has changed drastically with the introduction of an “Intelligence Pool.” A huge, galactic-size database, organized with AI, where ALL information was stored, categorized, and structured (not only from 8200 but Mossad and other agencies). The “pool” allowed users to pull any piece of information they wanted with one click. A pull model then replaced a push model where the role of 8200 was to provide early warning.

Pull of data replaces intel warning

Sounds familiar?

The report concluded that the most devastating failure, however, was the abandoning of the first and most vital role of intelligence professionals: To ensure clients understood, discussed, and internalized the warnings. ??And if they didn’t, 8200 was obliged to raise hell, to sound the sirens, to not rest until they do.

To my CIPs

The report and the horrible failure of the early warning model have important lessons for us. First and foremost is the simple and only one definition of intelligence which I have advanced for over 30 years:

1.?????? Intelligence is the interpretation of the data, not the data. CIP?s should never accept their role as just waiters/waitresses moving the “food” from the kitchen to the consumers’ tables.? That may be the role of an information practitioner or a librarian. They are not intelligence analysts.

2.?????? Early warning is not the same as collection and distribution of tactical information, pulled by users at will from a CI platform. Users do not know what they need to pay attention to as far as strategic early warning. They are focused on the present, tactical needs of their jobs.

The main task of the CIP? is to make sure users understand the interpretation and its implications. This means CIP? should never send data alone.

The main task of the CIP? is to make sure users understand the interpretation and its implications. This means CIP? should never send data alone.

Every one of our CIPs? has it drilled into them.

?

Alternative Perspective

Message to CEOs (with no illusion they’d read it): There is no urgency in business like in war, no imminent attack, and no risk for lives.? The equivalence of the early warning relates to disruption. The only defense CEOs have against disruptions is granting access to a CIP? SEW analyst (direct or via a Briefer), bypassing all the intermediate users, the consultants, the investment bankers, and the yes-sayers who instill a false sense of confidence.

Otherwise, watch your company fall behind and lose its way like Facebook or Macy’s. ?

And to all Israel’s detractors: Am Israel Chai (google it and hope Ge(r)mini provides an unbiased translation...)

?