OSINT for Procurement and Supply Chain: No Hype, Just Promise

OSINT (open source intelligence) is the practice of legally collecting and combining information from publicly available sources (open source meaning the public nature of the data being collected). OSINT has historically been associated with investigative journalism, defense and military operations, sanctions (individual and organization-wide) monitoring, law enforcement, and cybersecurity efforts. It is important to note OSINT’s appeal extends to hackers just as much as it does to security operations teams.

Gartner’s Darin Stewart notes that cybersecurity professionals, relying on OSINT, have been the main navigators of the “deeper and darker realms of the web” and now less-technical researchers are utilizing OSINT tools to explore the entirety of the web for a varied number of investigative reasons. OSINT is making steady headway into the business realm as well. John Popel, writing for Forbes, predicts that OSINT will be the next big thing in B2B business, including the areas of customer knowledge, supplier diligence, competitor intelligence and brand awareness.

There is no doubt that OSINT will be playing a greater role in procurement and supply chain research efforts. Here are a few examples of how OSINT has/is being used:

  • OSINT Combine’s published report on potential vulnerabilities of the supply chain of a large Australian Government organization found multiple potential threats through open source data. One finding was that two-thirds of IT and software companies within the organization’s supply chain had been subject to data breaches.
  • In a story funded by the CUNY Newmark Graduate School of Journalism, and researched by the AP, slavery abuses were discovered in the palm oil industry. AP used U.S. Customs records and published data from producers and buyers to trace labor from the palm kernel processing mills to the supply chains of products sold by Nestle, Unilever, Kellogg’s, and PepsiCo, among others.
  • Recently, Greenpeace UK has created a tool, in Beta, that tracks supertankers carrying oil and gas leaving Russian ports and tweets about the activity. The Russian Tanker Tracker bot provides transparency to “an industry that tends to operate out of public view.”

Knowing which resources are available to tap and which tools to use for collecting and analyzing the data, along with balancing the potential invested time versus the outcome value, are a few of the challenges when considering OSINT. There are a slew of resource and tool guides widely available, in addition to instructional videos produced by platform providers and OSINT experts/trainers. Graphical link analysis provider Maltego offers one of the most popular tools available. It gathers and integrates data in real-time and presents it visually via node-based graphs. The OSINT tools list by Upguard is a nice place to start. OSINT Framework by Justin Nordine is a helpful site for identifying tools or resources and the comprehensive list of OSINT web resources provided by Oh Shint is worthy of a look.

Examples of open source resources for procurement and supply chain intelligence include:

  • Opencorporates – largest open database of companies in the world. The data comes directly from official company registers for full view of legal entities, which is imperative for trusting the data for searching or integrating into tools.
  • Companies House – this UK agency incorporates and dissolves limited companies. Information for all UK companies, and their directors (including address and their associated businesses) are publicly available. You can see previous names for companies and full text filings history.
  • World Bank Open Data – free and open access to global development data, you can search or browse by country or indicator. There are 20 indicators such as Agriculture, Climate Change, Economy and Growth, Infrastructure, and Trade.
  • US Bureau of Labor Statistics Data – open source for statistics on inflation and prices (consumer, producer and import/export), employment (hours, earnings projections), pay and benefits (including employer costs for employee compensation), and productivity.
  • USDA Agricultural Transportation Open Data Platform – this is a continually growing catalog of publicly available agricultural transportation datasets and visualizations, for truck, rail, barge, and ocean.

This introduction is a summary that skims the OSINT surface. Look for more posts about OSINT in the future. I have covered many open source resources on my blog (search the term “open”). In addition, a large number of the indices in the Index Collection are open source.

Image by Gerd Altmann from Pixabay

Copyright © Copyright 2024 Cottrill Research. Site By Hunter.Marketing