Challenges in threat analysis


The analysis and assessment of threats constitute a primary focus of intelligence. However, it seems at times that analysts appear to encounter more difficulties in analysing threats than in conducting risk assessments.

Some of these difficulties are related to analytic rigour. Often there is an overreliance on analysts’ judgements in preparing threat analysis which is shown in the process of data interpretation and the weight allocated to different factors. Among the problems identified in connection with this issue are the following:

  • Inability to identify activities that fall ‘below the radar’ or what is known as the identification of weak signals. As these signals are small precursors, they are usually lost in the middle of a large amount of noisy information.
  • De-sensitization of the law enforcement community to noisy event. Often, such events are dismissed as ‘weird’ or odd and may mimic an action/incident that is fully explainable.
  • Quantification difficulties and differences. In the case of threat analysis especially, the assessment of magnitude and likelihood is a key component. Most of intelligence organisations use an approach that relies on curated sets of linguistic probability terms. However, this system has both practical and methodological flaws. It lacks interoperability (practical flaws), and the linguistic probability phrases are inherently vague and context-dependent (methodological flaws).

A second challenge refers to the use of the OSINT, and the distinction made between OSINT and SOCMINT). As social media became a new space for collecting and analysing online information, it was initially considered an OSINT sub-domain. However, with the diversification of social media platforms and contents, the OSINT framework seems to be less applicable and usable, therefore many scholars are now arguing that SOCMINT is closer to SIGINT than to OSINT. Within the threat analysis it is important to make a distinction due to the fact that the information collected, validated and analysed depends on the category it falls under. Given that experts agree that social media is a very useful resources for assessing threat intelligence by, for example, identifying intention, it is very important to understand some of the challenges of collecting and analysing SOCMINT.

  • One of the key challenges is related to information verification, or in other words which are the standards that should be applied to social media information, given its interdisciplinary nature, those of OSINT or of SIGINT, HUMINT or a combination of all of the above.
  • Information access and completeness of data retrieved. Social media aggregation companies that market social media data often provide only a fraction of the data from a social media platform or dataset from only a specific window of time.
  • Too much focus on social media data from US-based platforms, to the detriment of native platforms, which may be more relevant for intelligence purposes.
  • The data sets do not provide a representative sample of a population as different demographic groups use social media unevenly.
  • Content is very dynamic. The acquisition and retention of social media content must, therefore occur in real-time and be constant, as impactful content may be posted and removed in a short period of time.
  • Content is published in a variety of formats (e.g. from text, such as Reddit threads to live videos on Twitch).

A third challenge is related to the categories of data included. Threat analysis can refer to static factors (historical elements; factors that cannot be changed or change only in one direction), but it can also include dynamic factors (behavioural, social, attitudinal, etc.). For example, in the case of irregular migration, migrants’ attitudes towards different topics may be included under dynamic factors. The main problem, in the case of dynamic factors, is that, as the name implies, these changes and may fluctuate over time, making them difficult to quantify and analyse.  A good example of these challenges can be found when trying to analyse attitudes in order to identify threats, as shown in the MIRROR Perception Model.

A fourth challenge is related to the content, and more specifically to the definition and nature of the threat. In terms of definition, the main problem is the very process of threat identification, which can be significantly influenced by what is labelled as the ‘securitisation of discourse’ and its implication for threat analysis. The main concern is that the set of narratives build around ‘securitising’ migration, are employed to inform discourses, policies and practices of both state and non-state actors.  In some cases, for example, the human security discourse has been employed to legitimise the tightening of borders in the name of migrants’ own ‘security’. The threat-migrant association can give rise to an important number of problems such as:

  • Algorithmic bias for AI technologies employed in a border security setting. The ‘securitisation’ of migration is directly linked to the use of surveillance and data collection. However, some experts argue that this approach can be very problematic, due to the inherent vulnerability of migrants; the concern being that technological ’solutions’ are employed on refugees and migrants because they can scarcely object and often lack even basic knowledge about what is involved.
  • Bias in the analysis. The framing of all migrants as threats has important consequences for the objectivity of intelligence analysis and the instruments it would recommend to employ in addressing the problem.


Alessa, L., K Moon, S., Valentine, J. Marks, M. et. al. (2021) Surprise and Suspense: How the Intelligence Community Forgot the Future.  The International Journal of Intelligence, Security, and Public Affairs, 23:3, pp. 310-342. DOI: 10.1080/23800992.2021.2006954.

Antonius, N., & Rich, L.E. (2013). Discovering collection and analysis techniques for social media to improve public safety. The International Technology Management Review. Available at: [accessed on 31 May 2022].

Arslan, C.  and Yanik, M. (2015). A New Discipline of Intelligence: Social Media. ICMSS 2015, Istanbul, Turkey, pp. 69-76, (Conference Paper). Available at [accessed on 31 May 2022].

Bello, V. (2022). The spiralling of the securitization of migration in the EU: from the management of a ‘crisis’ to a governance of human mobility? Journal of Ethnic and Migration Studies, 48:6, 1327-1344, DOI: 10.1080/1369183X.2020.1851464.

Buolamwini J., Gebru T. (2018). Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification. Proceedings of Machine Learning Research, 81: pp. 1–15.

Caliskan, A.; Bryson, J.J.; Narayanan, A. (2017). Semantics derived automatically from language corpora contain human-like biases. Science 2017, 356, pp. 183–186.

Carling, J. & Collins, F. (2018). Aspiration, desire and drivers of migration.  Journal of Ethnic and Migration Studies, 44:6, pp. 909-926, DOI: 10.1080/1369183X.2017.1384134.

Center for Prevention Programs and Partnerships. Threat Assessment and Management Teams. The US Department of Homeland Security. Available at: [accessed on 31 May 2022].

CoE. (2018). What Is Hybrid Coe? Available at: [accessed on 31 May 2022].

Cording, J., Beggs Christofferson, S.M., & Grace, R. (2016). Challenges for the theory and application of dynamic risk factors. Psychology, Crime & Law, 22:1-2, pp. 84-103, DOI: 10.1080/1068316X.2015.1111367.

Cusumano, E. (2019). Migrant Rescue as Organized Hypocrisy: EU Maritime Missions Offshore Libya Between Humanitarianism and Border Control. Cooperation and Conflict 54 (1): pp. 3–24. DOI:10.1177/0010836718780175.

Department of the Army. (2020). Intelligence Analysis. Army Techniques Publication, n. 2-33.4. available at: [accessed on 31 May 2022].

Douglas, K.S. et all (2014). Historical-Clinical-Risk Management-20, Version 3 (HCR-20V3: Development and Overview. International Journal of Forensic Mental Health, 13(2), pp. 93-108.

El Akrouchi, M., Benbrahim, H., Kassou, I.  (2021). Review on adopting concept extraction in weak signals detection in competitive intelligence. In The 7th Annual International Conference on Arab Women in Computing in Conjunction with the 2nd Forum of Women in Research (ArabWIC 2021). Association for Computing Machinery, New York, NY, USA, Article 3, pp. 1–8. DOI: 10.1145/3485557.3485560.

Essentials of Migration Management. Intelligence gathering and the role of technology. IOM. Available at: [accessed on 31 May 2022].

Fallon, K. (2020, October 24). EU border force ‘complicit’ in illegal campaign to stop refugees landing. The Guardian. Available at [accessed on 31 May 2022].

Farny, E. (2016). Implications of the Securitisation of Migration. E-International Relations. Available at: [accessed on 31 May 2022].

Graves A., Clancy K. (2019). Unsupervised Learning: The Curious Pupil. Available at [accessed on 31 May 2022].

Gressang, S.D. & James J. Wirtz, J.J. (2022) Rethinking Warning: Intelligence, Novel Events, and the COVID-19 Pandemic. International Journal of Intelligence and CounterIntelligence, 35:1, pp. 131-146, DOI: 10.1080/08850607.2021.1913023.

Gundhus, H.O. and Jansen, P.T., (2020). Pre-crime and policing of migrants: anticipatory action meets Management of concerns. Theoretical criminology, 24 (1), pp. 90–109. DOI: 10.1177/136248061987334.

Harrington, J., McCabe, R. (2021) Detect and Understand: Modernizing Intelligence for the Gray Zone. Centre for Strategic & Intelligence Studies. Available at: [accessed on 31 May 2022].

Hirsch Ballin, E., Dijstelbloem, H., de Goede, P. (2020). Interconnected Security: Conclusions and Recommendations. In: Hirsch Ballin, E., Dijstelbloem, H., de Goede, P. (eds) Security in an Interconnected World. Research for Policy. Springer, Cham. DOI: 10.1007/978-3-030-37606-2_7.

Huysmans, J., and V. Squire. (2010). Migration and Security. In The Routledge Handbook of Security Studies, edited by M. Dunn Cavelty and V. Mauer, pp.169–179. Abingdon, Oxon: Routledge.

Ivan, A., Anamaria, C., Codruta, R., & Nicolae, M. (2015). Social Media Intelligence: Opportunities and Limitations. CES Working Papers, VII(2A), p. 506.

Kardos, M., & Dexter, P. (2017). A Simple Handbook for Non-Traditional Red Teaming. Joint and Operations Analysis Division, Commonwealth of Australia Department of Defence, Science and Technology, DST-Group-TR-3335, January, 2017. Available at [accessed on 31 May 2022].

Keohane and Zeckhauser confirm the existence of a silo effect among threats. See Keohane, N. & Zeckhauser, R. (2003). The Ecology of Terror Defense. Journal of Risk and Uncertainty 26, 2: pp. 201-229. DOI: 10.1023/A:1024167124083.

Kunreuther, H. & Heal, G., Interdependent Security. Journal of Risk, and Uncertainty 26, 2 (2003): pp. 231-249. DOI: 10.3386/w8871.

Lessons from Environmental Security Research. ECSP Report 10: pp. 36-42. Available at [accessed on 31 May 2022].

Mahood, M.E.K. (2015). SOCMINT: Following and Linking Social Media Intelligence. Available at [accessed on 31 May 2022].

Mandel, D. R. (2021). Intelligence, Science and the Ignorance Hypothesis. DOI: 10.31234/

Mandel. D.R.  & Irwin, D.  (2021). Uncertainty, Intelligence, and National Security Decisionmaking. International Journal of Intelligence and Counter Intelligence, 34:3, pp. 558-582, DOI: 10.1080/08850607.2020.1809056.

Manrique, M. (2018). The state of the American mind: 16 leading critics on the new anti-intellectualism. Literatura: Teoria, Historia, Critica, 20(2), pp. 362–369. DOI: 10.15446/lthc.v20n2.70338.

Molnar, P. (2019). Technology on the margins: AI and global migration management from a human rights perspective. Cambridge International Law Journal, 8(2):pp.305–30.

Office of the Director of National Intelligence. (2015) Intelligence Community Directive 203 – Analytic Standards. Available at: [accessed on 31 May 2022].

Omand, D., Bartlett J. and Miller C, (2012). #INTELLIGENCE A balance between security and privacy online must be struck. Demos, UK.

Omand, D., Bartlett, J. and Miller, C. (2012). Introducing Social Media Intelligence (SOCMINT). Intelligence & National Security 27, no. 6 (2012): pp. 801-823.

Rahwan, I. (2018). Society-in-the-loop: Programming the algorithmic social contract. Ethics and Information Technology, 20(1), pp. 5–14. DOI: 10.1007/s10676-017-9430-8.

Rousseau, P., Camara, D., Kotzinos, D. (2021). Weak signal detection and identification in large data sets: a review of methods and applications. Springer Nature. Available at [accessed on 31 May 2022].

Rudinger R., May C., Van Durme B. (2017). Social Bias in Elicited Natural Language Inferences, Proceedings of the First Workshop on Ethics in Natural Language Processing. Association for Computational Linguistics Valencia, 4 April 2017, pp. 74–9.

Robertson, K. (1987). Intelligence, Terrorism and Civil Liberties. Conflict Quarterly, Vol.7, No.2, Spring, quoted in Herman, M. (1996). Intelligence power in peace and war. Cambridge University Press, Cambridge.

Singleton A. (2016). Migration and Asylum Data for Policy-Making in the European Union. The Problem with Numbers. CEPS Paper in Liberty and Security in Europe No. 89.

UN Secretary-General’s High-level Panel on Digital Cooperation. (2019). The Age of Digital Interdependence. Available at:[accessed 6 Nov 2019].

Vance, C. (2018). The Future of US Intelligence: Challenges and Opportunities. NATO Association of Canada/Association Canadienne Pour L’OTAN, Emerging Security. Available at: [accessed on 31 May 2022].

Vandepeer, C. (2011). Intelligence analysis and threat assessment: towards a more comprehensive model of threat. Australian Security and Intelligence Conference, Edith Cowan University. Available at: [accessed on 31 May 2022].

Williams, H.J., & Blum, I. (2018). Defining Second Generation Open Source Intelligence (Osint) for the Defense Enterprise.

Wills, H., Tighe, M. Lauland, A., et, al. (2018). Homeland Security National Risk Characterization. Rand Corporation. Available at: [accessed on 31 May 2022].

Young, A. (2019). Too Much Information: Ineffective Intelligence Collection. Harvard International Review. Available at: [accessed on 31 May 2022].

Migration-Related Risks Caused by Misconceptions of Opportunities and Requirement

MIRROR has received funding from the European Union’s Horizon 2020 research and innovation action program under grant agreement No 832921.

© All rights reserved