Within military and national intelligence organizations, priority intelligence requirements (PIRs) are just one of the tools used to identify and manage risks within an operational environment.
These organizations will also use and continually refine PIRs with information needs (INs), executive management critical information requirements (CCIRs), decision support templates (DST), course of action (COA), etc.
PIRs are not static and require a huge amount of effort to ensure they are current and answer the operational requirements as established by the commander’s priorities.
PIRs are not infinite, they must be limited and well-scoped to key decision points / COAs as identified by the commander. Less is more.
PIRs are fluid and not static. When an operational environment changes, the PIRs and everything the PIRs support or are supported by, must be re-evaluated, refined, and the updates posted. “If PIRs don’t change, you’re fighting the plan and not the enemy”. (Mission Command Training Program).
That PIRs are being discussed within civilian security organizations is interesting; however, the massive amount of resources found in military and intelligence agencies to support intelligence functions and roles is not possible within the commercial sector. The need to shift PIRs away from a combat / national intelligence focus and towards functions and roles within the private sector is critical to show ‘why’ the intelligence function is necessary to private sector leaders.
PIRs, CCIRs, and COA can be used quite effectively when shifting the model away from a military operational field into the risk management/risk mitigation functions. The most likely or more reasonable application is the risk management/risk mitigation process.
PIRs are not solely the function of the intelligence section. If the collection or PIR manager creates the PIRs with almost no input from leadership, legal, human resources, security, etc. then the PIRs will not reflect total risk mitigation requirements for the organization. ‘It takes a village to build effective, operational, etc. PIRs’. The working group will be part of the organization’s risk management team. This team should include but is not limited to:
The purpose of PIRs is to provide decision-quality information that is timely, fused, analyzed, predictive, and answers the ‘so what’ to drive planning and support operations; versus simply ‘reporting the news’ (see details). If the intelligence team sets a meeting with leadership or executives that is ‘informational only,’ it will not go well.
This is the ‘actionable intelligence’ term so often abused within the private sector. Actionable within a military context is “actionable intelligence can also be legal as in based on surveillance capability of the enemy we are going to move Dark Star in the hanger so the satellite doesn't get a happy snap.” This kind of thinking and action is likely illegal within the private sector… However, if we strip actionable intelligence to the bare bones, it is providing the leadership the ability to:
Quickly understand the events and risks (what is at risk) Provide decision points (what do you need from them) Provide a course of action with intended and some possible (likely) unintended consequences Think like a reporter and the 5 Ws:
DO NOT put details, the important part is the number 5, What are the recommendations? Do all this in 3-5 sentences, and the world will be happy.
Lastly, discussion with leadership about ‘bits and bytes’ security risks is the quickest method for them to never ever desire any conversation with you again. Placing the PIRs into business language with the proper input from all key business units within the organization.