Private v Public Sector: Which is Winning The Race for High Impact Intelligence?

Featured image © GCHQ/Crown Copyright

In posing this question, I’m not seeking to create division between the private and public sectors. Having worked in both, I’m very aware of their respective strengths and weaknesses. However, in the world in which we now find ourselves, flexibility, agility, imagination and scalability will be crucial in the collection, processing, understanding and exploitation of intelligence. The only way we in which we in the free world can compete against our adversaries, is through an effective collaboration between the private and public sector.

We need to recognise that the definition of “intelligence” and “impact” has changed from that used in the 20^th and early part of this century. Governments can only make sense of the new geopolitical reality by fully embracing the private sector – not seeing it as competition. Government agencies need to be more flexible about how they work.  It cannot just be through forcing the private sector to play by government rules, which are often too slow, cumbersome and bureaucratic. Ukraine has shown how an existential threat leading to a relaxing of the rules can create pace and innovation. An existential threat always tends to focus the mind, and we should be under no illusion. We do face such a threat.

Western government agencies need to move rapidly for two reasons: firstly, the private sector will outstrip them as AI and quantum computing level the intelligence gathering playing field; secondly, their (our) adversaries can and will adopt and absorb new technology, winning the future technological arms race, given an avowed intent to dominate and the fewer legal and societal obstacles to adoption.

What is the purpose of high impact intelligence?

What is the purpose of intelligence? Put simply, it’s to give insight to enable better decision making. A straightforward definition of intelligence is information, not readily available, which gives insight and informs action/reaction.

And the term “high impact” can be open to some interpretation. In the past, this might be a decision to go, or not go, to war; to spend billions of dollars (or not) on a particular weapons system; to carry out an action to disrupt or deter a terrorist group’s attempts to launch a mass casualty attack; or to identify the perpetrators of such an attack post incident.

Today, for many Western bureaucrats and officials, a frequently used measure is that of their political masters deciding on a course of action, based on intelligence received and analysed. For others, arguably a correct assessment of the consequence of the decision, is where the real impact occurs.

Currently, the consequences of disinformation and the role of hostile intelligence services in actively seeking to deceive an opponent using an ever-wider spectrum of technical and human tools, means that more collateral intelligence is needed to determine fact from fiction. In a more complex world, more collateral equals better understanding and thus less likelihood of being a victim of mis or disinformation.

Historically, intelligence would tend to focus on those areas opaque to decision makers. Intelligence efforts were directed into understanding the true intent of an enemy, or potential enemy; the location of ships or soldiers, their mission and the nature of their armaments; or the broader strategic questions of alliances and state objectives.

The complexity of the modern world, the interconnectedness of economies and technologies (which bring both opportunity and threat), the presence of vulnerable supply chains and fragile or exposed economies, mean that it is important to truly understand these environments and to know what is genuinely important. The spectrum for intelligence coverage is now wider, encompassing new aspects of economy and society which would not have been traditional hunting grounds for intelligence agencies.

And for business leader, innovators and politicians, advantage in the modern world requires speed of insight – across multiple sectors of business, innovation, research, economy, politics, military, society - backed up by data.

A quick look at history

In the 20^th century the cost of espionage (satellites, infrastructure, analysis) was huge, with expertise often confined to the public sector. Where the private sector could make money from intelligence work, it would have more likely been through acting as a contractor to government, rather than as a purveyor of intelligence.

Public sector agencies, reliant on state funding, had fewer financial limitations to carrying out espionage on behalf of their political masters. At times of geopolitical uncertainty, those agencies would have had access to millions of dollars to enable them to function in the wilderness of mirrors, with no competition, apart from their adversaries, and with some support from the private sector e.g. in development or production of specialist equipment.

The second half of the 20^th century was, in many respects, a simpler place. During the Cold War we largely knew friend from foe, and it was comparatively easy to focus state resources against the USSR or Warsaw Pact satellite states. During the 90s, there was an absence of state foes. Russia was virtually a failed state; China was largely seen as underdeveloped and inward focused.

What changed?

First and foremost, the world became significantly more complex, all the more so a through globalisation.

The collapse of the USSR; the growth of hostile non-state actors, such as terrorist or organised crime gangs; the interconnectedness of many of these actors across multiple geographies; the proliferation of nuclear weapons; and the move to a global multipolar system made the world more difficult to navigate. Government agencies, often static or cumbersome in their approach, were forced to become more agile. They often didn’t get it right: siloed thinking, poor organisation, competitive funding demands across departments, ineffective planning and weak execution hampered efficiency.

A second factor was the rate of technological change. We now have an environment where private organisations can engage, either directly or in a supporting role, in the collection, storage, processing, analysis and dissemination of intelligence for themselves, their private or government clients. Such companies are more agile and adept at absorbing and exploiting technology at pace. And they have money to move swiftly.

Thirdly, the idea of what constitutes intelligence and impact has changed. In the past, policymakers would have been dismissive of OSINT. Secret was sexy. OSINT was what one could see in the press or on Sky or CNN.

These days a private company, Strider Technologies for example, through intelligence-led acquisition of data can highlight hostile state activity targeting many of the organisations at the forefront of Western technological innovation and wealth creation. Such a capability existing in the private sector would have been unthinkable to a state intelligence agency only a few years ago.

Considering the problem now, how can an FBI, BfV, MI5 or CSIS suddenly get to grips with economic statecraft of the scale we face from the PRC? The second largest economy in the world has been able to co-opt a vast swathe of state and non-state organisations to acquire Western innovation and IP, including in areas of quantum, AI, defence technology, and novel power generation. A challenge of this magnitude is not within a single government agency’s competence – it requires operating across departmental boundaries with agility, flexibility and vision. That’s not a natural MO for most governments.

Some words on data

"There has been more data created in the past three years than there has been in the whole of history." (Blackstone)

That data can be collected, processed and analysed at pace to enhance understanding. Is there really a need for some of the “secret” intelligence of the past? Has the typical notion of scraps of intelligence collected by government spies had its day? Those Rumsfeldian creations of “unknown unknowns” are much less relevant than they were back in 2002. Nowadays, there is not so much that falls into the unknown unknowns category, or at least, that which cannot become “known” through targeted acquisition of the correct data.

When we talk about data, we’re not just talking about the obvious OS elements of data – there’s the material which is phished or hacked and sold on the dark web by and to unscrupulous actors – and probably some government agencies. Elements tied to the regimes of the DPRK, Russia and PRC engage in a range of data connected criminal activity. They see data and the operational outcomes it affords as a useful tool and a commercial commodity.

There is also the data which makes modern government function – particularly so with government digitisation programmes for health, defence, government procurement, education, social welfare and which is, if you know where to look, accessible and retrievable. As economies become more and more digitised, there is more and more data to acquire. The trick is to know what to get, how to get it and how to make sense of it.

Security intelligence to support defence of our economies and innovation.

There are multiple routes through which Western economies and national security can be attacked and compromised:

Private companies: Oil and gas, defence industries, financial, power generation, pharmaceuticals, and many more are all being compromised by a combination of technical attacks (state, non-state and hybrid) and human penetration (enabled, in some cases, by online cultivations). These kinds of operations can be both direct (an operation focused on the target company) and indirect (through a company in a supply chain of a target company).

Universities: Research departments and their spinouts are being compromised through a combination of direct penetration through technical and human means and indirectly. That enticing offer from a China-based tech company to financially support departmental research will almost certainly come with a hidden catch. The examples are legion, in the US, Canada, UK, EU, Australia and beyond.

Start-ups: Much like spinouts, some startups are vulnerable to their need for ready cash (which is a function of the government’s inability to invest early and provide regular orders to ensure adequate cash flow). A VC or fund offering finance should always be looked at carefully. The money goes in, the tech is developed, the money stops, the company goes bust because the people involved didn’t read the small print and recognise the Faustian pact. The same applies to business partnerships where IP is exposed.

Supply Chains: For governments, complex supply chains in defence are an easy vulnerability. Again, there are multiple examples of companies linked to hostile states providing kit and services (including software to our sensitive capabilities). Our data can highlight the links of some of these companies back to Beijing, Moscow, and Minsk. How is it the case they slip through the government net?  In some cases, it’s simply down to the complexity of the supply chain and lack of government data, rather than any advanced tradecraft on the part of an adversary.

So what?

• The threats which Western democracies, by virtue of their openness face, are more prevalent, diverse, opaque and complex than those we have faced before. The advent of mass social media, dis/mis information and the technologies which enable them mean that there are real threats in our homes, schools, academic and political institutions of which a 20^th century structured government system cannot hope to get the measure, let alone offer a comprehensive defence. Put simply, society and government need the private sector now, more than at any other time, to do those things which government agencies cannot do alone. This fact is now acknowledged by leaders in defence, intelligence and security. There are some positive signs of progress, as evidenced by the October 2023 and subsequent declarations by the heads of the security services of the Five Eyes alliance, highlighting the threat posed by China’s global economic espionage activity.  

• The battlefront is broad, and private companies and academic institutions are likely to prove both intended and collateral damage, as hostile states seek to acquire innovation and IP to advance their own economies and defence.
  ‍
• The Chinese government, through programs such as Made in China 2025, are focused on achieving dominance in key technologies. This is building advantage in strategic competition. Through our data acquisition and analytical capability, Strider (I remind you, a six-year-old tech startup) has been able to:
  ‍
  
  • Identify Chinese government activity, using a range of actors, including the United Front and Chinese professional associations, to pursue dominance in semi-conductors through acquisition of knowhow and companies in the West;
  • understand the nature of Chinese and Russian penetration of sensitive US government institutions working on nuclear technology;
  • identify individuals working for one of the largest chemical manufacturers in the world stealing IP on behalf of the PRC;
  • show how the PRC and Russia are cooperating in the Arctic to facilitate the development of the Northern Sea Route and build the infrastructure for energy exploration, processing and transportation.
  • and expose elements of a Chinese government programme to dominate quantum technology and acquire western IP through front organisations controlled by a PRC intelligence agency.

• The scale of these threats requires a whole of society response, which many governments in the West are not yet fully configured to deliver. Elements of the private sector are rising to the challenge. To quote one CEO of a business intelligence tech start up, “If governments were doing their job properly, we wouldn’t exist.”
  
  Many companies in the private sector recognise that they will not get the help they need from government agencies; the tangled web of bureaucracy and redactions of highly classified material often mean that it will be too late or too diluted to have the desired effect. And for universities, often there is a simple lack of funding to seek help from the private sector

• Private and public agencies working together is a “no fail” requirement for success. A piece published on March 19 2025 by The Economist, titled “Why British Spooks are reaching out to the private sector,” highlighted progress in the secret state embracing the start-up world, though recognised the significant cultural obstacles which remain. Since there are private companies operating at a scale and pace unthinkable in government – with some of the biggest firms, like Microsoft, Google, Amazon, and Palantir, having the money and reach of nation states – true cooperation is a necessity. This is now acknowledged in most Western governments – though there is insufficient acceptance of startups, due largely to structural issues. If the West is to compete, rather than running scared of “big tech,” we must develop a better way of working together to protect our systems, economies and values. The default of looking for more regulation or legislation won’t help. The opposition often doesn’t care about such things; we will simply be limiting our own ability to protect ourselves.  

• For governments, maintaining secrecy will become a real challenge. If we look at new technology, particularly quantum computing and AI, which will develop both encryption and decryption capabilities for both state and non-state entities, another question presents itself, what will “secret” mean in the near future?  
  
  The UK’s National Cyber Security Centre has issued urgent guidance to strengthen digital defences against future quantum computing threats, highlighting cryptographic services which will be vulnerable within three years.
  
  “Quantum computing is set to revolutionise technology, but it also poses significant risks to current encryption methods,” NCSC chief technical officer Ollie Whitehouse. March 2025

• The public sector edge. But what about good old fashioned “humint”?  Here is one area where the public sector has the lead – and rightly so. The long-term targeting, cultivation, recruitment and running of an agent in place, doesn’t easily lend itself to a private sector model, built on a yearly cycle of profit, loss and shareholder responsibility. It is unlikely that any serving SVR or GRU officer would volunteer his or her services to a private sector organisation and trust them to keep that agent relationship secret.  

Who then is winning the race for impactful intelligence?

This depends on how one chooses to measure impact. Traditional intelligence lacks essential capabilities to deliver at scale and at pace. The private sector has the edge in technological innovation, adoption and exploitation. A senior allied intelligence officer, when presented with this question, responded, “Do you really need to ask that? You know the private sector is well ahead!”

For the public sector agencies, there will be exquisite, highly specialised operations which only they can deliver, perhaps relying on a few extremely well-placed human sources or very niche technical operations, within the competence and permissions of a CIA, MI6, MOSSAD or DGSE.

However, the cumulative effect of the private sector to operate at speed and scale means that the days of traditional state led espionage are done. State agencies need to evolve rapidly to remain relevant. It truly is a case of “adapt or die.”

Rather than defining this issue as a competition between private and public sector perhaps we should focus on how we can bring both sides together in a more meaningful and trusting way.

And this should be the future model. Government agencies, concentrating on that which only they can or should do – recruiting human assets, hacking, intercepting communications, stealing state secrets – will undoubtedly be able to deliver high impact. And so will the private sector, by filling the void left by government and carrying out technological acquisition of targeted data at pace and at scale allowing both sectors make sense of it all.