Fortune Favors the Prepared · Intelligence Series
The Architecture of Intelligence: How the Modern Surveillance World Was Built
Intelligence Articles series: 8 parts · Access: Parts 1–3 open · Parts 4–8 Patreon members · Status: Series complete
About This Series
The world is watched. Every phone call that crosses a border, every ship that moves through a contested strait, every missile test, every construction project at a sensitive facility — observed, intercepted, recorded, and analyzed by a system built across eight decades and still expanding. This series explains how that system was built: beginning with a two-person organization in a London office in 1909, accelerating through the Second World War, the Cold War, and the 9/11 restructuring, and arriving at the AI-assisted, commercially-augmented, proliferated-constellation architecture operating today. Each article explains not just what a component is but why it was built, what problem it solved, and what it means for anyone operating in the world it shapes.
Intelligence Articles series map — 8 articles tracing the intelligence community from 1909 to the present.
Intelligence Articles Series — 8 Articles
MI5, MI6, Bletchley Park & Camp X: The British Wartime Spy Nexus Published
The 1909 founding of MI5 and MI6, the Government Code & Cypher School at Bletchley Park, the Special Operations Executive, British Security Coordination, and the spy school at Camp X — and how this network seeded the American intelligence community that emerged in 1947. ~14 min read.
America’s Secret Eyes: How the U.S. Built the World’s Most Powerful Surveillance System Published
From the CORONA film-return satellites of 1960 to the KH-11 digital breakthrough of 1976, the NRO/NSA institutional architecture, and the modern proliferated constellation. Why the system that exists today has been flying continuously for nearly 50 years. ~12 min read.
The Five Eyes Satellite Intelligence Network Published
How the United States, United Kingdom, Canada, Australia, and New Zealand coordinate a layered space-based collection architecture — SIGINT, IMINT, SAR, naval surveillance — through facilities including Pine Gap and Menwith Hill. ~18 min read.
The UKUSA Agreement: How Five Eyes Actually Works Published Patreon
The 1946 BRUSA/UKUSA Agreement, how the alliance expanded from two nations to five, the geographic division of collection responsibilities, ECHELON, the Snowden revelations, and what the architecture means operationally. ~15 min read.
Founding the Watchers: CIA, NSA, NRO and the 1947 Architecture Published Patreon
How the National Security Act of 1947 created the CIA in public, how classified presidential directives created the NSA in 1952 and the NRO in 1960, how the three agencies divide the collection mission, and how the IC that grew around them is organized today. ~15 min read.
Counterintelligence: The Defensive Game Published Patreon
How US counterintelligence is organized, the major penetration cases — Ames, Hanssen, Pollard, Montes — and what each revealed about structural vulnerabilities, the MICE recruitment framework, the current threat from Russia and China, and what the principles mean for organizational and personal security. ~15 min read.
The Post-9/11 Rebuild: DNI, Fusion Centers, and Information Sharing Published Patreon
The three layered failures that made 9/11 possible, the Intelligence Reform and Terrorism Prevention Act of 2004, the creation of the DNI and NCTC, the Department of Homeland Security, the 79-center fusion center network, and what the rebuild means for emergency management practitioners. ~15 min read.
The Commercial Layer: Private Intelligence in the Modern Era Published Patreon
How commercial satellite imagery, OSINT platforms, data brokers, and private intelligence firms created a parallel intelligence architecture outside the IC — what it can do that the IC cannot, what it cannot do, the government-commercial revolving door, and what it means for operational security. ~16 min read.
Series Complete
All 8 articles are published. Parts 4–8 are available to Patreon members, along with the full FFTP intelligence product suite — Daily Threat Report, DTR Lite, Daily Preparedness Brief, and Area-Specific Assessment Reports.
Access on PatreonIntelligence in Practice: How Fortune Favors the Prepared Applies These Principles
The eight articles in this series describe how intelligence is collected, shared, protected, and exploited at the national and commercial level. Fortune Favors the Prepared doesn’t just write about that architecture — it operates within it, applying the same collection, analysis, and dissemination cycle to a practitioner-focused intelligence mission that runs every day.
The FFTP intelligence operation produces three standing products: the Daily Threat Report (DTR Full), a professional-grade all-source threat assessment covering 18 critical infrastructure sectors; the DTR Lite, a condensed version optimized for rapid situational awareness; and the Daily Preparedness Brief (DPB), a household-facing operational digest. All three products are built on a common analytical architecture grounded in the same intelligence cycle — planning, collection, processing, analysis, dissemination — described in Part 5 of this series.
| IC Concept | FFTP Application |
|---|---|
| Collection discipline (OSINT) | 629-source registry spanning government alerts, academic research, international news, CISA advisories, NWS products, and open-source threat feeds — organized by sector and updated daily. See the Source Registry for the full catalog. |
| Source grading and reliability | Each source in the registry is tiered — 367 T1 authoritative sources, 253 T2 professional and trade sources, and 9 T3 aggregators — and categorized by type, reliability, and sector coverage — the same source-grading discipline the IC applies to HUMINT and SIGINT reporting |
| Estimative language (ICD 203) | All DTR analytical judgments use the IC’s standard estimative scale — “almost certainly,” “likely,” “possibly” — with explicit confidence levels rather than unqualified assertions |
| Alternative hypothesis consideration | FLASH entries in the DTR carry structured alternative hypothesis objects — competing explanations for observed events, explicitly weighed against the primary assessment |
| Indications and Warning (I&W) | The DTR Sector I&W Matrix tracks decision-trigger events across 18 CI sectors — the same structured warning function that national-level I&W systems perform for policymakers |
| Condition status reporting | The DTR SEC 11 Sector Impact Matrix tracks seven conditions — DEFCON, COGCON, FPCON, CYBERCON, COMCON, WX-CON, SWX-CON — providing the same multi-domain status picture that the IC’s readiness reporting provides to commanders |
| BLUF and finished intelligence format | Every DTR product leads with a boxed BLUF — the IC’s standard “Bottom Line Up Front” — before the analytical body, ensuring the most critical assessment reaches the reader regardless of reading depth |
The Watch Desk
The FFTP Watch Desk is the automated collection and monitoring platform that feeds the daily production cycle. Running against the source registry, it performs continuous sweeps across 18 CISA critical infrastructure sectors, producing a structured intake that analysts review and synthesize into finished products. The Watch Desk incorporates the same sector segmentation used by DHS and CISA — Energy, Water, Communications, Transportation, Healthcare, Financial Services, and twelve others — ensuring that coverage gaps are visible before the production cycle closes rather than after.
The Watch Desk supports Focus Mode presets for targeted sector monitoring, Geographic Scope filtering for area-specific situational awareness, and a read-only embed mode for partner organizations. It is the operational expression of the OSINT collection architecture described in Part 8 of this series — a structured, repeatable collection system applied to a specific analytical mission rather than a general news aggregator.
The Area-Specific Assessment Report (ASAR)
For practitioners who need intelligence tailored to a specific operational area rather than national-level threat reporting, the FFTP Area-Specific Assessment Report (ASAR) provides custom threat and hazard analysis at 50-, 100-, and 300-mile radius tiers. The ASAR applies the same collection and analytical methodology as the DTR but focused on the threats, infrastructure dependencies, and hazard environment specific to the subscriber’s area of concern. This is the same geographic scoping principle that governs how fusion centers divide collection responsibility — applied at the individual practitioner level.
The supporting reference pages that document the production methodology in full: Analytical Standards (ICD 203 estimative language, FLASH designation, production rules), Source Registry (current source catalog by sector, tier, and type), and Acronyms (terminology reference for all FFTP products). The full methodology is explained at How We Watch: The FFTP Intelligence Collection and Production System.
Why This Matters
The FFTP intelligence operation is entirely open-source — every source in the registry is publicly accessible, no classified reporting, no restricted feeds. What separates it from reading the news is the discipline applied to the collection: a structured 629-source registry organized by sector, a defined production cycle that runs the same way every day, IC-standard estimative language applied to every analytical judgment, and a finished intelligence format built for practitioners rather than general audiences. The intelligence tradecraft described in this series is not restricted to cleared professionals. It is a methodology — and methodology is what the FFTP products apply to open-source collection to produce finished intelligence from publicly available information.
FFTP Intelligence Products
DTR Full
Daily all-source threat assessment · 18 CI sectors · ICD 203 estimative standards · I&W matrix
DTR Lite
Condensed daily brief · Critical FLASH items · Rapid situational awareness format
ASAR
Area-specific threat assessment · 50 / 100 / 300-mile tiers · Custom to your operational area
Learn how the products are built: How We Watch: The FFTP Intelligence Collection and Production System →