The Need for Cyber Intelligence


The Need for Cyber Intelligence

“Business intelligence (BI) leverages software and services to transform data into actionable intelligence that informs an organization’s strategic and tactical business decisions.” –

In this part, you will learn about the necessity of transforming data into actionable intelligence. You will also learn about cyber intelligence In this content, we will review:

The need for cyber intelligence

The application of intelligence in the military

We will take a look at how intelligence has been used in the military and how the military incorporates intelligence to plan for missions. We will review high level concepts of maneuver warfare and use these as a new approach to understanding how to utilize information, so we can remove uncertainty and be proactive against threats to our environment.

Need for cyber intelligence

Are we using the data from our security software and services to transform the data into actionable intelligence that informs an organization’s strategic and tactical business decisions?

In a recent SANS survey, phishing (72%), spyware (50%), ransomware (49%), and Trojans (47%) are the threats most seen by respondents’ organizations in 2017. Organizations are being attacked daily by numerous threats. Alert fatigue is developing from the overwhelming amount of data to sort through and understand where to start remediating. There are many tools to discover vulnerabilities and potential threat vectors. In our world, sorting through this information is a challenge as there are always competing interests within the information security organization and the business. Leaders must strike the right balance of security and operations, as well as risk and compliance. From textbooks, we’ve been taught that in security we should identify, contain, and eradicate vulnerabilities on the network so that we reduce the risk of being compromised. We’ve been led to believe that security will save the company from the bad guys and that we will be given the power to do that. However, the reality is much more complex, with chief information security officer (CISO) and managers balancing budgets, engineers trying to get change requests approved, lack of human resources due to burn out or availability, dealing with vendors, company culture, world culture, and organization processes hindering our ability to respond to these threats that can cause a considerable risk to the organization and its information. Uncertainty, fog of war, and friction are a part of life as a security professional.

The questions that come to mind are as follows:

How do we reduce this uncertainty?

What is the priority?

How do we focus our efforts?

How do we provide actionable information so that I can get my stakeholders on


How do I train my team?

Where do we begin to remediate? Can I even remediate?

The threat landscape is always changing. Every day we hear of a new group of hackers that are targeting systems that are vulnerable to X and Y. There are reports of nation-state cyber espionage attempts on the national media. The scary thing is that there may be an attack happening and no one has caught on. There seems to be general paranoia about who will be next and if that day comes, I hope it isn’t me. This book is meant to help executives and analysts understand their role in raising the bar, from effective communication of the state of their security, to gathering information about their environment. How we address this is by building a cyber intelligence capability that provides accurate information about the exploitation potential of vulnerabilities that exist within the environment by known adversaries, resulting in appropriate measures taken to reduce the risk to organizational property.

The application of intelligence in the military

“Intelligence is the ability to gain knowledge or a skill.”

Cyber threat intelligence is an analysis of an adversary’s intent, opportunity, and capability to do harm. This is a discipline within information security that requires a specific skill set and tools used by threat intelligence analysts. Cyber intelligence is the ability to gain knowledge about an enterprise and its existing conditions and capabilities in order to determine the possible actions of an adversary when exploiting inherit critical vulnerabilities. It uses multiple information security disciplines (threat intelligence, vulnerability management, security configuration management, incident response, and so on) and tool sets to gather information about the network through monitoring and reporting to allow decision makers at all levels to prioritize risk mitigation. Over the past few years, we’ve seen a list of new certifications focusing on penetration

testing and ethical hacking. These skills are perfect for the personnel on the ground looking for vulnerabilities within organizations using tools and methods that a malicious actor would use. There are so many tools that provide the ability to look, find, monitor, and report on their environment. How do we apply those same concepts to the architecture of an enterprise? How do we think like an attacker and build the capability within our architectures with the capability to mitigate and/or reduce the risk? The goal of the following few sections is to create a proactive defense mindset and lay the foundation for building a cyber intelligence capability architecture in your organization.

Intel stories in history

“Intelligence drives operations”

Gen A.M. Gray 29th Commandant of the United States Marine Corps

Having the capability to gather information on an adversary has been in practice in the art of warfare for centuries. The importance of using intelligence helps guide military commanders’ decision-making for future operations. Military organizations have sections dedicated to operating their intelligence capability. In order to understand how to apply intelligence in our security operations, we should have an understanding of what intelligence is and how it has been used in military history.

The American Revolutionary War

“Washington did not really outfight the British. He simply out-spied us.”

British intelligence officer

In order to combat an intimidating and larger British force, General George Washington needed to do something to even the playing field. The odds were against the fledgling American army as they were understaffed, under trained, and had little to no budget. The answer to this problem was espionage. The Americans needed to know about their adversary’s actions in order for them to win the Revolutionary War. Washington needed patriots who were close to the British at all levels of society. So he employed ordinary people, such as farmers, tailors, housemaids, and other patriots to build spy rings. Additionally, he turned British spies into double agents. The Americans had established multiple networks of agents passing information between the lines, informing Washington of the whereabouts of the British and what their next plans were. As mail was intercepted, General Washington proposed to, “…contrive a means of opening them without breaking the seals, take copies of the contents, and then let them go on. By these means we should become masters of the whole plot.” The intelligence that was gathered was used to conduct a massive man-in-the-middle / deception operation, actively changing the narrative, causing confusion, and disrupting communications for the British.

Napoleon’s use of intelligence

Anyone who has opened a history book has heard of Napoleon Bonaparte. As a military leader, he led multiple campaigns during the French Revolutionary Wars and went on to lead France against other nations during the Napoleonic Wars. His military innovations in military tactics at the time are now studied by many military organizations and he is known to many as one of the greatest commanders in history. What was Napoleon’s take on the importance of intelligence? A study of The Jena Campaign of 1805 by Jay Luvaas stated that Napoleon directed intelligence gathering and actions, as follows:

“To reconnoiter accurately defiles and fords of every description. To provide guides that may be depended on. To interrogate the cure and postmaster. To establish rapidly a good understanding with the inhabitants. To send out spies. To intercept public and private letters. To translate and analyze their contents. In a word, to be able to answer every question of the general-in-chief when he arrives at the head of the army. A general should neglect no means of gaining information of the enemy’s movements, and, for this purpose, should make use of reconnaissance, spies, bodies of light troops commanded by capable officers, signals, and questioning deserters and prisoners.” Napoleon had an understanding that intelligence is multi-faceted and was not limited to understanding the strengths and weaknesses of the opponent. He wanted to use the information gathered about the land to find the best place to move his army, to have the advantage and know where to avoid. His officers didn’t send out spies arbitrarily to any town to gather information, they sent them to strategic areas of interest.