Building an Effective Cyber Intel Program

Treadstone 71 LLC©

What is Cyber Intelligence?

The product resulting from the collection, evaluation, analysis, integration, and interpretation of all available cyber and internet information that concerns one or more aspects of adversaries or of areas of operation.

Immediately or potentially significant to planning, policies, decisions and courses of action.

Cyber = any process, program, or protocol relating to the use of the Internet or an intranet, automatic data processing or transmission, or telecommunication via the Internet or an intranet and any matter relating to, or involving the use of, computers or computer networks.

Cyber espionage (also spelled cyberespionage) involves the unauthorized probing to test a target computer’s configuration or evaluate its system defenses, or the unauthorized viewing and copying of data files.

Cyber espionage uses computer or related systems to collect intelligence or enable certain operations, whether in cyberspace or the real world.

Personality Types ISTJ

Decide logically what should be done and work toward it steadily, regardless of distractions. Take pleasure in making everything orderly and organized.

ISFJThorough, painstaking, and accurate. Strive to create an orderly and harmonious environment at work and at home.

INFJSeek meaning and connection in ideas, relationships, and material possessions. Want to understand what motivates people and are insightful about others.

INTJQuickly see patterns in external events and develop long-range explanatory perspectives. Skeptical and independent.

ISTPAnalyze what makes things work and readily get through large amounts of data to isolate the core of practical problems. Interested in cause and effect, organize facts using logical principles, value efficiency

ISFPLike to have their own space and to work within their own time frame. Dislike disagreements and conflicts, do not force their opinions or values on others.

INFPCurious, quick to see possibilities, can be catalysts for implementing ideas. Seek to understand people and to help them fulfill their potential.

INTPSeek to develop logical explanations. Have unusual ability to focus in depth to solve problems in their area of interest. Skeptical, sometimes critical, always analytical.

ESTPTheories and conceptual explanations bore them – want to act energetically to solve the problem. Learn best thru doing.

ESFPBring common sense & a realistic approach to their work, and make work fun. Learn best by trying a new skill with other people.

ENFPMake connections between events/information very quickly, and confidently proceed based on the patterns they see.

ENTPResourceful in solving new/challenging problems. Adept at generating conceptual possibilities and then analyzing them strategically. Good at reading other people. Bored by routine.

ESTJOrganize projects/people to get things done, focus on getting results most efficiently. Take care of routine details. Have a clear set of logical standards, systematically follow them

ESFJLike to work with others to complete tasks accurately and on time.

ENFJFind potential in everyone, want to help others fulfill their potential. Sociable, facilitate others in a group, and provide inspiring leadership.

ENTJQuickly see illogical and inefficient procedures and policies, develop and implement comprehensive systems to solve organizational problems. Enjoy long-term planning and goal setting. Usually well informed, well read, enjoy expanding their knowledge and passing it on to others. Forceful in presenting their ideas

Planning What issues need to be addressed? What information must be gathered? We begin by examining finished

intelligence from previous cycles, In this way, the end of one

intelligence cycle fuels another. What is leaderships priority

intelligence requirement?

This stage depends on guidance from leadership.

Leadership initiates calls for intelligence. Coordinate with government and private

groups. These needs then guide collection

strategies and allow us to produce the appropriate intelligence products.

It must be actionable Recommendations Opportunities

• Focus on leadership concerns• Avoid personal agendas• Communicate policy (leadership) - support

Timeliness. Intelligence must be available when leadership requires it. Late intelligence is as useless as no intelligence.

Collection - Gathering This stage covers the

acquisition of raw information. Information can be gathered

from open, covert, electronic, and satellite sources.

Reading newspapers and magazine articles, listening to radio, and watching television broadcasts are examples of “overt” (or open) sources for us. (there is much more)

We collect with technologies feeding logs and correlating data points into information.

We can create honeypots, nets, docs for attribution.

We can collect from social networks.

• Intellectual RigorAccuracy. To be accurate, intelligence must be objective. It must be free from any political or other constraint and must not be distorted by pressure to conform with the positions held by higher levels of leadership

Processing The collection stage of the intelligence process typically yields large

amounts of unfiltered data, which requires organization. Resources are devoted to the synthesis of this data into a form

intelligence analysts can use. Information filtering techniques include exploiting open source intel;

decoding messages and translating broadcasts; reducing logs to meaningful measures; integrating data from multiple sources; organizing for trends, patterns, tendencies; preparing information for computer processing; storage and retrieval; and placing human-source reports into a form and context to make them more

comprehensible

• Consider other judgments• Use outside experts

Usability. Intelligence must be tailored to the specific needs of leadership and provided in forms suitable for immediate comprehension.

Production Line? Analysis writing Reviewing Editing Publishing

… More like collecting and interpreting incoming data and constantly reassessing how new info reorganizes and interprets the new data

… Data sharing, hypotheses sharing, interpretations and questions amongst analysts and others This is where the real insightful cognition occurs

Cognition is a term referring to the mental processes involved

in gaining knowledge and comprehension, including

thinking, knowing, remembering, judging and problem-solving. These are higher-level functions of the

brain and encompass language, imagination, perception and

planning.

Completeness. Complete intelligence informs leadership of the possible courses of action that are available to the adversary. When justified by the available evidence, intelligence must forecast future adversary actions and intentions.

Analysis The fourth stage of the intelligence cycle involves converting basic information into

finished documentation. Integrating, evaluating, and analyzing all available data—which is often fragmented and even

contradictory and distilling it into the final intelligence products highlight information on topics of immediate importance or make long-range assessments.

Analysts, who are subject-matter specialists absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an

assigned field or substantive area, then forecast future trends or outcomes.

They integrate data into a coherent whole, put the evaluated information in context, and produce finished intelligence that includes assessments of events and judgments about the implications of the information.

• Collective responsibility for judgments• Candidly admit mistakes

Relevance. Intelligence must be relevant to the planning and execution

Analysis Finished Intelligence

Synthesized raw information

Collected from multiple sources

Interpreted the meaning of the info in the context of your leaderships concerns and needs

Dissemination When information has been reviewed, processed,

correlated, analyzed, peer reviewed, re-analyzed with data from other available sources, it is called finished intelligence

Disseminated directly to the same leadership whose initial needs generated the priority intelligence requirements.

Finished intelligence is Hand-carried to the organizational leadership on a daily

basis. Leadership then make decisions based on this

information. These decisions may lead to requests for further

examination, thus triggering the intelligence cycle again.

Timely – Accurate – Usable – Complete – RelevantRecommendations – Opportunities - Actionable

Five Categories of Finished Intel Current Intelligence

Addresses day-to-day events. Estimative Intelligence

Looks forward to assess potential developments that could affect organizational security. Warning Intelligence

Sounds an alarm or gives notice to leadership. It suggests urgency and implies the potential need to respond with policy action.

Research Intelligence Research supports both current and estimative intelligence and is divided into two

specialized subcategories: Basic intelligence

Primarily consists of the structured collection of technical, geographic, demographic, social, and political data on adversaries

Intelligence for operational support Tailored, focused, and rapidly produced intelligence for planners and operators

that incorporates all types of intelligence production-current, estimative, warning, research, and scientific and technical.

Scientific and Technical Intelligence Includes an examination of the technical development, characteristics, performance, and

capabilities of foreign

Inputs, Processes, and Outputs

Inputs, Processes, and Outputs

Summary Cyber Intel – Cyber Espionage – Unified and understood taxonomy Personality types to fit the roles and lifecycle Organizational structure based upon the process – the lifecycle Types of finished intel The flow Summary

jbardin@treadstone71.comwww.treadstone71.com888.714.0071