Speakers
Synopsis
There seems to be consensus that intelligence is critical to the success of cyber security. There is a great deal of work that has been done on cyber-threat intelligence. But the scope of intelligence that is relevant to cyber security is much greater than cyber-threat intelligence, and even in the area of cyber-intelligence, there is not much work on the intricacies of integrating intelligence into the broader security posture.
What makes the question of integrating intelligence into the cyber security process all the more critical is the common observation in intelligence studies that catastrophic intelligence failures are rarely if ever failures of collection. Rather, catastrophes come from the fraught relationships between intelligence analysts and their customers. In other words, it is the relationship between intelligence analysis and decision making that makes or breaks an intelligence-led approach to security.
In its essence, intelligence is about reducing uncertainty. Intelligence seeks to give decision makers with decision advantage by providing them with situational awareness and situational understanding – both insight and foresight. Experience across different domains of national security shows that intelligence is most effective not in the one-off golden piece of decisive information, but rather in “educating” decision makers over time in the complexities of their areas of responsibilities.
Probably the most important dilemma in integrating intelligence into cyber security is identifying the appropriate customer, and defining the scope of the intelligence analysis that is relevant to that customer.
The customer is the ultimate decision maker for which intelligence is created. Effective intelligence is tailored for a specific decision maker and must typically be timely, relevant and actionable.
Therefore, effective intelligence support requires the identification of the effective decision makers at all levels – from strategic through operational to tactical – and the establishment of an ongoing pattern of intelligence support at an appropriate time. Furthermore, customers must be made proficient in the appropriate use of intelligence. An ideal customer understands the different genres of intelligence products, can easily understand the estimative language that is involved in intelligence estimates, can critically evaluate the intelligence base of the material, and can effectively communicate their requirements to intelligence professionals. An ideal customer can also provide effective feedback to intelligence producers and help develop the relationship into an effective one. In reality, the relationship between customers and intelligence support is usually not ideal.
In what follows we discuss one area of cyber security and the difficulties that might hinder the appropriate integration of intelligence into security practice. While specific to one area of cyber security, the underlying difficulties are similar across other areas of cyber security.
