Cybersecurity is not cyber intelligence, and many organizations lack the people, time, and funding to build a cyber intelligence team. These are among the top findings in a report on cyber intelligence practices released in May by the Software Engineering Institute at Carnegie Mellon University. The SEI conducted the study on behalf of the U.S. Office of the Director of National Intelligence.
Cyber intelligence—acquiring, processing, analyzing and disseminating information that identifies, tracks, and predicts threats, risks and opportunities in the cyber domain to enhance decision making—is a rapidly changing field. The report provides a snapshot in time of best practices and biggest challenges, and three how-to guides provide practical steps for implementing cyber intelligence with artificial intelligence, the internet of things and public cyber threat frameworks.
Among the report’s chief findings:
“By understanding what’s working and what’s not working and looking at how to implement emerging technologies, we can help strengthen the practice of cyber intelligence across the country,” said Jared Ettinger, the lead author for the study.
Over the past 18 months, the SEI interviewed 32 organizations from a variety of sectors, asking a set of questions developed around the five components of the SEI’s Cyber Intelligence Framework. The team analyzed the responses to interview questions, noting more than 2,000 total practices reported by organizations. The team then grouped those practices by theme, and the resulting themes are reflected in the study report.
This study is a follow-up to the 2013 Cyber Intelligence Tradecraft Project, a previous study the SEI conducted on behalf of the ODNI. The 2013 study defined the early version of the SEI’s Cyber Intelligence Framework and provided a foundation for the team’s work on the most recent study.
“The state of practice of cyber intelligence is stronger than in 2013,” said Ettinger. “But it is not strong enough, and this report can provide a path forward.”
Download the full report.