Cybersecurity is not cyber intelligence, and many organizations lack the people, time, and funding to build a cyber intelligence team. These are among the top findings in a report on cyber intelligence practices released today by the Software Engineering Institute (SEI) at Carnegie Mellon University. The SEI conducted the study on behalf of the U.S. Office of the Director of National Intelligence (ODNI).
Cyber intelligence—acquiring, processing, analyzing, and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities in the cyber domain to enhance decision making—is a rapidly changing field. The report provides a snapshot in time of best practices and biggest challenges, and three how-to guides provide practical steps for implementing cyber intelligence with artificial intelligence, the internet of things, and public cyber threat frameworks.
Among the report’s chief findings:
- Definitions for cybersecurity and cyber intelligence vary widely and are often misunderstood as one and the same. This misunderstanding leads to confusion of effort and organizational vulnerability.
- Organizations have trouble identifying the location of confidential and intellectual property data due to information silos within the organization.
- Organizations should leverage NIST NICE SP 800-181 as a starting point to create a cyber intelligence team.
- The amount of data generated is increasing exponentially, so humans and machines need to team together to manage it.
- For threat analysis and cybersecurity tasks, security orchestration, automation, and response (SOAR) technologies can be a force multiplier for organizations with limited time and people drowning in repetitive manual tasks.
“By understanding what’s working and what’s not working and looking at how to implement emerging technologies, we can help strengthen the practice of cyber intelligence across the country,” said Jared Ettinger, the lead author for the study.
Over the past 18 months, the SEI interviewed 32 organizations from a variety of sectors, asking a set of questions developed around the five components of the SEI’s Cyber Intelligence Framework. The team analyzed the responses to interview questions, noting more than 2,000 total practices reported by organizations. The team then grouped those practices by theme, and the resulting themes are reflected in the study report.
This study is a follow-up to the 2013 Cyber Intelligence Tradecraft Project, a previous study the SEI conducted on behalf of the ODNI. The 2013 study defined the early version of the SEI’s Cyber Intelligence Framework and provided a foundation for the team’s work on the most recent study.
“The state of practice of cyber intelligence is stronger than in 2013,” said Ettinger. “But it is not strong enough, and this report can provide a path forward.”
SOURCE Carnegie Mellon Software Engineering Institute