Cyber Intelligence Tradecraft Report by Carnegie Mellon University

A few days ago through my network of contacts, I found this report about Cyber Intelligence trade-craft and its evolution in the United States. This report is absolutely mind-blowing with its 176 pages of research on the evolution, challenges and best practices in the evolving field of Cyber Intelligence.

The recommended audience as defined by this report is :

  • Organizational Decision Makers
  • Cyber Intelligence Managers
  • Cyber Intelligence Analyst

I personally think that Cyber Analysts will not benefit as much as a decision maker or manager yet found it will be still useful to know some of the information contained in the report. If you are interested in Cyber Intelligence from an architectural level and how to embed it in the organization this is definitively one of the documents you need to read. I would also add one more group in the target audience, Cyber Consultants.

The report starts defining the Cyber Intelligence Framework:

Screen Shot 2019-05-26 at 11.16.51

Extracted from Cyber Intelligence Tradecraft Report The State of Cyber Intelligence Practices in the United States

and each section describes what are the important areas to consider, the challenges experienced by the organizations that were part of the research and a set of best practices to improve the tradecraft in that area.

Let’s see some of the topics discussed in some of these areas :

  • The traditional intelligence cycle is an acceptable way for organizations to approach cyber intelligence
  • The widening gap between technical and analytical expertise in Cyber Intelligence
  • Definition and architecture of a fusion center
  • Build Cyber Intelligence teams that have their own mission, purpose, roles, and responsibilities as defined by the CISO
  • Cyber Intelligence roles and skills alignment with your organization needs
  • Differences Between Tactical and Strategic analysts
  • Placement of your Cyber Intelligence efforts in your organization and how it affects its focus and performance contrary to the traditional placement next to cyber operations. Cyber Intelligence needs to be placed where it can influence strategic decision making
  • The need to align intelligence requirements and data sources in your organization
  • Difference between strategic and threat analysis
  • Capturing return on investment vs cost avoidance

Screen Shot 2019-05-26 at 11.31.43.png

Extracted from Cyber Intelligence Tradecraft Report The State of Cyber Intelligence Practices in the United States

I spent around 2 days reading the report with great interest and I found out that the document is the most advanced up to date document I have read on Cyber Intelligence trade-craft. The paper does not only describe the trade-craft but the architecture of this capability and where to place it and what to expect from it. So from your CISO to your Cyber Architect and Intelligence manager, this document is a must read. The research puts special emphasis on discussing the strategic placement, results, architecture, and implementation of the function so it suits the risks functions of your organization in contrast to the origins of the discipline within the cyber security operations field thus making cyber intelligence an integral part of your organization’s cyber risk management.

You can find the report here.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s