how to build a cyberintelligence capability
DESCRIPTION
How to build a cyberintelligence capabilityTRANSCRIPT
Session ID:
Session Classification:
Stewart Kenton Bertram
Cyber Recon Manager: Verisign / iDefense
How to Build a Cyber Intelligence Capability
STAR-308
Intermediate
Content taken from iDefense White Paper
“Establishing a Formal Intelligence Program”
Stewart Kenton Bertram June 2011
Talk Contents
Objective
Share some thoughts on what a good model for a cyber intelligence team should look like in the private sector
Lessons learnt over the past years
3
Talk Contents
Objective
Share some thoughts on what a good model for a cyber intelligence team should look like in the private sector
Lessons learnt over the past years
Contents
1.The socio-technical approach to intelligence team design
2.The growth of the influence of the intelligence team within the wider business context
3.Some points to consider – legal and reporting points
4
What is a Socio-technical system?
“an approach to complex organizational work design that recognizes the interaction between people, information and technology in workplaces”
5
People
Technology Information
People
Technology Information
Capability
People
Technology Information
Capability
“Who should staff this theoretical team them?”
9
Computer
Science Folk
Computer
Science Folk
Former
Military
Computer
Science Folk
Former
Military
Social
Science
Computer
Science Folk
Former
Military
Social
Science
15
Counter Insurgency (COIN)
•Battle for hearts and minds
•Human Terrain Analysis
Computer
Science Folk
Former
Military
Social
Science
Computer
Science Folk
Former
Military
Social
Science
29
30 How many possible connections can be made within this
group?
31
Clustering Coefficient
N * (N - 1) / 2
25 * (25 - 1) / 2 = 300
However…consider this
John P. Reed
the utility of large networks, particularly social networks, can scale exponentially with the size of the network.
33
33 Million possible combinations!!!!!!!!!
People
Technology Information
Capability
People
Technology Information
Capability
42
43
Levels of Intelligence product
44
Levels of Intelligence product
Critical Intelligence
“Mr President the missiles are in flight!”
45
Levels of Intelligence product
Critical Intelligence
Significant Intelligence
“Iran may be developing a nuclear
weapons capability ”
46
Levels of Intelligence product
Critical Intelligence
Significant Intelligence
Contextual Intelligence
“Country X’s long term political goals
could bring us into conflict with them in
the next 20 years”
47
Levels of Intelligence product
Critical Intelligence
Significant Intelligence
Contextual Intelligence Intelligence Product
48
Change In Behavior Within The Decision Maker
Critical Intelligence
Significant Intelligence
Contextual Intelligence Intelligence Product
49
Direct Levels of Intelligence Team Effort
Intelligence Product
Behavioral Influence Team Effort
50
Technical Automaton VS Human Talent
Intelligence Product
Behavioral Influence
Trade Craft and Talent
Team Effort
Structures , Procedures
and technology
People
Technology Information
Capability
Data
Information
Intelligence
Data
Information
Intelligence
Data
Information
Intelligence
Collection Collection
Data
Information
Intelligence
Analysis
Collection Collection
Data
Information
Intelligence
Analysis
Collection Collection
Dissemination
Data
Information
Intelligence
Analysis
Collection Collection
Dissemination
Data
Information
Intelligence
Analysis
Collection Collection
Dissemination
Risk: Strategic Surprise!
Data
Information
Intelligence
Analysis
Collection Collection
Dissemination
The Up The Pyramid Principle
Data
Information
Intelligence
Analysis
Collection Collection
Dissemination
People
Technology Information
“Why are we even discussing an intelligence capability in the first place?”
62
“Why are we even discussing an intelligence capability in the first place?”
63
“Why are we even discussing an intelligence capability in the first place?”
64
“Why are we even discussing an intelligence capability in the first place?”
“Is Cyber Threat posing a greater threat than it was 10 years ago?”
65
“Why are we even discussing an intelligence capability in the first place?”
“Is Cyber Threat posing a greater threat than it was 10 years ago?”
66
Contextual Change
“Why are we even discussing an intelligence capability in the first place?”
“Is Cyber Threat posing a greater threat than it was 10 years ago?”
YES
67
“Why are we even discussing an intelligence capability in the first place?”
“Is Cyber Threat posing a greater threat than it was 10 years ago?”
YES
BUT
68
“Why are we even discussing an intelligence capability in the first place?”
“Is Cyber Threat posing a greater threat than it was 10 years ago?”
YES
BUT
Due to the contextual change of the importance of cyber space to Western Society
69
Effect on the intelligence team within the wider business context
Effect on the intelligence team within the wider business context
A Corps – Circa 1990
Effect on the intelligence team within the wider business context
A Corps – Circa 1990
Sales
HR
Marketing
PR
Risk
IT
Physical Security
Effect on the intelligence team within the wider business context
73
A Corps – Circa 1990
Sales
HR
Marketing
PR
Risk
IT
Physical Security
Intelligence Team
Effect on the intelligence team within the wider business context
74
A Corps – Circa 2012
Sales
HR
Marketing
PR
Risk
IT Physical Security
Intelligence Team
Talk Contents
Objective
Share some thoughts on what a good model for a cyber intelligence team should look like in the private sector
Lessons learnt over the past years
Contents
1.The socio-technical approach to intelligence team design
2.The growth of the influence of the intelligence team within the wider business context
3.Some points to consider – legal and reporting points
75
Talk Contents
Objective
Share some thoughts on what a good model for a cyber intelligence team should look like in the private sector
Lessons learnt over the past years
Contents
1.The sociotechnical approach to intelligence team design
2.The growth of the influence of the intelligence team within the wider business context
3.Some points to consider – legal and reporting points
76
https://www.facebook.com/muslimdefenceleague
• Social Media Intelligence
“SOCMINT”
• “SOCMINT is not yet
capable of making a
decisive contribution to
public security and
safety.”
• “SOCMINT does not fit
easily into the existing
systems we have
developed to ensure
intelligence collected can
be confidently acted on.”
• Social Media Intelligence
“SOCMINT”
• “SOCMINT is not yet
capable of making a
decisive contribution to
public security and
safety.”
• “SOCMINT does not fit
easily into the existing
systems we have
developed to ensure
intelligence collected can
be confidently acted on.”
• “SOCMINT does not fit
easily into the existing
systems we have
developed to ensure
intelligence collected can
be confidently acted on.”
• “SOCMINT does not fit
easily into the existing
systems we have
developed to ensure
intelligence collected can
be confidently acted on.”
Legal
Reporting
Public Place?
Private Place?
Something Else? Expectation of privacy?
1st Question 2nd Question
• “SOCMINT does not fit
easily into the existing
systems we have
developed to ensure
intelligence collected can
be confidently acted on.”
Legal
Reporting
Some Thoughts on SOCMINT
SOCMINT is a combination of two intelligence disciplines
Signals Intelligence (SIGINT): the communication element of the medium
Human Intelligence (HUMINT): the message element of the medium
The 5 x 5 x 5 intelligence grading system is ideal for SOCMINT reporting
SO WHAT?: If done write then OSINT based intelligence can have a far greater penetration rate within an organization than other closed sources of inelligence
5x5x5 according to the NIM
5x5x5 according to the NIM
5x5x5 according to the NIM
5x5x5 according to the NIM
5x5x5 according to the NIM
5x5 example
1/ A 2/ B 3/ C 4/ D 5/ E
Intel Evaluation
Source Evaluation
Grade: Not know to the source but externally corroborated, Unreliable
Some concluding though on Open Source Intelligence
OSINT Is not for the “new guy”
Established models of best practice in other intelligence disciplines
99
Final concluding point on developing a cyber intelligence capability
100
Final concluding point on developing a cyber intelligence capability
“If today is the information age then tomorrow will be the intelligence age”
101
Questions?