Cyber Intelligence Report Outlines Best Practices and Biggest Challenges

May 23, 2019

SC Pressroom Cybersecurity's leading news distribution network

PITTSBURGH, -- Cybersecurity is not cyber intelligence, and many organizations lack the people, time, and funding to build a cyber intelligence team. These are among the top findings in a report on cyber intelligence practices released today by the Software Engineering Institute (SEI) at Carnegie Mellon University. The SEI conducted the study on behalf of the U.S. Office of the Director of National Intelligence (ODNI).

Cyber intelligence—acquiring, processing, analyzing, and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities in the cyber domain to enhance decision making—is a rapidly changing field. The report provides a snapshot in time of best practices and biggest challenges, and three how-to guides provide practical steps for implementing cyber intelligence with artificial intelligence, the internet of things, and public cyber threat frameworks.

Among the report's chief findings:

  • Definitions for cybersecurity and cyber intelligence vary widely and are often misunderstood as one and the same. This misunderstanding leads to confusion of effort and organizational vulnerability.
  • Organizations have trouble identifying the location of confidential and intellectual property data due to information silos within the organization.
  • Organizations should leverage NIST NICE SP 800-181 as a starting point to create a cyber intelligence team.
  • The amount of data generated is increasing exponentially, so humans and machines need to team together to manage it.
  • For threat analysis and cybersecurity tasks, security orchestration, automation, and response (SOAR) technologies can be a force multiplier for organizations with limited time and people drowning in repetitive manual tasks.

"By understanding what's working and what's not working and looking at how to implement emerging technologies, we can help strengthen the practice of cyber intelligence across the country," said Jared Ettinger, the lead author for the study. 

Over the past 18 months, the SEI interviewed 32 organizations from a variety of sectors, asking a set of questions developed around the five components of the SEI's Cyber Intelligence Framework. The team analyzed the responses to interview questions, noting more than 2,000 total practices reported by organizations. The team then grouped those practices by theme, and the resulting themes are reflected in the study report. 

This study is a follow-up to the 2013 Cyber Intelligence Tradecraft Project, a previous study the SEI conducted on behalf of the ODNI. The 2013 study defined the early version of the SEI's Cyber Intelligence Framework and provided a foundation for the team's work on the most recent study.

"The state of practice of cyber intelligence is stronger than in 2013," said Ettinger. "But it is not strong enough, and this report can provide a path forward." 
Download the full report at https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=546578.

About the Carnegie Mellon University Software Engineering Institute
The Software Engineering Institute (SEI) is a federally funded research and development center sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI works with organizations to make measurable improvements in their software engineering capabilities by providing technical leadership to advance the practice of software engineering. The CERT Division of the SEI is the world's leading trusted authority dedicated to improving the security and resilience of computer systems and networks and a national asset in the field of cybersecurity. For more information, visit the SEI website at http://www.sei.cmu.edu.


Tags: United States, English