The Intelligence and National Security Alliance, a not-for-profit security policy group, has released a new report titled Cyber Intelligence: Setting the Landscape for an Emerging Discipline.
The report is meant to spur more debate and discussion on what will become a dominant field within the security realm, that of Cyber Intelligence. Exactly what parameters the term "cyber intelligence" covers is what the researchers at INSA are seeking to establish.
"We are not quite ready to propose a definitive definition... At this point, we are talking about threats that can originate anonymously within this cyber domain with potentially enormous consequences: physical destruction to economic chaos. The people who monitor and respond to these threats are a unique coalition of the willing from government, industry and academia, as well as foreign partners," said Chuck Alsup, INSA's vice president of policy.
The report states that the development of the Cyber Intelligence field will require outlining a particular skillset that encompasses many of the tenets of IT security, but which also includes a more proactive threat management strategy than currently exists within the reactive security industry.
"Such a discipline will also demand discussion of the unique training, education, skill sets and tradecraft that will be required to successfully conduct meaningful collection and analysis in the cyber domain. These and related topics, such as the role of cyber intelligence in other aspects of cyber operations and who is best suited to develop this discipline, will be the subject of further discussion."
INSA's executive summary from the report states in part:
Evolving information systems technology has turned the cyber arena into a multi-dimensional attack space that extends the conventional landscape to a virtual domain where key economic and national security assets are exposed to significant threats.
Individual, commercial, national, and international activities interact in this domain, increasing the space for offensive and defensive operations. Cyberspace is a haven for a broad range of disruptive operations, including reconnaissance, theft, sabotage, and espionage. It serves as an environment that allows threats to target hardware, software, financial assets, intellectual property, and individual identities.
The Cyber Threat Dynamic can be broken into three components:
• The Cyberspace Environment
• The Cyber Threat
• The Convergence of the Effects of the Cyberspace
This paper assesses the cyber threat dynamic, economic costs of cyber attacks and security, as well as the current US approach to cyber intelligence. Based on these assessments, we believe further discussion on the following topics across industry, academia and government would be a prudent investment in the future security and reliability of the increasingly important cyber domain. These topics include the need to:
1. Systematically define and establish effective cyber intelligence approaches, enduring professions, and needed skill-sets/training/education and technologies
2. Enable the creation of cyber intelligence related policies, approaches, and pilot efforts across industry, academia/non-profits, and government that provide unclassified situational awareness, indications, warning data, analytics, and 24/7 unclassified and classified (as appropriate) reporting to government agencies, trusted industry, and global partners. The Cyber Council believes these pilot efforts are the most relevant value–added recommendations for setting the landscape for cyber intelligence provided by this paper.
3. Establish public-private partnership cyber outreach forums that address these issues/concerns in a comprehensive, practical, and executable fashion
4. Build a meaningful virtual partnership among all relevant agencies and the private sector to ensure seamless sharing of threat information, timely analytical judgments, and reasoned, measured responses to clear threats
The entire INSA report is available in PDF here: