HUMINT,
SIGINT,
TECHINT, all concepts for gathering intelligence and supporting decision makers on emerging trends are invaluable by their own definitions, yet useless if not coordinated for achieving the ultimate objective. Cyberspace is so much more than a social phenomenon or the playground of countless pseudo personalities. Info-warriors and analysts are realizing that Cyberspace is becoming so disperse and versatile, that a seperate practice of Cyber Intelligence is necessary to proactively respond -- and always be a step ahead of developing new capabilities -- of
emerging players,
threats, and
tactics. Virtual situational awareness is as important to intelligence analysts, as it is important to security professionals wanting to remain competitive.
What's Cyber Intelligence, or Intelligence analysis for Internet security, can we model it, how long would the model survive before what used to static turns into a sneaky variable knowing its practices has been exposed? What would the ultimate goal of CYBERINT be? To map the bad neighborhoods and keep an eye on them, to profile the think-tanks and assess their capabilities, background motivations for possible recruitment? Or to
secure Cyberspace, no matter how megalomanic it may sound, or to basically acquire know-how to be used in future real-life or cyber conflicts?
Intelligence Analysis for Internet Security proposes an intelligence model for the development of an overall systems security model, here's an excerpt :
"
Obtaining prior knowledge of both threats and vulnerabilities – as well as sensitivity to possible opportunities to exploit the vulnerabilities - is essential. Intelligence analysis, of course, operates at different levels, ranging from the specific to the general, and from short-term incidents and operations to long term patterns and challenges. Each form or level of analysis is crucial, and complements and supplements the others. Nevertheless, it is important to distinguish them from one another and to be clear at which level the activities are taking place. It is also important to recognize that the most critical insights will be obtained from fusion efforts that combine these different levels. The several complementary levels of intelligence analysis are strategic analysis, tactical analysis and operational analysis. In practice, these categories shade into each other and are not always sharply differentiated, and differing definitions for these terms exist in the intelligence community. Nevertheless, they offer a useful framework within which intelligence tasks and requirements can initially be delineated."
A very informative and relevant research emphasizing on
strategic intelligence analysis,
tactical intelligence analysis,
operational intelligenec analysis, and how cyber intelligence intersects with traditional approaches.
What's the core of CYBERINT?- the maturing concept of
cyberterrorism,
propaganda and
communications online, thus huge amounts of data to be aggregated and analyzed
- an early warning system for new attack tools, their easy of use, availability, ability to be tracked down, and level of sophistication
- offensive CYBERINT is perhaps the most interesting and aggresive approach I consider fully realistic nowadays. Operational initiatives such as nation-wide pen testing, OS and IP space mapping for instant exploitation, segmented economic espionage attacks --
ip theft worms achieving efficiency -- passive google hacking and reconnaissance, tensions engineering, zero day vulnerabilities arms race
Outsourcing to
objective providers of intelligence and threats data should also be considered, but then again it's just a tiny portion of what can actually be achieved if a cross-functional team is acting upon a common goal - to be a step ahead of tomorrow's events, and pleasently going through threat analysis conducted year ago predicting and responding to them.
If you don't have enemies, it means you're living in a world of idleness, the more they are, the more important is what you're up to.
Related resources and posts:Information WarfareCyberterrorismIntelligenceBenefits of Open Source Intelligence - OSINT
The Cyber Storm exercise conducted in January "simulated a sophisticated cyber attack campaign through a series of scenarios directed at several critical infrastructure sectors. The intent of these scenarios was to highlight the interconnectedness of cyber systems with physical infrastructure and to exercise coordination and communication between the public and private sectors. Each scenario was developed with the assistance of industry experts and was executed in a closed and secure environment. Cyber Storm scenarios had three major adversarial objectives:
HUMINT