Analysts consider best practice for cyber-threat research
The ubiquity of digital communications is expanding the range of analyst roles that require research into cyber threats. Jane's Intelligence Reviewexamines the best practice for conducting this research and providing assessments for decision-makers.
This is an extract from an article that appeared in Jane's Intelligence Review.
- Analysts examining cyber threats are required to work with sources that are at risk of manipulation through deliberate disinformation campaigns, or which are potentially malicious to view or interact with.
- The increasing sophistication of state-based or -backed cyber adversaries applying intelligence tradecraft has created additional challenges for analysts conducting research and producing analysis on cyber threats.
- Best practice for analysts would include practising sound operational security, establishing 'ground truth' in digital evidence and verifying sources, and working with an in-depth understanding of the requirements of the customers using their analyses.
Analysts at private organisations and public agencies are increasingly tasked with researching cyber threats. As the range of missions that include cyber threats has broadened, so has the range of potential sources considered useful for collecting intelligence.
For example, affiliates of terrorist groups such as Al-Qaeda and the Islamic State have run virtual recruitment campaigns and distributed media such as training videos across social networks such as Facebook, Twitter, and YouTube. An analyst tasked with covering threats from transnational terrorist groups such as these would therefore increasingly be required to research the online activity of these groups.
Similarly, military analysts are now considering the same open-source social media platforms used by terrorists for the distribution of material and recruitment as sources of targeting intelligence. Speaking in 2015, retired United States Air Force General Herbert Carlisle, then head of Air Combat Command, described how "... a post on social media [led] to bombs on target in less than 24 hours". For analysts looking at cyber threats, examples such as this serve to underline the importance of verifying sources and clearly delineating the levels of confidence around their assessments.
In a 2012 analysis of the cyber-intelligence practices of 30 organisations, including six from government and 24 from private industry, researchers from the Software Engineering Institute (SEI) at Carnegie Mellon University noted the growing importance of verifying intelligence, writing that, "... the operational tempo required for intelligence analysts to keep pace with the ever-changing cyber environment is overwhelming at best. While technology and external resources offer value, analysts also need to critically assess the information they receive."
Echoing this sentiment at the Black Hat hacker conference in 2017, Daniel Cuthbert, who has trained public sector and corporate analysts in cyber-intelligence collection for more than a decade with the UK-based hacking consultancy Sensepost, said that the greatest issue facing analysts looking at cyber threats is "establishing truth in the data".
This raises the question of best practice for cyber-threat analysis, particularly as the range of analyst tasks with a cyber component has broadened, potentially leading to less experienced individuals conducting research on these threats.
The content from this blog post is compiled from Jane's Intelligence Review. For more information or to subscribe visit Jane's Intelligence Review.
Jane's is running a cyber-security awareness training course on 9 - 10 October 2017 in London. To find out more or register visit the Jane's OSINT Training.
Jane's Editorial Staff
Posted 29 September 2017
- Global Militant Attacks Caused Fewer Fatalities in 2017
- North Korean ELWR makes progress towards operations
- 2017 Defence Year in Review: Chinese military developments and Russian geopolitical posturing
- Global defence spending to hit post-Cold War high in 2018
- Gulf defence markets: Threat assessment and spending forecast
- Fast forward: Analysing changes to the intelligence landscape in the 2020s
- Four key territorial challenges risk escalating Syrian conflict after fall of Islamic State's caliphate
- Iraq terror attacks and resultant fatalities hit lowest level since Islamic State caliphate declared in 2014