Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Cyber Intelligence Tradecraft Project

Cyber intelligence. A phrase often used, but interpreted in many different ways. For the past year and a half, the SEI Emerging Technology Center (SEI ETC) researched the methodologies, processes, technology, and training of organizations across government, industry, and academia to clarify what it means to perform cyber intelligence. The SEI ETC defined cyber intelligence as the acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities to offer courses of action that enhance decision making.

The contents of this page discuss the study and its results through eight analytical products that aggregate the best practices of participating organizations to address observed systemic challenges with cyber intelligence tradecraft. The analytical products include a key findings report, three implementation frameworks for threat prioritization, collection management, and workforce development, a white paper on training and education, and three reference sheets for intelligence methodologies, open sources, and tools. Through these products, any organization, regardless of size or function, can leverage the knowledge of a diverse set of best practices to achieve the study's overall finding that successful organizations perform cyber intelligence by effectively balancing the need to protect network perimeters with the need to look beyond them for strategic insights. 

Watch the CITP webinar.

The links below will take you to the different sections of this report:

Summary of Key Findings
The aggregation of research into the methodologies, technologies, processes, and training of 30 cyber intelligence programs to capture best practices and lessons learned for challenges most organizations currently face.

Implementation Framework - Collection Management
A process for organizations inundated with data to organize and manage data gathering efforts through the three core aspects of collection management: documenting requirements, gathering data, and performing analysis to satisfy the requirements.

Implementation Framework - Cyber Threat Prioritization
A holistic approach to prioritizing cyber threats by using a customized, tiered framework that focuses on the likelihood of threat actors executing an attack, the impact attack methods have on an organization, and the risk attack methods pose because of an organization's known vulnerabilities.

Implementation Framework - Workforce Development and Management
A guide to acquiring the necessary leadership, analysts, and tools for a startup, established, or advanced cyber intelligence program.

White Paper - CITP Training and Education
Insight into the core competencies and associated skills needed for cyber intelligence analysts, and how current training and education offerings align with these skills.

Reference Sheets
Infographics depicting the methodologies, open source resources, and tools successful cyber intelligence programs utilize in their day-to-day operations.