Cyber Intelligence Study
Created May 2019
The practice of cyber intelligence--acquiring, processing, analyzing and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making --helps organizations protect their assets, know their risks, and recognize opportunities. In 2018, the SEI conducted a cyber intelligence study on behalf of the United States Office of the Director of National Intelligence (ODNI). Our task was to understand how organizations perform the work of cyber intelligence throughout the United States.
The Need for a Shared Understanding
When it comes to cyber intelligence, a threat to one is a threat to all. Organizations often struggle alone with challenges they could work together to solve. Similarly, high-performing organizations often excel in isolation when their best practices could benefit the cyber intelligence community as a whole.
Understanding Best Practices and Common Challenges
During the 2018 study, we interviewed 32 organizations representing a variety of sectors to understand their best practices and shared challenges in cyber intelligence. We asked questions based on the five components of the SEI’s Cyber Intelligence Framework: Environmental Context, Data Gathering, Threat Analysis, Strategic Analysis, and Reporting and Feedback. We analyzed our findings from interviews with participants and grouped those findings into themes that describe what’s working well in cyber intelligence and where organizations struggle.
Organizations of any size can learn from and apply the best practices and performance improvement suggestions outlined in our report and three how-to guides for implementing cyber intelligence with artificial intelligence, the Internet of Things, and public cyber threat frameworks. Together we can achieve higher levels of performance in understanding our environment, gathering and analyzing data, and creating intelligence for decision makers.