RSA Conference Europe 2012 – How to Build a Cyber Intelligence Capability

Stewart Bertram – Cyber Intelligence Team Manager, VeriSign

Talk will cover;

The socio-technical approach to cyber intelligence team design / capability.

The growth of the influence of the intelligence team within the wider business context

Legal and reporting points

So just what is a Socio-technical system?

“an approach to complex organizational work design that recognizes the interaction between people, information and  technology in workplaces”

So how should the new hypothetical cyber intelligence team be made up?

The talk proposes a combination of

–          Computer Science folk

–          Former military / intelligence

–          Social science background / experience

While computer science people are the obvious choice that no one would argue with, what do the other two facets bring?

Military intelligence – Computer insurgency experience, Battle for hearts and minds, human terrain analysis, experience helps them to better know what to look for ..

Social science – An understanding of social interactions and ‘networks’ – how groups of people interact and work together.  This is useful for both understanding the behaviour of your adversary groups, and also understanding how to get buy in from your organisation.

Your team should work to best leverage technology to do the heavy lifting and initial filtering so that they can look at detailed aggregated / fused information.  This allows them to use their skills and experience to make the best decisions and risk assessments.  If your team is spending their time looking at the base information, they will only be able to view a tiny amount of the data and thus you will frequently be surprised.

So, why are we even discussing a cyber-intelligence capability in the first place?  Is Cyber threat posing a greater risk than 10 years ago?

Yes.  Driven by the contextual change to the importance of cyber space to Western Society – we are hugely reliant on IT and the Web for almost all aspects of our lives now and this is only increasing.

Cyber intelligence teams used to exist on the primary of the business or as a sub set of the IT security team.  Increasingly they are, or should be core to the business and driving change across departments including, IT, IT security, HR, Finance etc.

For further reading, the paper #intelligence by Sir David Omand et al is strongly recommended.

We need to ensure a balance is struck between online security and privacy.  Consider also where social media intelligence (SOCMINT) fits into your model;

“SOCMINT is not yet capable of making a decisive contribution to public security and safety.”

“SOCMINT does not fit easily into the existing systems we have developed to ensure intelligence collected can be confidently acted on.”

Consider also Open Source evaluation.

As with any intelligence, you need to consider the quality of the intelligence and the quality of the source.

If you are going to perform any of this directed or semi directed monitoring of social media you need to understand the legal issues surrounding it, and have a legal framework in place within your organisation.

As a closing comment the talk stated;

“If today is the information age then tomorrow will be the intelligence age”

Overall this talk was a little light and glossed over quite a bit, but then it was a huge topic to cover in 50 minutes, and I realised the speaker wrapped up within 30 minutes..  This would definitely have benefited from taking the full allotted time.  However there were several good points raised and definitely things to think about – how would this fit into your organisation?

K

Advertisements

Author: Kevin Fielder

Innovative and dynamic security professional, with a passion for driving change by successfully engaging with all levels of the business. I am a determined individual with proven ability to provide security insights to the business, in their language. These insights have gained board buy in for delivering security strategy aligned to key business goals. This is achieved by understanding the need to drive change through people, process and technology, rather than focusing exclusively on any one area. I take pride in being a highly articulate, motivational and persuasive team-builder. I have a strategic outlook with the ability to engage with and communicate innovative and effective security solutions to all levels of management. Along with a proven ability to translate security into business language and articulate the business benefits I am also passionate about leading security innovations and making security a key part of the business proposition to its customers. Security should be made a key differentiator to drive sales and customer retention, not just a cost centre! Outside of work I am a proud husband and father to an awesome family, and a passionate CrossFit coach and athlete.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s