What is Cyber Intelligence and how is it used?

What is Cyber-intelligence and what is it used for?

This is a question that is usually asked by security, cyber-security and intelligence professionals. Cyber-intelligence is a hybrid concept between these three worlds and professional fields, and therefore it is an opportunity and a necessity to know what it is and what it is for.

In the current context of advanced cyberthreats employed by criminal groups, terrorists and hacktivists, whether politically or economically motivated, businesses and institutions need to have professionals with training and skills in cyberintelligence to strengthen their cybersecurity strategy.

This is why we explain in this article:

How does cyber-intelligence arise?
What is it and what is it for?
Why do businesses and public institutions need cyber-intelligence?

How does Cyber-intelligence arise?

In recent years, the Internet and ICT (Information and Communication Technologies) have become part of our daily activities, integrating in such a way that they facilitate the day-to-day running of practically any type of task. Moreover, they contribute in a decisive way to the current development of our society.

Digital technology and various forms of communication are becoming increasingly important for individuals and most sectors, both public and private. The generalisation of the use of ICTs by society implies the emergence of new challenges and uncertainties for security in the international arena.

With the development of new technologies, there has also been a parallel development of criminal activity, causing traditional forms of crime to be overtaken by cybercrime as the new typical crime. Organized crime, like any other business, seeks profit and, to that end, seeks the opportunities offered by the growing and massive digitalization of our lives.

Among these challenges and threats are the so-called cyberthreats. The cyberthreats have taken on such specific weight and importance that they have generated the need to create new security strategies to establish the new priorities that we will have to face in cyberspace and thus define the cybersecurity strategies. It is no longer a necessity of the future, it is an obligation of the present.

Such cybersecurity strategies reinforce the importance of cyberspace as a scenario for dealing with new challenges and threats. The increased use of and dependence on new technologies by states generates greater vulnerabilities and weaknesses, which will be exploited both by organized crime and terrorist groups, as well as by other foreign powers through hybrid warfare.

Cyberspace is considered as a new strategic dimension, a fifth domain, formed by ICTs, networks and information systems, as well as the infrastructures that support telecommunications, causing that borders no longer exist, promoting a great globalization, with its challenges and opportunities, both for national and international institutions, as well as for individuals and multinationals. Hence the existence and importance of National Cybersecurity Strategies.

In this new context, the emergence of a new dimension that facilitates social interactions, both for individuals, companies and organizations, presents new challenges and dangers. Therefore, they must be analyzed from a different perspective, from cybersecurity, or what is the same, security in cyberspace.

This is where the concept of cyber-intelligence comes in, which, supported by cybersecurity and intelligence, helps to manage and understand these risks and threats, and once they are known, to articulate a series of strategies that enable detection, prevention, defence, analysis and research.

What is Cyber-intelligence?

That said, what is cyber-intelligence? We are used to receiving information about the risks that we are exposed to in cyberspace and the relevance that cyber security is taking in our lives, as well as multiple news about cyber criminals (hacking, information leaks, identity theft and other attacks), but we do not usually talk about cyber intelligence.

The Center for Emerging Technologies at Carnegie Mellon University defines cyber-intelligence as

"The acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities that support decision making."

This definition, applied to the cyberworld, unlike traditional intelligence, implies that Analysts must have a minimum technical knowledge to understand the structure and modus operandi of the cyberactors that will be found in cyberspace. In addition to mastering the procedures implicit in traditional intelligence analysis, both operational, tactical and strategic.

We must understand cyber-intelligence as intelligence applied to computing or cyberspace. It is important to remember that intelligence is the basis of cyber-intelligence, so to get into it we must first know properly what intelligence is and what its practical application is at the professional level, so that we can apply it effectively at the cyber level.

Unlike the traditional model, in the cyber model the interrelations between the different phases of the Intelligence Cycle are constant and sometimes without an established order, in order to respond to the needs of each moment.

Why do businesses and public institutions need cyber-intelligence?

We can see how there is a great typology of approaches to address cyber-intelligence, either from the field of business organizations as well as government, since there is no standard to homogenize the methodology of information collection, data or software to be used.

Currently, organizations seek with cyberintelligence to achieve a balance between protecting the perimeter of their networks and the need to advance in the search for strategic knowledge, causing a division of cyberintelligence analysis in two complementary phases. These phases will use different procedures and methodologies:

1. Technical analysis

By technical analysis, we mean analysis conducted by analysts to gather the necessary data, both from the physical system and from the working environment, to obtain an improvement in cybersecurity, or as a response to a security incident or attack, gathering data or indications that will help us to respond and understand "what has happened" and "how and when" it has occurred. Knowing how to choose and analyse the sources of information is essential to make the results as reliable as possible.

2. Strategic analysis

It is in this phase that analysts must seek answers to "who is responsible" for the attack or incident, and "why" it has occurred, using the data obtained in the previous subphase, providing a context and strategic focus for those responsible to support their decisions.

Silvia Mazzetta

Web Developer, Blogger, Creative Thinker, Social media enthusiast, Italian expat in Spain, mom of little 9 years old geek, founder of  @manoweb. A strong conceptual and creative thinker who has a keen interest in all things relate to the Internet. A technically savvy web developer, who has multiple  years of website design expertise behind her.  She turns conceptual ideas into highly creative visual digital products.