The elusive field of cyber intelligence: notes from the educational front

Stephen McCombie; James D. Ramsay; Allon J. Uhlmann

The elusive field of cyber intelligence: notes from the educational front

Stephen McCombie, James D. Ramsay, Allon J. Uhlmann

Department of Security Studies and Criminology

Research output: Contribution to journal › Article › peer-review

Abstract

While the significance of the cyber domain is clear in intelligence both as an offensive tool and as a vulnerability to be managed, there remains a significant gap between the work of Cybersecurity professionals and Intelligence professionals. Cybersecurity has traditionally focused on operational, technical and defensive measures and used intelligence reactively to better understand the context of a specific effect. By contrast intelligence models tend to be forward leaning, actionable, and focus on an adversary rather than the specific effects an adversary uses at a given time eg (Clark, 2016). Today, Cybersecurity is a dynamic field that includes incident response, policy compliance and risk management - and is still developing its conceptual framework and methodological basis, while intelligence is a far more mature and developed discipline that is struggling to adapt to the risks and opportunities of cyber technology, such as the extremely fast pace of cyber-attacks and the increased complexities of attribution. The US intelligence failure in predicting or effectively responding to the Russian cyber interference in 2016 Presidential elections is an example of this challenge. Better integration of cyber security and intelligence capabilities is critical and inevitable, yet not easily achieved. Integration must proceed at various levels, from the organisational to cultural, conceptual and methodological. Here we focus on the last three. After describing the problematics of integration at state level, we outline the framework for the education of both cyber security and intelligence professionals, and suggest how cultural impediments to integration can be overcome, and how the methodologies and conceptual structures might be integrated and extended. The paper aims to be a roadmap not just for organisations involved in intelligence, but all types of entities which need to deal with the opportunities as well as challenges posed by offensive cyber technology/methods.

Original language	English
Pages (from-to)	22-42
Number of pages	21
Journal	Journal of the Australian Institute of Professional Intelligence Officers
Volume	27
Issue number	2
Publication status	Published - 2019

Cite this

@article{a5f13fe26e3d41e79698ec4ca0128e84,

title = "The elusive field of cyber intelligence: notes from the educational front",

abstract = "While the significance of the cyber domain is clear in intelligence both as an offensive tool and as a vulnerability to be managed, there remains a significant gap between the work of Cybersecurity professionals and Intelligence professionals. Cybersecurity has traditionally focused on operational, technical and defensive measures and used intelligence reactively to better understand the context of a specific effect. By contrast intelligence models tend to be forward leaning, actionable, and focus on an adversary rather than the specific effects an adversary uses at a given time eg (Clark, 2016). Today, Cybersecurity is a dynamic field that includes incident response, policy compliance and risk management - and is still developing its conceptual framework and methodological basis, while intelligence is a far more mature and developed discipline that is struggling to adapt to the risks and opportunities of cyber technology, such as the extremely fast pace of cyber-attacks and the increased complexities of attribution. The US intelligence failure in predicting or effectively responding to the Russian cyber interference in 2016 Presidential elections is an example of this challenge. Better integration of cyber security and intelligence capabilities is critical and inevitable, yet not easily achieved. Integration must proceed at various levels, from the organisational to cultural, conceptual and methodological. Here we focus on the last three. After describing the problematics of integration at state level, we outline the framework for the education of both cyber security and intelligence professionals, and suggest how cultural impediments to integration can be overcome, and how the methodologies and conceptual structures might be integrated and extended. The paper aims to be a roadmap not just for organisations involved in intelligence, but all types of entities which need to deal with the opportunities as well as challenges posed by offensive cyber technology/methods.",

author = "Stephen McCombie and Ramsay, {James D.} and Uhlmann, {Allon J.}",

year = "2019",

language = "English",

volume = "27",

pages = "22--42",

journal = "Journal of the Australian Institute of Professional Intelligence Officers",

issn = "1039-1525",

publisher = "Australian Institute of Professional Intelligence Officers",

number = "2",

}

TY - JOUR

T1 - The elusive field of cyber intelligence

T2 - notes from the educational front

AU - McCombie, Stephen

AU - Ramsay, James D.

AU - Uhlmann, Allon J.

PY - 2019

Y1 - 2019

N2 - While the significance of the cyber domain is clear in intelligence both as an offensive tool and as a vulnerability to be managed, there remains a significant gap between the work of Cybersecurity professionals and Intelligence professionals. Cybersecurity has traditionally focused on operational, technical and defensive measures and used intelligence reactively to better understand the context of a specific effect. By contrast intelligence models tend to be forward leaning, actionable, and focus on an adversary rather than the specific effects an adversary uses at a given time eg (Clark, 2016). Today, Cybersecurity is a dynamic field that includes incident response, policy compliance and risk management - and is still developing its conceptual framework and methodological basis, while intelligence is a far more mature and developed discipline that is struggling to adapt to the risks and opportunities of cyber technology, such as the extremely fast pace of cyber-attacks and the increased complexities of attribution. The US intelligence failure in predicting or effectively responding to the Russian cyber interference in 2016 Presidential elections is an example of this challenge. Better integration of cyber security and intelligence capabilities is critical and inevitable, yet not easily achieved. Integration must proceed at various levels, from the organisational to cultural, conceptual and methodological. Here we focus on the last three. After describing the problematics of integration at state level, we outline the framework for the education of both cyber security and intelligence professionals, and suggest how cultural impediments to integration can be overcome, and how the methodologies and conceptual structures might be integrated and extended. The paper aims to be a roadmap not just for organisations involved in intelligence, but all types of entities which need to deal with the opportunities as well as challenges posed by offensive cyber technology/methods.

AB - While the significance of the cyber domain is clear in intelligence both as an offensive tool and as a vulnerability to be managed, there remains a significant gap between the work of Cybersecurity professionals and Intelligence professionals. Cybersecurity has traditionally focused on operational, technical and defensive measures and used intelligence reactively to better understand the context of a specific effect. By contrast intelligence models tend to be forward leaning, actionable, and focus on an adversary rather than the specific effects an adversary uses at a given time eg (Clark, 2016). Today, Cybersecurity is a dynamic field that includes incident response, policy compliance and risk management - and is still developing its conceptual framework and methodological basis, while intelligence is a far more mature and developed discipline that is struggling to adapt to the risks and opportunities of cyber technology, such as the extremely fast pace of cyber-attacks and the increased complexities of attribution. The US intelligence failure in predicting or effectively responding to the Russian cyber interference in 2016 Presidential elections is an example of this challenge. Better integration of cyber security and intelligence capabilities is critical and inevitable, yet not easily achieved. Integration must proceed at various levels, from the organisational to cultural, conceptual and methodological. Here we focus on the last three. After describing the problematics of integration at state level, we outline the framework for the education of both cyber security and intelligence professionals, and suggest how cultural impediments to integration can be overcome, and how the methodologies and conceptual structures might be integrated and extended. The paper aims to be a roadmap not just for organisations involved in intelligence, but all types of entities which need to deal with the opportunities as well as challenges posed by offensive cyber technology/methods.

M3 - Article

VL - 27

SP - 22

EP - 42

JO - Journal of the Australian Institute of Professional Intelligence Officers

JF - Journal of the Australian Institute of Professional Intelligence Officers

SN - 1039-1525

IS - 2

ER -

The elusive field of cyber intelligence: notes from the educational front

Abstract

Fingerprint

Cite this