Mastering Communication in Cyber Intelligence Activities: A Concise User Guide>
Security Affairs – Pierluigi Paganini
The discrepancy between intelligence communication and use of the communicated intelligence is a long-standing problem. This is even more true for cyber intelligence. Some definitions could help out to frame the theme. To communicate means to share information with others by speaking, writing or using other signals. Cyber intelligence is a subset of intelligence. Intelligence, in our domain, refers to âinformation that has been collected, integrated, evaluated, analyzed, and interpretedâ. Such information ought to be shared. And used. Both these steps involve a sound process of communication. The current cyber threat landscape is characterized by a growing range of threats with an increasing level of sophistication: The threat scenario shows a high degree of interconnection, that keeps on enlarging the attack surface. Due to the instantaneous and asymmetric nature of threats, it is essential to share real-time information about them (and about the related threat actors), in order to prevent cyber-attacks and to mitigate the risk of exposure. The ultimate goal of the process is building a model for each threat, by profiling threat actors and developing effective countermeasures to improve the overall resilience of infrastructures. The global growth of the Internet and cyberspace have amplified the need for intelligence operators to go public and to communicate both internally and externally. Intelligence communication is also extremely important to set the strategic direction to be followed in technical, tactical and operational cyber intelligence activities. Position papers and documents ought to serve this purpose. Finally, it is crucial to strengthen and to develop an information network for the exchange of cyber intelligence information, through direct relationships with relevant institutional and private counterparts. A study on Cooperative Models for Information Sharing and Analysis Centers (ISACs), published by the ENISA in 2017, proposes specific patterns for information sharing and good practices about physical and cyber threats, including mitigation. The report categorized the most common approaches in three different models: The country focused, the sector specific and the international structures.  âPSYOPâ and âINFOPâ are certainly well-known practices. New tools and techniques are daily used by individuals and threat actors to spread disinformation. Terms like trolls, fake news, narrative, deep fakes and echo-chambers are becoming more and more popular, even if the rationale behind these actions has been standing for millennia. The most relevant â and partly new â element is that the communicative component becomes intrinsically connected to intelligence activities. It is no longer just an ancillary tool. As to communication intelligence itself, controlled and voluntary data leaks are powerful weapons for the intelligence agencies The Original Paper containing the reference is available here: https://securityaffairs.co/Downloads/Paganini_Giannetto_Cyber%20Intelligence.pdf
Link: https://securityaffairs.co/wordpress/101760/intelligence/communication-cyber-intelligence-activities.html