Eclipse Authors: Liz McMillan, Lacey Thoms, Jayaram Krishnaswamy, RealWire News Distribution, Lev Lesokhin

Blog Feed Post

SEI Unveils their findings in the Cyber Intelligence Tradecraft Project


seiThe Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) has recently released their summary of key findings on their Cyber Intelligence Tradecraft Project (CITP). Last year, six government agencies partnered with twenty academic and industry organizations to determine best practices in cyber intelligence tradecraft. This study has found that organizations use a range of approaches to gather this information. They have found that “pockets of excellence exist where organizations excel at cyber intelligence by effectively balancing the need to protect network perimeters with the need to look beyond them for strategic insights.”

This document is broken down into the following categories:

  • State of the Practice in Cyber Intelligence
    • Applying a strategic lens to cyber intelligence analysis
    • Information sharing isn’t bad; it’s broken
  • Environment
    • Understanding threats to the software supply chain
    • Determining where cyber intelligence belongs organizationally
  • Data Gathering
    • Data hoarding
    • Lack of standards for open source intelligence data taxes resources
  • Functional Analysis
    • Adopting a common cyber lexicon and tradecraft
    • Filtering critical cyber threats out of an abundance of data
  • Strategic Analysis
    • No industry standard for cyber intelligence education and training
    • Adapting traditional intelligence methodologies to the cyber landscape
  • Stakeholder Reporting and Feedback
    • Communicating “cyber” to leadership
    • Difficulty capturing return on investment

The document can be found on SEI’s website, and can do a great deal to inform cyber decision makers on best practices and share information. Find it here.

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley, former CTO of the Defense Intelligence Agency (DIA), is Founder and CTO of Crucial Point LLC, a technology research and advisory firm providing fact based technology reviews in support of venture capital, private equity and emerging technology firms. He has extensive industry experience in intelligence and security and was awarded an intelligence community meritorious achievement award by AFCEA in 2008, and has also been recognized as an Infoworld Top 25 CTO and as one of the most fascinating communicators in Government IT by GovFresh.