By Ryan Kamauff

The Software Engineering Institute (SEI) at Carnegie Mellon University (CMU) has recently released their summary of key findings on their Cyber Intelligence Tradecraft Project (CITP). Last year, six government agencies partnered with twenty academic and industry organizations to determine best practices in cyber intelligence tradecraft. This study has found that organizations use a range of approaches to gather this information. They have found that “pockets of excellence exist where organizations excel at cyber intelligence by effectively balancing the need to protect network perimeters with the need to look beyond them for strategic insights.”

This document is broken down into the following categories:

• State of the Practice in Cyber Intelligence
  • Applying a strategic lens to cyber intelligence analysis
  • Information sharing isn’t bad; it’s broken
• Environment
  • Understanding threats to the software supply chain
  • Determining where cyber intelligence belongs organizationally
• Data Gathering
  • Data hoarding
  • Lack of standards for open source intelligence data taxes resources
• Functional Analysis
  • Adopting a common cyber lexicon and tradecraft
  • Filtering critical cyber threats out of an abundance of data
• Strategic Analysis
  • No industry standard for cyber intelligence education and training
  • Adapting traditional intelligence methodologies to the cyber landscape
• Stakeholder Reporting and Feedback
  • Communicating “cyber” to leadership
  • Difficulty capturing return on investment

The document can be found on SEI’s website, and can do a great deal to inform cyber decision makers on best practices and share information. Find it here.