Disruptive by Design: Intelligence Fusion Inoculates Against Cyber Threats
In the cyber realm, organizations need the means to rapidly identify emerging threats, immediately respond to mitigate risk, and systematically learn from these encounters, just as the immune system responds to a virus.
In the cyber realm, organizations need the means to rapidly identify emerging threats, immediately respond to mitigate risk, and systematically learn from these encounters—just as the immune system responds to a virus.
A single tool, process or team cannot deliver true cybersecurity. Collecting, analyzing and disseminating intelligence requires a converged organization that fuses expertise across domains. As adversaries possessing sophisticated expertise and considerable resources target multiple attack vectors—cyber, electromagnetic and physical, for example—cyber leaders must develop teams and systematic processes to rapidly transform analysis into action.
Cyber leaders rely on analysts for a clear understanding of operating environments and adversary intentions. As threats appear that may adversely impact an organization’s operations, a team of analysts with diverse understanding and tools is required to assess the situation and surmise adversary intent.
Cyber intelligence fusion involves understanding a complex set of factors and analyzing ways and means an adversary might employ to gain advantage across multiple domains. For cyber leaders and their teams to be effective in defending key cyber terrain, they must understand their operating environment and an antagonist’s most dangerous and most probable intentions. For example, if a rival knows the U.S. military relies upon key cyber terrains, such as satellites or earth terminals, to ensure mission command for forcible entry operations, it could target those cyber terrains across multiple domains, cyber included.
For cyber intelligence fusion, expertise is required to understand specific adversaries and the various technologies, tactics, techniques and procedures they employ. Similarly, one must have an in-depth understanding of technologies used by U.S. forces and the infrastructure upon which these technologies rely.
The fusion of cyber intelligence is not only needed within the most elite cyber units but also in the everyday workforce that comprises most of the first line of defense. That workforce must promptly distinguish between routine attacks and more sophisticated and nefarious threats.
Connecting the dots across various intelligence fields has become increasingly complicated. Once a threat has been identified, organizations require rapid responses to mitigate risks and bolster security postures. This activity requires both a detailed understanding of technological means and methods and organizational agility to employ corresponding control measures. Beyond employing sensoring strategies, organizations also need to consider how to actively respond with deliberate risk mitigation measures based on the specifics of an adversary’s most likely intentions across domains. Often, timeliness matters most. If organizations use cyber intelligence fusion to keep defenders informed, those defenders can better prioritize and employ active defense measures.
Living organisms maintain a biological memory of their encounters with threats from disease and infection. Memory cells keep a living record of past incidents so they can respond even more quickly and effectively should the organism be exposed again. Likewise, organizations charged with employing cyber defensive measures should study this example and consider how they too can learn better lessons.
Often, the turnover of personnel degrades an organization’s readiness to respond to threats. The knowledge gained by these individuals must find a way into the collective memory of the organization through enduring analytical tools, processes or procedures. Here again, the fusion of a diverse set of understanding and analysis is needed. The departure of any one part should not impair the whole.
Defending the cyber domain is an enduring task for all organizations. Advanced persistent threats will continue to establish footholds, exfiltrate information and undermine an organization’s broader mission set through various effects across multiple domains. Organizations need active defensive measures like those found within immune systems. And, like an immune system, organizations need teams of cyber intelligence professionals capable of signaling new threats, recommending rapid mitigating actions and learning from these experiences.
Maj. Ryan Kenny, USA, created an online forum to foster discussions on emerging technologies at www.militarycommunicators.org. The views expressed here are his alone and do not represent the views and opinions of the U.S. Defense Department, U.S. Army or other organizations with which he has had an affiliation.