Beyond technical data - a more comprehensive situational awareness fed by available intelligence information

Information on cyber incidents and threats are currently collected and processed with a strong technical focus. Threat and vulnerability information alone are not a solid base for effective, affordable or actionable security advice for decision makers. They need more than a small technical cut of a bigger situational picture to combat and not only to mitigate the cyber threat. We first give a short overview over the related work that can be found in the literature. We found that the approaches mostly analysed “what” has been done, instead of looking more generically beyond the technical aspects for the tactics, techniques and procedures to identify the “how” it was done, by whom and why. We examine then, what information categories and data already exist to answer the question for an adversary's capabilities and objectives. As traditional intelligence tries to serve a better understanding of adversaries' capabilities, actions, and intent, the same is feasible in the cyber space with cyber intelligence. Thus, we identify information sources in the military and civil environment, before we propose to link that traditional information with the technical data for a better situational picture. We give examples of information that can be collected from traditional intelligence for correlation with technical data. Thus, the same intelligence operational picture for the cyber sphere could be developed like the one that is traditionally fed from conventional intelligence disciplines. Finally we propose a way of including intelligence processing in cyber analysis. We finally outline requirements that are key for a successful exchange of information and intelligence between military/civil information providers.

[1]  Pablo O. Arambel,et al.  Generation of a fundamental data set for hard/soft information fusion , 2008, 2008 11th International Conference on Information Fusion.

[2]  John T. Michalski,et al.  Cyber Threat Metrics , 2012 .

[3]  Joon S. Park,et al.  Towards trusted intelligence information sharing , 2009, CSI-KDD '09.

[4]  Sanjay Goel Cyberwarfare: connecting the dots in cyber intelligence , 2011, CACM.

[5]  Kouichi Sakurai,et al.  Combating cyber terrorism: countering cyber terrorist advantages of surprise and anonymity , 2003, 17th International Conference on Advanced Information Networking and Applications, 2003. AINA 2003..

[6]  Gaétan Thibault,et al.  Intelligence collation in asymmetric conflict: A canadian armed forces perspective , 2007, 2007 10th International Conference on Information Fusion.

[7]  Eric Rosenbach,et al.  Confrontation or Collaboration? Congress and the Intelligence Community. Background Memos on the Intelligence Community Report , 2009 .

[8]  Gerd Schneider,et al.  ISR analytics: Architectural and methodic concepts , 2012, 2012 Workshop on Sensor Data Fusion: Trends, Solutions, Applications (SDF).

[9]  Michael J. Lanham Cyber Defense Planning: Operating on Unconventional Terrain , 2012 .

[10]  Sushil Jajodia,et al.  Cyber Situational Awareness - Issues and Research , 2009, Cyber Situational Awareness.

[11]  Christoph Meinel,et al.  Remodeling Vulnerability Information , 2009, Inscrypt.

[12]  W. Koch,et al.  The JDL model of data fusion applied to cyber-defence — A review paper , 2012, 2012 Workshop on Sensor Data Fusion: Trends, Solutions, Applications (SDF).

[13]  Eric Michael Hutchins,et al.  Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains , 2010 .

[14]  A. Koltuksuz,et al.  Intelligence Analysis Modeling , 2006, 2006 International Conference on Hybrid Information Technology.

[15]  Marcos Osorno,et al.  Coordinated Cybersecurity Incident Handling: Roles, Processes, and Coordination Networks for Crosscutting Incidents , 2011 .