Richard O. Moore, III

Cyber Intelligence-Driven Risk


Скачать книгу

or by controlling access and release of information about their strategy or business processes. The counterintelligence activities are there, but the term or rational connection to that term has not been formally used for cyber activities. We are asking the reader to accept that the CI-DR cyber counterintelligence–type practices are occurring in organizations and to accept our usage of the term as not just a military action or function.

      For example, passive cyber counterintelligence measures are designed to conceal, deceive, and deny information to adversaries, whether internal or external. Many businesses today do this by creating shared folders or locations where access is restricted to certain individuals. These folders are created by thinking about the content, the sensitivity, or the regulatory requirements to keep them separate to a select few. However, many businesses have missed the key components of restricting that information by not implementing either concealment or deceptive tactics to protect, restrict, and identify who may be trying to access the information, thereby usually providing a false sense of protection.

      Another key concept we want the reader to understand is that a CI-DR program should not be thought of just as a product, but also as the processes which produce specific needed knowledge in order to make better business decisions. Process activities and capabilities are driven by the need to answer questions that are crucial to both the tactical and strategic interests of the organization or to meet business objectives. A CI-DR program operates in an environment characterized by uncertainty and with it risks that must be understood and reduced by the decision-makers.

      1 Cyber counterintelligence is a key objective for organizations to have and is built into the CI-DR framework.

      2 Using this book can help with building guidelines to help you create a CI-DR program tailored to your organization and help build its charter and boundaries.

      3 It is important to identify the formal boundaries for a CI-DR program due to all the interconnective functions and collection methods that a CI-DR program can touch.

      4 Organizations and individuals should consider cyber counterintelligence and cyber deception programs if they already have a mature cybersecurity strategy aligned with business objectives.

      5 Cyber counterintelligence programs can be tasked with identifying faint digital signals being used in your organization to view information that has been deemed sensitive.

      6 A CI-DR program with all of its functions and capabilities can help business leaders gain better decision-making knowledge about running a business today.

      1 1 US Government, Marine Corps Doctrinal Publication 2-Intelligence, (GAO) 1997.

      2 2 Ibid.

      3 3 US Government, Marine Corps Doctrinal Publication 2-Intelligence, (GAO) 1997.

      4 4 Marine Corps Combat Development Command, Doctrine Division, MCWP 2-14 Counterintelligence, 2 May 2016, https://www.marines.mil/Portals/59/Publications/MCWP%202-6%20W%20Erratum%20Counterintelligence.pdf

      Our knowledge of circumstances has increased, but our uncertainty, instead of having diminished, has only increased. The reason of this is that we do not gain all our experience at once, but by degrees; so our determinations continue to be assailed incessantly by fresh experience; and the mind, if we may use the expression, must always be under arms.

       – Carl von Clausewitz, Prussian general

      The CI-DR program objectives provide an organization with guidance to assist in building a formal charter for the program, which can build rational processes of how the cyber data enters the life cycle and how analysis processes transform raw data to become “knowledge” and produce appropriate reporting in business terms. There is a ton of reporting being done today around cyber but most of it is done reactively and at the tactical level, meaning no business decisions are being made, and the information being reported is only valuable for use by a chief information security officer (CISO) or chief information officer (CIO) and is only used to make technology risk decisions. While this type of information is still valuable to the technician, as a risk or business leader you can most likely only use these tactical-level metrics and reporting as a way to find key performance indicators. The data or information at this stage in the cyber intelligence life cycle is still raw and provides no indicators of risk or useful information to business leaders.

Cyber intelligence life cycle depicting the CI-DR program objectives that provide an organization with guidance to assist in building a formal charter for the program.