March 20, 2019 • Zane Pokorny
The National Intelligence Strategy of the United States, most recently updated in 2019, provides a framework for intelligence operations that aims to “provide timely, insightful, objective, and relevant intelligence and support to inform national security decisions.”
In 2019, cyber threats promise to continue growing more persistent, more complex, and more threatening. As such, getting effective cyber threat intelligence to the people who need it in the government is essential for supporting this security strategy. We’ll briefly survey the relevant parts of the National Intelligence Strategy here and see how cyber threat intelligence supports its objectives.
“The strategic environment is changing rapidly, and the United States faces an increasingly
complex and uncertain world in which threats are becoming ever more diverse and
interconnected,” the report notes. “We face significant changes in the domestic and global environment; we must be ready to meet 21st century challenges and to recognize emerging threats and opportunities.”
Cyber threats make up no small part of that threat landscape, especially as they are increasingly used by nation-states as part of a broader paradigm of modern warfare. Take Russia’s meddling in the 2016 presidential election, or their cyberattacks on Ukraine’s power grid in 2015 — these attacks “are already challenging public confidence in our global institutions, governance, and norms, while imposing numerous economic costs domestically and globally,” the report says. “As the cyber capabilities of our adversaries grow, they will pose increasing threats to U.S. security, including critical infrastructure, public health and safety, economic prosperity, and stability.”
“To navigate today’s turbulent and complex strategic environment, we must do things differently.”
What does doing things differently look like in the 21st century? The report outlines a few guiding principles:
Following these principles will lead to a more “fully integrated, agile, resilient, and innovative” American intelligence community, the report notes.
These guiding principles align well with the strengths of threat intelligence — distinctive, timely, and actionable insights that come from unparalleled access to information is the name of the game for real-time, automated threat intelligence. It’s exactly the kind of information that, for example, gives an understanding of the tactics, techniques, procedures, and motivations of threat actors and helps maintain awareness and increase incident response time, even as the threat landscape grows exponentially.
The report provides its own definition of cyber threat intelligence, calling it “the collection, processing, analysis, and dissemination of information from all sources of intelligence on foreign actors’ cyber programs, intentions, capabilities, research and development, tactics, targets, operational activities and indicators, and their impact or potential effects on U.S. national security interests.” The report also explains that threat intelligence “includes information on cyber threat actor information systems, infrastructure, and data; and network characterization, or insight into the components, structures, use, and vulnerabilities of foreign cyber program information systems.”
The objective of threat intelligence from a government perspective is then to help “detect and understand cyber threats from state and non-state actors engaged in malicious cyber activity to inform and enable national security decision-making, cybersecurity, and the full range of response activities.”
But the report also comes with a reality check: “Despite growing awareness of cyber threats and improving cyber defenses, nearly all information, communication networks, and systems will be at risk for years to come,” it says. “Our adversaries are becoming more adept at using cyberspace capabilities to threaten our interests and advance their own strategic and economic objectives. Cyber threats will pose an increasing risk to public health, safety, and prosperity as information technologies are integrated into critical infrastructure, vital national networks, and consumer devices.”
The report outlines three key ways the American intelligence community must strengthen intelligence capacities and meet the new challenges of the digital age, which are listed in the left column in the table below. The right column lists how cyber threat intelligence from Recorded Future can specifically address each of those needs.
|The IC Will||Threat Intelligence Value|
|Increase our awareness and understanding of adversaries’ use of cyber operations — including leadership plans, intentions, capabilities, and operations — to inform decisions and enable action.||
|Expand tailored production and appropriate dissemination and release of actionable cyber threat intelligence to support the defense of vital information networks and critical infrastructure.||
|Expand our ability to enable diplomatic, information, military, economic, financial, intelligence, and law enforcement plans and operations to deter and counter malicious cyber actors and activities.||
For more information on how cyber threat intelligence can help the intelligence community rapidly harness enormous volumes of data, providing the potential for quality, rapid analysis and relevant insight to decision-makers globally, visit our government solutions page.